ForgeOps

Deploy using Helm on Minikube

  1. Verify that you have set up your environment and created a Kubernetes cluster as documented in the setup section.

  2. Ensure that the image.repository and image.tag settings for all the platform components are correct in your /path/to/forgeops/charts/identity-platform/values.yaml file. For example:

    1. The following lines pertain to the AM image:

      …​
      149 am:
      150   enabled: true
      151   replicaCount: 1
      152
      153   image:
      154     repository: us-docker.pkg.dev/forgeops-public/images/am
      155     tag: "7.5.0"
      156     pullPolicy: IfNotPresent
      157     imagePullSecrets: []
      158
      …​
    2. The following lines pertain to the IDM image:

      …​
      319 idm:
      320   enabled: true
      321   replicaCount: 1
      322
      323   image:
      324     repository: us-docker.pkg.dev/forgeops-public/images/idm
      325     tag: "7.5.0"
      326     pullPolicy: IfNotPresent
      327     imagePullSecrets: []
      …​
  3. Set up your Kubernetes context:

    1. Create a Kubernetes namespace in the cluster for the Ping Identity Platform pods:

      $ kubectl create namespace my-namespace
    2. Set the active namespace in your Kubernetes context to the Kubernetes namespace you just created:

      $ kubens my-namespace
  4. Run the install-prereqs command:

    $ cd /path/to/forgeops/charts/scripts
    $ ./install-prereqs
  5. Run the helm-upgrade command:

    $ cd ../identity-platform
    $ helm upgrade --install identity-platform \
     oci://us-docker.pkg.dev/forgeops-public/charts/identity-platform \
     --version 7.5 --namespace my-namespace \
     --set 'ds_idrepo.volumeClaimSpec.storageClassName=standard' \
     --set 'ds_cts.volumeClaimSpec.storageClassName=standard' \
     --set 'platform.ingress.hosts={forgeops.example.com}'

    The preceding command creates a single-instance ForgeOps deployment. Only single-instance deployments are supported on Minikube.

    For more information about single-instance deployments, refer to Cluster and deployment sizes.

    ForgeRock only offers ForgeRock software or services to legal entities that have entered into a binding license agreement with ForgeRock. When you install ForgeRock’s Docker images, you agree either that: 1) you are an authorized user of a ForgeRock customer that has entered into a license agreement with ForgeRock governing your use of the ForgeRock software; or 2) your use of the ForgeRock software is subject to the ForgeRock Subscription License Agreement.

  6. Check the status of the pods in the namespace in which you deployed the platform until all the pods are ready:

    1. Run the kubectl get pods command.

    2. Review the output. Deployment is complete when:

      • All entries in the STATUS column indicate Running or Completed.

      • The READY column indicates all running containers are available. The entry in the READY column represents [total number of containers/number of available containers].

    3. If necessary, continue to query your deployment’s status until all the pods are ready.

  7. Perform this step only if you are running Minikube on an ARM-based macOS system[1] :

    In a separate terminal tab or window, run the minikube tunnel command, and enter your system’s superuser password when prompted:

    $ minikube tunnel
    ✅  Tunnel successfully started
    
    📌  NOTE: Please do not close this terminal as this process must stay alive for the tunnel to be accessible …​
    
    ❗  The service/ingress forgerock requires privileged ports to be exposed: [80 443]
    🔑  sudo permission will be asked for it.
    ❗  The service/ingress ig requires privileged ports to be exposed: [80 443]
    🏃  Starting tunnel for service forgerock.
    🔑  sudo permission will be asked for it.
    🏃  Starting tunnel for service ig.
    Password:

    The tunnel creates networking that lets you access the Minikube cluster’s ingress on the localhost IP address (127.0.0.1). Leave the tab or window that started the tunnel open for as long as you run the ForgeOps deployment.

    Refer to this post for an explanation about why a Minikube tunnel is required to access ingress resources when running Minikube on an ARM-based macOS system.

  8. (Optional) Install a TLS certificate instead of using the default self-signed certificate in your ForgeOps deployment. Refer to TLS certificate for details.

Next step


1. For example, systems based on M1 or M2 chipsets.
Copyright © 2010-2024 ForgeRock, all rights reserved.