Deploying ForgeOps to Minikube on Colima on an M1 Mac
OVERVIEW
Pre-Requisites
Mac Chip: M1/M2 (Referencing M1 Mac in this doc as not tested on M2 Mac)
Min MacOS: 13.3.1 Ventura
Docker client: brew install docker
Minikube: brew install minikube
Python 3: brew install python
Kubernetes client(kubectl): brew install kubectl
Kubernetes context switcher(kubectx): brew install kubectx
Kustomize: brew install kustomize
Background
Due to Docker Desktop licensing restrictions, users looking for alternative software for deploying a ForgeOps deployment locally and building docker containers. One of the current limitations is that new M1 Macs include an ARM processor instead of the x86 processor. This means that by default the M1 Mac is only fully compatible with ARM based container images. Unfortunately not all ForgeRock product container images have been configured to be built and promoted as a multi-platform image although this change is in progress.
Emulators
M1 Macs provide 2 different emulators that allow x86 images to run on an M1 mac. Qemu which the majority of container management solutions support but is very slow which doesn’t support effective local development of a ForgeOps deployment. The M1 mac also comes with Rosetta Stone 2 translator that is much faster than Qemu but until recently only comes supported by Docker Desktop.
Colima
Enter Colima. Colima translates as Containers on Lima. Lima means Linux Virtual Machine and is also used by Rancher Desktop and Podman Desktop.
Lima: GitHub - lima-vm/lima: Linux virtual machines
Colima: GitHub - abiosoft/colima: Container runtimes on macOS (and Linux) with minimal setup
Colima uses Qemu by default to handle x86 emulation until recently where they now offer support for Rosetta Stone 2 but only since MacOS 13.3.1 Ventura.
Other Colima features:
- Defaults to docker runtime although can use containerd.
- Can create multiple VMs for different architectures. Easy to switch between them.
Minikube
Minikube: Welcome! | minikube
Currently Minikube is the best option for running a ForgeOps deployment. There are other local Kubernetes implementations other than Minikube but Minikube appears to be the only application that provides a csi driver as a simple addon. Alternative applications require installing csi drivers as separate solutions which over complicate setup. This dependency in ForgeOps is enforced by the deployment of the DS Operator. This dependency will become optional in the future which will open up possibilities of using other Kubernetes implementations.
STEPS
Install Colima
brew install colima
Create Colima ARM machine with Rosetta Stone 2 support
- Running Minikube for ForgeOps deployments
- Building ARM images
colima start --cpu 4 --memory 10 --runtime docker -p aarch --vm-type vz --vz-rosetta
Create Colima x86 machine with Rosetta Stone 2 support
- Building x86 images
colima start --cpu 1 --memory 2 --runtime docker -p amd64 --arch x86_64 --vm-type vz --vz-rosetta
View contexts
docker context ls
Switch contexts
docker context use colima-aarch
Deploy minikube with docker driver
/path/to/forgeops/cluster/minikube/cdk-minikube start --driver=docker
Create namespace in Minikube
kubectl create ns cdk
kubens cdk
/path/to/forgeops/bin/forgeops install -f cdk.example.com -n cdk
Add fqdn to host file
sudo vim /etc/hosts
Add line: 127.0.0.1 cdk.example.com
Create Minikube tunnel to expose ingress through “127.0.0.1”
minikube tunnel
Access ForgeRock platform
Type https://cdk.example.com/platform in browser
CLEAN UP STEPS
Use docker context ls to check colima profile names.
minikube delete
colima stop -p aarch
colima stop -p amd64