am Image
The am Docker image contains the AM
configuration.
Customization Overview
-
Customize AM’s configuration data by using the console and the REST APIs.
-
Capture changes to the AM configuration by exporting them from the AM service running on Kubernetes to the staging area.
-
Save the modified AM configuration to a configuration profile in your
forgeopsrepository clone. -
Build an updated
amDocker image that contains your customizations. -
Redeploy AM.
-
Verify that changes you’ve made to the AM configuration are in the new Docker image.
Detailed Steps
Perform the following steps iteratively when developing a custom
am Docker image:
-
If this is your first time building a custom Docker image, verify that you performed these setup activities, which are required for developers:
-
Verify that:
-
The CDK is deployed.
-
The namespace in which the CDK is deployed is set in your Kubernetes context.
-
-
Perform version control activities on your
forgeopsrepository clone:-
Run the git status command.
-
Review the state of the config directory.
-
(Optional) Run the git commit command to commit changes to files that have been modified.
-
-
Modify the AM configuration using the AM console or the REST APIs.
For information about how to access the AM console or REST APIs, see AM Services.
See About Property Value Substitution for important information about configuring values that vary at run-time, such as passwords and host names.
-
Export the changes you made to the AM configuration in the running ForgeRock Identity Platform to the staging area:
$ cd /path/to/forgeops/bin $ ./config.sh export --component am AM configuration files have been exported to docker/7.0/am/config. Reading existing configuration from files in /am-config/config/services… Modifying configuration based on rules in [/rules/placeholders.groovy]… reading configuration from file-based config files SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". SLF4J: Defaulting to no-operation (NOP) logger implementation SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. Writing configuration to new location at /am-config/config/services… Upgrade Completed, modified configuration saved to /am-config/config/services
The config.sh export --component am command copies AM static configuration from the running CDK instance to the staging area.
-
Review the differences between the files you exported to the staging area and files that you previously saved to your configuration profile.
Use the config.sh diff command to review the changes. For example:
$ ./config.sh diff --component am --profile my-profile Only in docker/7.0/am/config/services: global diff -u --recursive -x '.' -x Dockerfile -x '.sh' config/7.0/my-profile/am/config/services/realm/root/configurationversionservice/1.0/globalconfig/default.json docker/7.0/am/config/services/realm/root/configurationversionservice/1.0/globalconfig/default.json --- config/7.0/my-profile/am/config/services/realm/root/configurationversionservice/1.0/globalconfig/default.json 2022-01-06 11:35:23.000000000 -0800 + docker/7.0/am/config/services/realm/root/configurationversionservice/1.0/globalconfig/default.json 2022-01-06 11:38:05.000000000 -0800 @@ -23,6 +23,6 @@ }, "_id" : "default", "configurationVersion" : "3.0.0.1", - "configurationCommit" : "1c17cc27b8237484b5c7b49ccabfd712da0c0f3e" + "configurationCommit" : "4e72fe392c000b0a15027eb41267d01bfd2d2220" } } . . . -
Save the AM configuration to your configuration profile:
$ ./config.sh save --component am --profile my-profile Saving AM configuration.
The config.sh save --component am command copies AM static configuration from the staging area to your configuration profile.
-
Perform version control activities on your
forgeopsrepository clone:-
Run the git status command.
-
Review the state of the config directory.
-
(Optional) Run the git commit command to commit changes to files that have been modified.
-
-
Build a new
amimage that includes your changes to AM static configuration:$ ./cdk build am Generating tags… - am → am:584ce9b20 Checking cache… - am: Not found. Building Starting build… Found [minikube] context, using local docker daemon. Building [am]… Sending build context to Docker daemon 463.9kB Step 1/14 : FROM us-docker.pkg.dev/forgeops-public/images/am:7.1.4 7.1.4: Pulling from us-docker.pkg.dev/forgeops-public/images/am 345e3491a907: Pulling fs layer . . . Step 14/14 : WORKDIR /home/forgerock --→ Running in c0d17bb09b92 --→ e44e3b0256cb Successfully built e44e3b0256cb Successfully tagged am:584ce9b20 . . . Updated the image_defaulter with your new image for am: "am:e44e3b0256cbe477b158adc3fa188f9c5ef5f117bd4cf844580421c848bad61a"
The cdk build command calls Skaffold to build a new
amDocker image, and to push the image to your Docker registry[1]. It also updates the image defaulter file so that the next time you install AM, the cdk install command gets AM static configuration from your new custom Docker image.
-
Redeploy AM:
-
Remove AM from your CDK installation:
$ ./cdk delete am Uninstalling component(s): ['am'] OK to delete these components? [Y/N] Y service "am" deleted deployment.apps "am" deleted
-
Redeploy AM:
$ ./cdk install am Checking secret-agent operator and related CRDs: secret-agent CRD found in cluster. Checking ds-operator and related CRDs: ds-operator CRD found in cluster. Installing component(s): ['am'] service/am created deployment.apps/am created Enjoy your deployment!
-
Run the kubectl get pods command to monitor the status of the AM pod. Wait until the pod is ready before proceeding to the next step.
-
-
To validate that AM has the expected configuration:
-
Describe the AM pod. Locate the tag of the Docker image that Kubernetes loaded, and verify that it’s your new custom Docker image’s tag.
-
Start the AM console and verify that your configuration changes are present.
-