CDM Deployment

Now that you’ve set up your deployment environment following the instructions in the Environment Setup section for your cloud platform, you’re ready to deploy the CDM.

To deploy the CDM in your Kubernetes cluster using artifacts from the forgeops repository:

  1. Initialize the staging area for configuration profiles with the canonical CDK configuration profile [1] for the ForgeRock Identity Platform:

    $ cd /path/to/forgeops/bin
    $ ./config.sh init --profile cdk --version 7.0

    The config.sh init command copies the canonical CDK configuration profile from the master directory for configuration profiles to the staging area:

    The staging area is initialized from the canonical ${cdk.abbr} profile.

    For more information about the management of ForgeRock Identity Platform configuration profiles in the forgeops repository, see Configuration Profiles.

  2. Configure secrets for the ForgeRock Identity Platform:

    1. Make sure that context is set to the prod namespace:

      $ kubens prod
    2. Deploy the secrets:

      $ cd /path/to/forgeops/kustomize/base/secrets
      $ kubectl apply --filename secret_agent_config.yaml
    3. Verify that all the ForgeRock Identity Platform secrets have been created:

      $ kubectl get sac
      NAME            STATUS      NUMSECRETS   NUMK8SSECRETS
      forgerock-sac   Completed   14           14

      When the forgerock-sac entry reaches Completed status, all the secrets have been created.

  3. Change to the /path/to/forgeops directory and execute the skaffold run command. For example:

    $ cd /path/to/forgeops
    $ skaffold run --profile small
  4. Check the status of the pods in the prod namespace until all the pods are ready:

    1. Run the kubectl get pods command:

      $ kubectl get pods
      NAME                           READY   STATUS      RESTARTS   AGE
      admin-ui-69bc8b89bb-dtmj8      1/1     Running     0          3m30s
      am-cfc95954d-wqz6d             1/1     Running     0          3m29s
      amster-j87dl                   0/1     Completed   0          3m27s
      ds-cts-0                       1/1     Running     0          3m28s
      ds-cts-1                       1/1     Running     0          2m55s
      ds-cts-2                       1/1     Running     0          2m21s
      ds-idrepo-0                    1/1     Running     0          3m28s
      ds-idrepo-1                    1/1     Running     0          2m32s
      end-user-ui-6985574b49-dz8t9   1/1     Running     0          3m29s
      idm-57b6b86b98-hl8mj           1/1     Running     0          3m29s
      ldif-importer-m6n6x            0/1     Completed   0          3m27s
      login-ui-64b994b944-9qv7n      1/1     Running     0          3m29s
      rcs-agent-787769544d-jm7g4     1/1     Running     0          3m28s
    2. Review the output. Deployment is complete when:

      • All entries in the STATUS column indicate Running or Completed.

      • The READY column indicates all running containers are available. The entry in the READY column represents [total number of containers/number of available containers].

      • Three AM and two IDM pods are present.

      • The initial loading jobs (amster and ldif-importer) have reached Completed status.

    3. If necessary, continue to query your deployment’s status until all the pods are ready.

Next Step


1. The CDM and the CDK both use the CDK canonical configuration profile.