Deploy IG
IG is not deployed with the CDK or the CDM by default.
To deploy IG after you have deployed the CDK or the CDM:
-
Verify that the CDK or the CDM is up and running.
-
Set the active namespace in your local Kubernetes context to the namespace in which you have deployed the platform components.
-
Deploy IG:
$ /path/to/forgeops/bin/cdk install ig Checking secret-agent operator and related CRDs: secret-agent CRD found in cluster. Checking ds-operator and related CRDs: ds-operator CRD found in cluster. Installing component(s): ['ig'] secret/openig-secrets-env created service/ig created deployment.apps/ig created Enjoy your deployment!
By default, the cdk install command uses the latest evaluation-only Docker images for release 7.1 of the platform, available from ForgeRock’s public registry.
However, if you have built a custom IG image, the cdk install command uses your custom image.
-
Run the kubectl get pods command to check the status of the IG pod. Wait until the pod is ready before proceeding to the next step.
-
Verify that IG is running.
If you deployed IG on the CDK:
$ curl --insecure -L -X GET https://dev.example.com/ig/openig/ping -v Note: Unnecessary use of -X or --request, GET is already inferred. * Trying . . . * TCP_NODELAY set . . . > GET /ig/openig/ping HTTP/2 > Host: dev.example.com > User-Agent: curl/7.64.1 > Accept: / * Connection state changed (MAX_CONCURRENT_STREAMS == 128)! < HTTP/2 200 < date: Thu, 29 Jul 2021 21:07:44 GMT < * Connection #0 to host dev.example.com left intact * Closing connection 0
If you deployed IG on the CDM:
$ curl --insecure -L -X GET https://prod.iam.example.com/ig/openig/ping -v . . .
-
Verify that the reverse proxy to the IDM pod is running.
If you deployed IG on the CDK:
$ curl --insecure -L -X GET https://dev.example.com/ig/openidm/info/ping -v Note: Unnecessary use of -X or --request, GET is already inferred. * Trying 192.168.99.155… * TCP_NODELAY set * Connected to dev.example.com (192.168.99.155) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): . . . * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 . . . * Connection state changed (MAX_CONCURRENT_STREAMS == 128)! < HTTP/2 200 . . . < * Connection #0 to host dev.example.com left intact {"_id":"","_rev":"","shortDesc":"OpenIDM ready","state":"ACTIVE_READY"}* Closing connection 0
If you deployed IG on the CDM:
$ curl --insecure -L -X GET https://prod.iam.example.com/ig/openidm/info/ping -v . . .