ForgeOps

CDK Deployment

This documentation describes the legacy CDK implementation, which will be deprecated in an upcoming release. We strongly recommend that you transition to the current CDK implementation as soon as possible.

After you’ve set up your development environment, your next step is to deploy the platform.

To deploy the ForgeRock Identity Platform in your namespace:

  1. Change the deployment namespace for the all environment from the default namespace to your namespace:

    1. Change to the directory containing the all environment:

      $ cd /path/to/forgeops/kustomize/overlay/7.0/all

    2. Open the kustomization.yaml file.

    3. Modify two lines in the file so that the platform is deployed in your namespace:

      Original Text Revised Text

      namespace: default

      namespace: my-namespace

      FQDN: "default.iam.example.com"

      FQDN: "my-namespace.iam.example.com"

    4. Save the updated kustomization.yaml file.

  2. Initialize the staging area for configuration profiles with the canonical CDK configuration profile for the ForgeRock Identity Platform:

    $ cd /path/to/forgeops/bin
$ ./config.sh init --profile cdk
Removing docker/7.0/am/config/
Removing docker/7.0/amster/config/
Removing docker/7.0/idm/conf/
Removing docker/7.0/idm/ui/
Removing docker/7.0/ig/config/
Copying /Users/me/Repositories/forgeops/config/7.0/cdk/idm.
Copying /Users/me/Repositories/forgeops/config/7.0/cdk/am.
Copying /Users/me/Repositories/forgeops/config/7.0/cdk/ig.
Copying /Users/me/Repositories/forgeops/config/7.0/cdk/amster.
Completed

    The config.sh init command copies the canonical CDK configuration profile from the master directory for configuration profiles to the staging area:

    This diagram shows how the staging area is initialized from the canonical ${cdk.abbr} profile.

    For more information about the management of ForgeRock Identity Platform configuration profiles in the forgeops repository, see Configuration Profiles.

  3. Configure secrets for the ForgeRock Identity Platform:

    1. Make sure that context is set to your namespace:

      $ kubens my-namespace

    2. Deploy the secrets:

      $ cd /path/to/forgeops/kustomize/base/secrets
$ kubectl apply --filename secret_agent_config.yaml

    3. Verify that all the ForgeRock Identity Platform secrets have been created:

      $ kubectl get sac
NAME            STATUS      NUMSECRETS   NUMK8SSECRETS
forgerock-sac   Completed   14           14

      When the forgerock-sac entry reaches Completed status, all the secrets have been created.

  4. Run Skaffold to build Docker images and deploy the ForgeRock Identity Platform:

    $ cd /path/to/forgeops
$ skaffold run
Generating tags. . .
 - am → am:. . .
 - amster → amster:. . .
 - idm → idm:. . .
 - ds-cts → ds-cts:. . .
. . .

  5. In a separate terminal tab or window, run the kubectl get pods command to monitor status of the deployment. Wait until all the pods are ready.

    Your namespace should have the pods shown in this diagram.

Next Step

Copyright © 2010-2024 ForgeRock, all rights reserved.