August 10, 2020

Docker- and Kubernetes-ready DS

This release lifts restrictions on running DS servers in Docker and Kubernetes deployments. Many individual improvements make this possible:

  • Replication improvements let you scale the number of DS replicas in your stateful sets up and down.

  • The new dsrepl command runs well in Docker containers.

DS backup to cloud storage

The CDM supports the new dsbackup command. This command lets you back up directory data to, and restore data from cloud storage.

AM and IDM integration

AM and IDM are integrated in CDK and CDM deployments:

  • AM authenticates IDM administrator and end user logins.

  • AM and IDM share a single, replicated DS user store.

  • IDM REST API users must now obtain an authorization code from AM to make API calls. See Access the IDM REST APIs for an example.

DS as IDM’s repository

IDM now uses DS for repository services. In previous versions, IDM used a PostgreSQL repository.

AM file-based configuration

Kubernetes deployments of the ForgeRock Identity Platform now use file-based configuration, available in AM 7. Implementing file-based configuration necessitated some changes to how AM static and dynamic configuration are managed:

  • AM configuration data is now stored in the am Docker image.

  • AM configuration data is copied to the /home/forgerock/openam/config directory when AM starts.

  • AM run-time data continues to be stored in the amster Docker image (as it was in previous versions).

  • After AM starts, an Amster job loads AM run-time data to the application and policy store.

  • Amster jobs are triggered as needed to import and export AM run-time data. The amster pod has been removed from the CDK and CDM deployments.

For more information about customizing the AM and Amster Docker images with configuration and run-time data, see Docker Image Development.

Revised DevOps documentation

The DevOps documentation is now deployed as a single site, rather than as a set of guides. Find your way around the DevOps documentation set using the navigation menu on the left side of the page. Use the tables of contents on the right side of each page to help you make your way around longer pages.

May 18, 2020

forgeops repository release tags

The method for obtaining the forgeops repository has changed. We now recommend that users clone the repository, and then create a branch based on the current release tag. Sections titled forgeops Repository in the CDK and CDM documentation provide steps you can use to create a branch based on a release tag.

A new page in the documentation describes how to work with the forgeops repository. The page covers release tags and repository forks. It also describes the repository’s contents, and provides strategies for updating forgeops repository clones.

February 20, 2020

Docker images include the AM, IDM, and IG configuration

In this version, the AM, IDM, and IG configurations are incorporated into the am, idm, and ig Docker images.

This change improves ForgeRock Identity Platform startup times. It also eliminates the startup dependency on the availability of an external Git repository.

Configurations for AM, IDM, and IG now reside in the forgeops repository’s config directory. Before building a customized Docker image for the ForgeRock Identity Platform, you run the new script. This script copies a configuration to a staging area in the forgeops repository’s docker directory.

For information about customizing Docker images for the ForgeRock Identity Platform, see Docker Image Development.

Skaffold framework support

The forgeops repository contains new artifacts that let you deploy the ForgeRock Identity Platform using the Skaffold framework. Deploying with Skaffold lets you:

  • Quickly and easily start the ForgeRock Identity Platform.

  • Modify the AM, IDM, and IG configurations.

  • Build updated Docker images that include your configuration changes.

  • Restart the ForgeRock Identity Platform with the updated Docker images.

Before you can use Skaffold with ForgeRock Identity Platform, you’ll need to install Skaffold software on your local computer. See any of the Environment Setup sections in the CDK or CDM documentation for more information.

Kustomize framework support

This revision uses the Kustomize framework to orchestrate AM, DS, IDM, and IG on Kubernetes. You no longer use Helm charts to orchestrate the ForgeRock Identity Platform.

Before you can use the Kustomize framework with ForgeRock Identity Platform, you’ll need to install Kustomize software on your local computer. See any of the Environment Setup sections in the CDK or CDM documentation for more information.

The ForgeRock Cloud Developer’s Kit

The ForgeRock Identity Platform documentation now uses the term Cloud Developer’s Kit to describe what was previously referred to as the Kubernetes Examples.

For more information about the Cloud Developer’s Kit, see the following:

Identical configurations for the CDK and the CDM

The CDK and the CDM now use uniformly comprehensive AM, IDM, and IG configurations. Examples in the documentation now illustrate full-featured configurations, and are no longer based on minimally viable configurations. See Configuration in the forgeops repository’s top-level README file for more information about the configurations.

In earlier versions, different configurations were used for CDK and CDM deployments. The Kubernetes Examples used a minimal configuration for AM, IDM, and IG, while the CDM used a more full-featured configuration.

Pulumi scripts for cluster creation

This revision uses Pulumi scripts to create clusters for CDM deployments.

For information about how to create Kubernetes clusters for the CDM using Pulumi, see the Environment Setup sections in the CDM documentation.

The previous version used a set of bash scripts for cluster creation. These scripts have been removed from the forgeops repository.

Secrets generator

The ForgeRock secrets generator randomly generates all secrets for AM, IDM, and DS services running in the CDK and the CDM. Random secrets generation greatly improves security for CDK and CDM deployments from previous versions.

The secrets generator runs as a Kubernetes job before AM, IDM, and DS are deployed.

Completely revised AKS Cookbook

Because of the previous lack of support in AKS for multiple availability zones for AKS clusters, ForgeRock formerly recommended against deploying the platform on Azure in production. With support for zones now available in AKS, Azure is now a supported platform for production deployments, and the CDM documentation for AKS is no longer designated "evaluation-only."

Changes from the evaluation-only version of the CDM documentation include:

  • The CDM deployment topology on Azure now matches the CDM deployment topology on Google Cloud and AWS.

  • Pulumi scripts demonstrate AKS cluster creation.

  • Benchmark results are available for a sample deployment with 10,000,000 users.

Copyright © 2010-2024 ForgeRock, all rights reserved.