- DS operator supported for use with the CDK
The DS operator is now supported for use with demonstration and developer deployments that use the CDK.
The DS operator remains in technology preview status for production deployments. Do not use the operator in production deployments of the ForgeRock Identity Platform.
- New CDK technology preview
A first look at a new way to deploy the CDK, and to use the CDK to develop custom Docker images for the ForgeRock Identity Platform with it:
The new way of deploying the CDK is generally simpler and faster.
The new CDK deployment uses a single DS pod—
ds-idrepo-0. Functionality provided by the DS CTS pod in previous CDK versions is now merged into the ID repo pod. Deployment with a single DS pod is simpler, faster, and requires less resources than earlier versions. For example, the memory requirement for Minikube deployments decreases from 12GB to 10GB.
The new cdk install command lets developers deploy the CDK one component at a time. It’s still possible to deploy the entire CDK with a single cdk install command, but you can also deploy individual CDK components one at a time, review the results, and then deploy the next component. Deploying the platform one component at a time can make troubleshooting simpler if you run into a problem.
For a list of CDK components you can install one at a time, run the cdk install -h command.
The new cdk install command is idempotent. The command checks the installation status of a component before it attempts to install it. For example, if you run the cdk install command, and the ForgeRock UI pods are already installed and available, the installer won’t attempt to install the UI a second time unless you’ve specified different Docker images for running it, or modified the Kustomize files that orchestrate it.
The new cdk build command lets you build custom Docker images for the ForgeRock Identity Platform.
The new image defaulter gives developers fine-grain control over which Docker images are deployed with the CDK. The deployed Docker image no longer needs to be the last image that you built.
The CDK incorporates the DS operator, simplifying directory deployment. Note that the DS operator remains in technology preview status for CDM deployments.
The cdk install command incorporates Secret Agent and DS operator installation. Separate commands are no longer required to install these CDK components.
You’ll find the documentation for the new technology CDK here.
- DS operator technology preview
The DS operator uses the Kubernetes operator design pattern to let you easily deploy and manage DS instances running in a Kubernetes cluster. After you install the
ds-operatorcustom resource definition (CRD) in a cluster, you can use it to create DS instances, scale them, and manage backup and restore.
The DS operator is offered as a technology preview. Do not use it production deployments of the ForgeRock Identity Platform.
For more information, see DS Operator.
- New RCS Agent pod in the CDM
The CDM now includes an RCS Agent pod. The RCS Agent is a reliable websocket proxy between remote connector servers and the IDM instances in the CDM.
For more information, see CDM Architecture.
- Cloud Deployment Quickstart (CDQ)
The CDQ is a very quick, single-command deployment of the ForgeRock Identity Platform on a Kubernetes cluster. The CDQ has very limited capabilities.
- New Secret Agent operator
The new Secret Agent operator provides secret generation and management services for ForgeRock Identity Platform deployments on Kubernetes. The new Secret Agent operator replaces the deprecated
forgeops-secretjob, which previously was invoked when you deployed the platform using Skaffold.
By default, the operator examines your namespace to determine whether it contains all the secrets required for ForgeRock Identity Platform deployment. If any of the required secrets are not present, the operator generates them. Configuration options that let you change this default behavior are available.
In addition to secret generation, the new operator also integrates with Google Cloud Secret Manager, AWS Secrets Manager, and Azure Key Vault, providing cloud backup and retrieval for secrets.
For more information about secret generation options and secret management, see the Secret Agent project README.
- New cluster provisioning scripts
This release of the
forgeopsrepository introduces the
cluster-down.shscripts, which you use to create and delete CDM clusters. These scripts replace the Pulumi scripts previously in the repository.
The new scripts are designed to be lightweight, and easy to use and modify. For GKE and AKS, the scripts call the cloud providers' SDKs. For EKS, the scripts call the eksctl CLI.
The deprecated Pulumi scripts are still available in the
forgeopsrepository, in the
/path/to/forgeops/cluster/pulumi-deprecateddirectory. They are no longer being maintained or upgraded. You can still use them with Pulumi 2.7.1 before you move to the new scripts.
- Small, medium, and large CDM cluster sizing
This release restores the ability to create sized CDM clusters. Before deploying the CDM, you specify one of three cluster sizes:
A small cluster with capacity to handle 1,000,000 test users
A medium cluster with capacity to handle 10,000,000 test users
A large cluster with capacity to handle 100,000,000 test users