ForgeOps

am image

The am Docker image contains the AM configuration.

Customization overview

  • Customize AM’s configuration data by using the AM admin UI and REST APIs.

  • Capture changes to the AM configuration by exporting them from the AM service running on Kubernetes to the staging area.

  • Save the modified AM configuration to a configuration profile in your forgeops repository clone.

  • Build an updated am Docker image that contains your customizations.

  • Redeploy AM.

  • Verify that changes you’ve made to the AM configuration are in the new Docker image.

Detailed steps

  1. If this is your first time building a custom Docker image, verify that you performed developer setup activities:

  2. Verify that:

    • The CDK is deployed.

    • The namespace in which the CDK is deployed is set in your Kubernetes context.

    • All required third-party software is installed in your local environment (Minikube|GKE|EKS|AKS).

  3. Perform version control activities on your forgeops repository clone:

    1. Run the git status command.

    2. Review the state of the docker/am/config-profiles/my-profile directory.

    3. (Optional) Run the git commit command to commit changes to files that have been modified.

  4. Modify the AM configuration using the AM admin UI or the REST APIs.

    For information about how to access the AM admin UI or REST APIs, see AM Services.

    See About property value substitution for important information about configuring values that vary at run-time, such as passwords and host names.

  5. Export the changes you made to the AM configuration in the running ForgeRock Identity Platform to your configuration profile:

    $ cd /path/to/forgeops/bin
    $ ./config export am my-profile --sort
    [INFO] Running export for am in am-666687d69c-lfnhx
    [INFO] Updating existing profile: /path/to/forgeops/docker/am/config-profiles/my-profile
    [INFO] Exported AM config
    
    + docker run --rm --user 502:20 --volume /path/to/forgeops/docker/am/config-profiles/my-profile:/am-config gcr.io/forgerock-io/am-config-upgrader:7.2.0
    
    Reading existing configuration from files in /am-config/config/services…​
    Modifying configuration based on rules in [/rules/latest.groovy]…​
    reading configuration from file-based config files
    Writing configuration to new location at /am-config/config/services…​
    Upgrade Completed, modified configuration saved to /am-config/config/services
    [INFO] Completed upgrading AM configuration
    [INFO] Completed export
    [INFO] Sorting configuration.
    [INFO] Sorting completed.

    The config export am my-profile command copies AM static configuration from the running CDK instance to your configuration profile.

    Exporting the configuration from the CDK to a configuration profile.
  6. Perform version control activities on your forgeops repository clone:

    1. Review the differences in the files you exported to your configuration profile. For example:

      $ git diff
      diff --git a/docker/am/config-profiles/my-profile/config/services/realm/root/selfservicetrees/1.0/organizationconfig/default.json b/docker/am/config-profiles/my-profile/config/services/realm/root/selfservicetrees/1.0/organizationconfig/default.json
      index 970c5a257..19f4f17f0 100644
      --- a/docker/am/config-profiles/my-profile/config/services/realm/root/selfservicetrees/1.0/organizationconfig/default.json
      + b/docker/am/config-profiles/my-profile/config/services/realm/root/selfservicetrees/1.0/organizationconfig/default.json
      @@ -9,6 +9,7 @@
           "enabled": true,
           "treeMapping": {
             "Test": "Test",
      +      "Test1": "Test1",
             "forgottenUsername": "ForgottenUsername",
             "registration": "Registration",
             "resetPassword": "ResetPassword",
    2. Run the git status command.

    3. If you have new untracked files in your clone, run the git add command.

    4. Review the state of the docker/am/config-profiles/my-profile directory.

    5. (Optional) Run the git commit command to commit changes to files that have been modified.

  7. Build a new am image that includes your changes to AM static configuration:

    $ ./forgeops build am --config-profile my-profile
    Generating tags…​
     - am → am:da3855f51-dirty
    Checking cache…​
     - am: Not found. Building
    Starting build…​
    Found [minikube] context, using local docker daemon.
    Building [am]…​
    Sending build context to Docker daemon  1.989MB
    Step 1/16 : FROM gcr.io/forgerock-io/am-base:7.2.0
     --→ 4e0b979daa5c
    
    . . .
    
    Step 16/16 : WORKDIR /home/forgerock
     --→ Running in 5d74eea6f908
     --→ 965d362dd194
    Successfully built 965d362dd194
    Successfully tagged am:da3855f51-dirty
    
    Updated the image_defaulter with your new image for am: "am:16e5e4048. . ."

    The forgeops build command calls Skaffold to build a new am Docker image, and to push the image to your Docker registry. The new image includes your configuration profile. It also updates the image defaulter file so that the next time you install AM, the forgeops install command gets AM static configuration from your new custom Docker image.

    Building the new custom Docker image.
  8. Perform version control activities on your forgeops repository clone:

    1. Run the git status command.

    2. Review the state of the kustomize/deploy/image-defaulter/kustomization.yaml file.

    3. (Optional) Run the git commit command to commit changes to the image defaulter file.

  9. Redeploy AM:

    1. Remove AM from your CDK installation:

      To prevent the forgeops delete command from deleting the PVCs, enter N in response to the prompt: OK to delete PVCs, VolumeSnapshots and Secrets? [Y/N]

      $ ./forgeops delete am
      Uninstalling component(s): ['am']
      OK to delete these components? [Y/N] Y
      This will erase all your PVCs(including backup PVCs), VolumeSnapshots and Secrets. This cannot be undone.
      Press "CTRL+C" now if you want to cancel
      OK to delete PVCs, VolumeSnapshots and Secrets? [Y/N] N
      service "am" deleted
      deployment.apps "am" deleted
    2. Redeploy AM:

      $ ./forgeops install am --cdk
      Checking cert-manager and related CRDs: cert-manager CRD found in cluster.
      Checking secret-agent operator and related CRDs: secret-agent CRD found in cluster.
      Checking ds-operator and related CRDs: ds-operator CRD found in cluster.
      
      Installing component(s): ['am'] platform: "cdk" in namespace: "my-namespace"
      
      service/am created
      deployment.apps/am created
      
      Enjoy your deployment!
    3. Run the kubectl get pods command to monitor the status of the AM pod. Wait until the pod is ready before proceeding to the next step.

  10. To validate that AM has the expected configuration:

    • Describe the AM pod. Locate the tag of the Docker image that Kubernetes loaded, and verify that it’s your new custom Docker image’s tag.

    • Start the AM admin UI and verify that your configuration changes are present.

Next step

Copyright © 2010-2022 ForgeRock, all rights reserved.