Documentation updates

April 4, 2023

New deployment step: back up the secrets that contain the DS master and TLS keys: A new step to back up the Kubernetes secrets that contain the DS master and TLS keys has been added to the instructions for deploying the CDM.

It is extremely important to back up these secrets and retain them in a secure location. Loss of these secrets could result in the inability to restore data from backups.

Secret generation documentation corrected: The Secret Agent operator page previously stated that the Secret Agent operator generates all secrets required for a ForgeRock Identity Platform deployment.

This page has been corrected to state that the Secret Agent operator generates all secrets required for a ForgeRock Identity Platform deployment except for the DS master and TLS keys. In version 7.3, the DS operator calls the certificate manager to generate these two keys.

Secret management recommendations changed: The recommendation that you always configure cloud secret management has been relaxed. ForgeRock now recommends that you configure cloud secret management only when you have multiple deployments that need to use the same secrets.

Base Docker images page updated

The Base Docker images page has been significantly updated. A new section, Create Docker images for use in production, explains how to build customized Docker images for the ForgeRock Identity Platform that:

Miscellaneous documentation fixes

The name of the IG base image has been corrected in Step 7 of the procedure to build your own base Docker images.
An additional issue was found with the sample for building the Docker base images for AM: several additional scripts needed execute permission. This documentation update works around this issue.
The descriptions of CDK and CDM now mention jobs that run to completion when you deploy the platform: amster, forgeops-secret, and ldif-importer.
A step to run skaffold delete has been added to the procedures for removing the CDK and the CDM removal pages.

New release note: DevOps artifacts for version 6.5 are deprecated: See the new release note.

Workaround for OPENAM-16656 and OPENAM-16658: Issues were found with the samples for building the Docker base images for AM and Amster. The documentation update works around those issues.