ForgeOps

Additional setup

This page covers setup tasks that you’ll need to perform before you can develop custom Docker images for the ForgeRock Identity Platform. Complete all of the tasks on this page before proceeding.

Use a single-instance ForgeOps deployment

You must use a single-instance ForgeOps deployment to develop custom Docker images for the ForgeRock Identity Platform.

Use the following links for information about how to create single-instance ForgeOps deployments:

Set up your environment to push to your Docker registry

ForgeOps deployments support any container registry that supports Docker containers. You’ll need to set up your local environment to support your container registry. Here are setup steps for four commonly-used container registries:

Docker registry on Minikube

Set up your local environment to execute docker commands on Minikube’s Docker engine.

ForgeRock recommends using the built-in Docker engine when developing custom Docker images using Minikube. When you use Minikube’s Docker engine, you don’t have to build Docker images on a local engine and then push the images to a local or cloud-based Docker registry. Instead, you build images using the same Docker engine that Minikube uses. This streamlines development.

To set up your local computer to use Minikube’s Docker engine, run the docker-env command in your shell:

$ eval $(minikube docker-env)

For more information about using Minikube’s built-in Docker engine, refer to Use local images by re-using the Docker daemon in the Minikube documentation.

Google Cloud Artifact Registry or Container Registry

To set up your local computer to build and push Docker images:

  1. If it’s not already running, start a virtual machine that runs Docker engine. Refer to Docker engine for more information.

  2. Set up a Docker credential helper:

    $ gcloud auth configure-docker
AWS Elastic Container Registry

To set up your local computer to push Docker images:

  1. If it’s not already running, start a virtual machine that runs Docker engine. Refer to Docker engine for more information.

  2. Log in to Amazon ECR:

    $ aws ecr get-login-password | \
 docker login --username AWS --password-stdin my-docker-registry
Login Succeeded

    ECR login sessions expire after 12 hours. Because of this, you’ll need to perform these steps again whenever your login session expires.[1]

Azure Container Registry

To set up your local computer to push Docker images:

  1. If it’s not already running, start a virtual machine that runs Docker engine. Refer to Docker engine for more information.

  2. Install the ACR Docker Credential Helper.

Identify the Docker repository to push to

When you execute the forgeops build command, you must specify the repository to push your Docker image to with the --push-to argument.

The forgeops build command appends a component name to the destination repository. For example, the command forgeops build am --push-to us-docker.pkg.dev/my-project pushes a Docker image to the us-docker.pkg.dev/my-project/am repository.

To determine how to specify the --push-to argument for four commonly-used container registries:

Docker registry on Minikube

Specify --push-to none with the forgeops build command to push the Docker image to the Docker registry embedded in the Minikube cluster.

Google Cloud Artifact Registry or Container Registry

Obtain the --push-to location from your cluster administrator. After it builds the Docker image, the forgeops build command pushes the Docker image to this repository.

AWS Elastic Container Registry

Obtain the --push-to location from your cluster administrator. After it builds the Docker image, the forgeops build command pushes the Docker image to this repository.

Azure Container Registry

Obtain the --push-to location from your cluster administrator. After it builds the Docker image, the forgeops build command pushes the Docker image to this repository.

Initialize deployment environments

Deployment environments let you manage deployment manifests and image defaulters for multiple environments in a single forgeops repository clone.

By default, the forgeops build command updates the image defaulter in the kustomize/deploy directory.

When you specify a deployment environment, the forgeops build command updates the image defaulter in the kustomize/deploy-environment directory. For example, if you ran forgeops build --deploy-env production, the image defaulter in the kustomize/deploy-production/image-defaulter directory would be updated.

Before you can use a new deployment environment, you must initialize a directory based on the /path/to/forgeops/kustomize/deploy directory to support the deployment environment. Perform these steps to initialize a new deployment environment:

$ cd /path/to/forgeops/bin
$ ./forgeops clean
$ cd ../kustomize
$ cp -rp deploy deploy-my-environment
If you need multiple deployment environments, you’ll need to initialize each environment before you can start using it.

Next step

1. You can automate logging into ECR every 12 hours by using the cron utility.
Copyright © 2010-2024 ForgeRock, all rights reserved.