Start here

Ping Identity provides several resources to help you get started in the cloud. These resources demonstrate how to deploy the Ping Identity Platform on Kubernetes. Before you proceed, review the following precautions:

Deploying Ping Identity Platform software in a containerized environment requires advanced proficiency in many technologies. Learn more about required skills in Assess Your Skill Level.
If you don’t have experience with complex Kubernetes deployments, then either engage a certified Ping Identity Platform consulting partner or deploy the platform on traditional architecture.
Don’t deploy Ping Identity Platform software in Kubernetes in production until you have successfully deployed and tested the software in a non-production Kubernetes environment.

Learn more about getting support for Ping Identity Platform software at Support for ForgeOps.

Ping Identity only offers its software or services to legal entities that have entered into a binding license agreement with Ping Identity. When you install Docker images provided by ForgeOps, you agree either that: 1) you are an authorized user of a Ping Identity Platform customer that has entered into a license agreement with Ping Identity governing your use of the Ping Identity software; or 2) your use of the Ping Identity Platform software is subject to the Ping Identity Subscription Agreements.

Introducing ForgeOps deployments

The forgeops repository and ForgeOps documentation address a range of typical business needs of our customers. The repository contains artifacts that let you get a sample Ping Identity Platform deployment up and running quickly. After you get the out-of-the-box deployment running, you can tailor it to explore how you might configure your Kubernetes cluster before you deploy the platform in production.

ForgeOps deployments have the following characteristics:

Fully integrated AM, IDM, and DS installations
Randomly generated secrets
Multi-zone high availability^[1]
Replicated directory services^[1]
Ingress configuration^[2]
Certificate management
Prometheus monitoring, Grafana reporting, and alert management^[1]

The ForgeOps documentation helps you work with ForgeOps deployments:

Tells you how you can quickly create a Kubernetes cluster on Google Cloud, Amazon Web Services (AWS), or Microsoft Azure, deploy the Ping Identity Platform, and and access components in the deployment.
Contains how-tos for preparing for production deployments by customizing monitoring, setting alerts, backing up and restoring directory data, modifying the default security configuration, and running lightweight benchmarks to test DS, AM, and IDM performance.
Tells you how to modify the AM and IDM configurations in ForgeOps deployments and create customized Docker images for the Ping Identity Platform.
Keeps you up-to-date with the latest changes to the forgeops repository.

Try an out-of-the-box ForgeOps deployment

Before you start planning a production deployment, perform a ForgeOps deployment without any customizations. If you’re new to Kubernetes, or new to the Ping Identity Platform, it’s a great way to learn, and you’ll have a sandbox suitable for exploring the Ping Identity Platform in a cloud environment.

Illustrates major tasks when performing a ForgeOps deployment.

Perform a ForgeOps deployment on Google Cloud, AWS, or Microsoft Azure to quickly spin up the platform for demonstration purposes. You’ll get a feel for what it’s like to deploy the platform on a Kubernetes cluster in the cloud. When you’re done, you’ll have a robust starter deployment that you can use to test deployment customizations that you’ll need for your production environment. Examples of deployment customizations include, but are not limited to:

Running lightweight benchmark tests
Making backups of data and restoring the data
Securing TLS with a certificate that’s dynamically obtained from Let’s Encrypt
Using an ingress controller other than the NGINX ingress controller
Resizing the cluster to meet your business requirements
Configuring Alert Manager to issue alerts when usage thresholds have been reached

Prerequisite technologies and skills:

More information:

Setup overview

Build your own service

Illustrates the major tasks performed when building a production deployment of Ping Identity Platform in the cloud.

Perform the following activities to customize, deploy, and maintain a production Ping Identity Platform implementation in the cloud:

Create a project plan

Illustrates the major tasks performed when planning a production deployment of Ping Identity Platform in the cloud.

After you’ve spent some time exploring a ForgeOps deployment, you’re ready to define requirements for your production deployment. Remember, an out-of-the-box ForgeOps deployment is not a production deployment. Use out-of-the-box ForgeOps deployments to explore deployment customizations. Then, incorporate the lessons you’ve learned as you build your own production service.

Analyze your business requirements and define how the Ping Identity Platform needs to be configured to meet your needs. Identify systems to be integrated with the platform, such as identity databases and applications, and plan to perform those integrations. Assess and specify your deployment infrastructure requirements, such as backup, system monitoring, Git repository management, CI/CD, quality assurance, security, and load testing.

Be sure to do the following when you transition to a production environment:

Obtain and use certificates from an established certificate authority.
Create and test your backup plan.
Use a working production-ready FQDN.
Implement monitoring and alerting utilities.

Prerequisite technologies and skills:

More information:

All the ForgeOps documentation

Configure the platform

Illustrates the major tasks performed to configure the Ping Identity Platform before deploying in production.

With your project plan defined, you’re ready to configure the Ping Identity Platform to meet the plan’s requirements. Install single-instance ForgeOps deployments on your developers' computers. Configure AM and IDM. If needed, include integrations with external applications in the configuration. Iteratively unit test your configuration as you modify it. Build customized Docker images that contain the configuration.

Prerequisite technologies and skills:

More information:

Customization overview

Configure your cluster

Illustrates the major tasks performed to configure the cluster before deploying in production.

With your project plan defined, you’re ready to configure a Kubernetes cluster that meets the requirements defined in the plan. Install the platform using the customized Docker images developed in Configure the platform. Provision the identity repository with users, groups, and other identity data. Load test your deployment, and then size your cluster to meet service level agreements. Perform integration tests. Harden your deployment. Set up CI/CD for your deployment. Create monitoring alerts so that your site reliability engineers are notified when the system reaches thresholds that affect your SLAs. Implement database backup and test database restore. Simulate failures while under load to make sure your deployment can handle them.

Prerequisite technologies and skills:

More information:

Stay up and running

Illustrates the major tasks performed to keep a Ping Identity Platform deployment up and running in production.

By now, you’ve configured the platform, configured a Kubernetes cluster, and deployed the platform with your customized configuration. Run your Ping Identity Platform deployment in your cluster, continually monitoring it for performance and reliability. Take backups as needed.

Prerequisite technologies and skills:

More information:

Prepare to deploy in production

1. Not available on single-instance ForgeOps deployments.

2. Not available on ForgeOps deployments on Minikube.