CDK Architecture: Minikube
The CDK uses Skaffold to trigger Docker image builds and Kubernetes orchestration. Here’s what Skaffold does:
-
Calls the Docker client on the local computer to build and tag their customized Docker images for the ForgeRock Identity Platform. The customized images are based on Docker images in ForgeRock’s public Docker registry,
gcr.io/forgerock-io
. -
Pushes the Docker images to the Docker engine that’s part of the Minikube VM.
-
Calls Kustomize to orchestrate the ForgeRock Identity Platform in your namespace. Kustomize uses the Docker images that Skaffold pushed to your Docker registry.
The following diagram illustrates how the CDK uses Skaffold to build and orchestrate Docker images on Minikube:
After deploying the ForgeRock Identity Platform, you’ll see the following pods running in your namespace:
am
-
The
am
pod runs AM.When AM starts, it obtains its configuration from the
/home/forgerock/openam/config
directory [1].After the
am
pod has started, an Amster job is triggered. This job populates AM’s run-time data. ds-cts-0
-
The
ds-cts-0
pod runs the directory service used by the AM Core Token Service. ds-idrepo-0
-
The
ds-idrepo-0
pod runs the following directory services:-
Identity repository shared by AM and IDM
-
IDM repository
-
AM application and policy store
-
idm-0
-
The
idm-0
pod runs IDM.When IDM starts, it obtains its configuration from the
/opt/openidm/conf
directory [2].In containerized deployments, IDM must retrieve its configuration from the file system and not from the IDM repository. The default values for the
openidm.fileinstall.enabled
andopenidm.config.repo.enabled
properties in the CDK’ssystem.properties
file ensure that IDM retrieves its configuration from the file system. Do not override the default values for these properties. - UI pods
-
Several pods provide access to ForgeRock common user interfaces:
-
admin-ui
-
end-user-ui
-
login-ui
-
In addition to these pods, you’ll see that three jobs that load data into the environment have run to completion:
-
The
forgeops-secrets
job, which generates a set of Kubernetes secrets used by the platform. -
The
amster
job, which loads application data, such as OAuth 2.0 client definitions, to theidrepo
DS instance. -
The
ldif-importer
job, which loads policy data required by AM to the theidrepo
DS instance.
am
Docker image, the AM configuration files are copied from the /path/to/forgeops/docker/7.0/am/config
directory to the /home/forgerock/openam/config
directory.
idm
Docker image, the IDM configuration files are copied from the /path/to/forgeops/docker/7.0/idm/conf
directory to the /opt/openidm/conf
directory.