Deploying the ForgeRock Identity Platform Using DevOps Techniques (FR-523)
This expert-led workshop guides students through the deployment of the ForgeRock Identity Platform™ (the Platform) on a Kubernetes cluster running in Google Kubernetes Environment (GKE).
The workshop initially describes how to use the ForgeRock Cloud Developer’s Kit (CDK) to deploy a sample configuration of the Platform, which includes ForgeRock® Access Management (AM) and ForgeRock® Identity Management (IDM), which share ForgeRock® Directory Service (DS) as an identity store.
The CDK is used to configure the Platform and redeploy the updated configuration in an existing Kubernetes cluster.
Students then create a new cluster using Pulumi tools and deploy the Platform by following the Cloud Deployment Model (CDM). Monitoring add-ons tools are included with the CDM example. The skills gained by performing deployments with the CDK and CDM reference examples, help you identify the Kubernetes cluster and the Platform configuration requirements needed for preparation to move deployments into other environments, such as test and production.
The last chapter of the workshop explores how to migrate the ForgeRock Entertainment Company (FEC) portal configuration from the IDM Core Concepts course to Kubernetes.
This workshop uses the ForgeRock DevOps documentation set as a reference for the hands-on labs instead of providing a dedicated Student Workbook, as offered with the Core Concepts courses. You will work with the instructor to improvise any steps that are necessary for the given lab environment.
Also, it is important that you have already successfully completed the relevant ForgeRock Core Concepts courses before attending this workshop. It is beneficial that you also have experience working with DevOps technology such as Kubernetes, Skaffold, Kustomize, Git, among other related tools.
Note: Revision B of this course is based on the DevOps 6.5 documentation.
This workshop is aimed at technical audiences who are responsible for deploying and managing the Platform on Kubernetes. This includes, but is not limited to, those with the following responsibilities:
- Developers who are responsible for deploying and configuring the Platform in a DevOps development environment, and helping others migrate those deployments to production.
- Other technical audiences, such as system integrators, consultants, architects, administrators, and sales/support engineers who need to learn how to plan deployments and configure clusters suitable for deploying the Platform in the cloud.
Upon completion of this course, you should be able to:
- Introduce the Platform and deploy a default configuration using DevOps techniques.
- Configure the Platform using the Cloud Developer Kit (CDK).
- Deploy a configuration of the Platform based on the Cloud Deployment Model (CDM).
- Prepare the Platform for deployment to multiple environments.
- Migrate the FEC Portal sample application to Kubernetes.
The following are the prerequisites for successfully completing this course:
- Completion of the ForgeRock University [AM-400, IDM-400, DS-400, IG-400 (optional)] Core Concept courses, to ensure that you know:
- How to configure and administer DS, AM, Amster, IDM, and (optionally) ForgeRock® Identity Gateway (IG).
- How to use the appropriate commands and user interfaces for each component.
- Students should already be familiar with the following technologies and be able to use the related commands to deploy and manage software in a DevOps environment:
- kubectl command
- A cloud provider that supports Kubernetes, such as GKE, EKS, or AKS
- Optionally, Pulumi (or Terraform) for creating clusters
- Git and Git registries.
Note: To deploy the Platform on Kubernetes, ForgeRock has simplified its reference cloud deployment, based on a new tool set that includes Git, Skaffold, and Kustomize, to simplify deployment to Kubernetes. The CDK and CDM examples can be used by your DevOps team to deploy and start up the Platform in a public cloud such as Amazon, Google, or Microsoft Azure.
Chapter 1: Introducing the ForgeRock Identity Platform and Deploying a DevOps Example
This chapter is the introduction to deploying the Platform using DevOps techniques. It provides an overview of the Platform and the forgeops Git repository, shows you how to use the ForgeRock DevOps documentation, and shows you how to access your CloudShare VM and associated Google Cloud Platform (GCP) accounts to do the labs.
Lesson 1: Introducing ForgeRock DevOps Documentation and Examples
- Provide an overview of the Platform and forgeops Git repository
- Use the ForgeRock DevOps documentation as a lab guide for deploying the Platform
- Access your CloudShare VM lab environment
- Access your GCP account to select the project with the initial cluster
- Test a Hello, World example deployment to verify the CloudShare VM can access the GCP account
Lesson 2: Deploying the ForgeRock Identity Platform to GKE
- Prepare your DevOps environment
- Deploy the Platform to a GKE cluster
- Verify that the Platform is deployed and accessible
- Remove the Platform deployment and clean up the environment
- Compare the deployment of the Platform to other cloud providers, such as Amazon Elastic Cloud Services for Kubernetes (Amazon EKS) and Azure Kubernetes Service (AKS)
Lesson 3: Troubleshooting When Problems Arise
- Restore the CloudShare VM when it is suspended
- Approach troubleshooting of common issues in Kubernetes systematically
- Run commands for troubleshooting the environment, containerization, and orchestration issues
- Identify resources for getting additional support
Chapter 2: Configuring the ForgeRock Identity Platform
This chapter describes how to manage the development life cycle of the Platform using the CDK. You learn to create deployment profiles that include your configuration for the Platform with Docker files and images. You use different Skaffold and kustomize overlays to prepare the deployment of the Platform based on the CDM reference example.
Lesson 1: Deploying the Platform with Custom Docker Images
- Navigate the forgeops repository structure
- Describe data used during the deployment of the Platform
- Customize Docker images for Amster, AM, IDM, and DS
- Work with Kubernetes command-line tools to manage and interact with deployments
- Work with Docker, Skaffold, and Kustomize to deploy and manage the Platform configuration on a Kubernetes environment
Lesson 2: Preparing Your Environment for Deployment Based on the CDM
- Describe the ForgeRock Cloud Deployment Model (CDM)
- Describe the requirements for creating and setting up the deployment environment for the CDM
- Create a Kubernetes cluster using Pulumi
- Deploy an ingress controller on the cluster
- Deploy the certificate manager on the cluster
- Set up your local environment to push Docker images
Chapter 3: Deploying a CDM Configuration of the Platform
This chapter covers how to deploy add-ons, such as the ingress controller, certificate manager, and monitoring tools to the cluster. Add-ons are deployed to support and monitor your deployment of the Platform based on the CDM. Prometheus and Grafana monitoring tools are deployed to the environment. The chapter also covers how to back up and restore the DS component of the Platform. Simple benchmarks are run on the platform to generate a load for monitoring.
Lesson 1: Monitoring Your Deployment
- Describe the monitoring infrastructure for the CDM
- Deploy the monitoring tools on a cluster
- Monitor the CDM deployment
- Benchmark the CDM deployment for monitoring
Lesson 2: Backing Up and Restoring the Platform
Upon completion of this lesson, you should be able to:
- Describe backup and restore with CDM
- Enable CDM backup
- Manage the backup schedule
- Initiate backups manually
- Use CDM restoration features
- Initiate restoration manually
Chapter 4: Deploying the Platform to Multiple Environments
This chapter covers how to prepare for the task of deploying your customized configuration of the Platform to multiple environments, such as test and production. Tasks include managing cluster configuration, creating your own Docker base images, and managing secret data.
Lesson 1: Managing Multiple Deployment Environments
- Manage multiple environments with Skaffold and kustomize profiles
- Prepare for deployment to multiple environments
- Move from development to other environments
Lesson 2: Building Your Own Docker Base Images
- Obtain ForgeRock software
- Create your own Docker base images
- Push your Docker base images to a Docker registry
- Deploy the Platform with your own Docker base images
Lesson 3: Handling Secrets
- Describe secret generation for the Platform
- View, back up, and restore generated secrets
- Override secret generation for development
Chapter 5: Migrating an Application to Kubernetes
This chapter discusses how to migrate an existing (on-premises) deployment on Kubernetes, by using the FEC example from the AM Core Concepts course. You learn how to use your own Dockerfiles and images for customization, handling secret stores.
Lesson 1: Migrating DS
- Discuss how you can migrate an existing DS configuration to Kubernetes
- Migrate the DS configuration and sample user data using the CDK
Lesson 2: Migrating AM
- Discuss how you can migrate an existing AM configuration to Kubernetes
- Migrate an existing AM configuration to Kubernetes
- Customize the AM web application during deployment
Lesson 3: Migrating IDM
- List the challenges of migrating IDM to Kubernetes
- Implement the required changes to IDM to update IDM from a previous release
- Migrate the configuration from a previous version of IDM to the CDK
- Migrate data from a previous version of IDM to Kubernetes (Optional)