Configuring the ForgeRock Identity Platform™ in a DevOps Environment (FR-523)
This expert-led workshop guides students through the deployment of the ForgeRock Identity Platform™ (the Platform) on a Kubernetes cluster running in Google Kubernetes Environment (GKE).
The workshop initially describes how to use the ForgeRock Cloud Developer’s Kit (CDK) to deploy a sample configuration of the Platform, which includes ForgeRock® Access Management (AM) and ForgeRock® Identity Management (IDM), which share ForgeRock® Directory Service (DS) as an identity store.
The CDK is used to configure the Platform and redeploy the updated configuration in an existing Kubernetes cluster.
Students then create a new cluster using Pulumi tools and deploy the Platform by following the Cloud Deployment Model (CDM). Monitoring add-ons tools are included with the CDM example. The skills gained by performing deployments with the CDK and CDM reference examples, help you identify the Kubernetes cluster and the Platform configuration requirements needed for preparation to move deployments into other environments, such as test and production.
The last chapter of the workshop explores how to migrate the ForgeRock Entertainment Company (FEC) portal configuration from the IDM Core Concepts course to Kubernetes.
This workshop uses the ForgeRock DevOps documentation set as a reference for the hands-on labs instead of providing a dedicated Student Workbook, as offered with the Core Concepts courses. You will work with the instructor to improvise any steps that are necessary for the given lab environment.
Also, it is important that you have already successfully completed the relevant ForgeRock Core Concepts courses before attending this workshop. It is beneficial that you also have experience working with DevOps technology such as Kubernetes, Skaffold, Kustomize, Git, among other related tools.
Note: Revision B of this course is based on the DevOps 6.5 documentation.
This workshop is aimed at technical audiences who are responsible for deploying and managing the Platform on Kubernetes. This includes, but is not limited to, those with the following responsibilities:
- Developers who are responsible for deploying and configuring the Platform in a DevOps development environment, and helping others migrate those deployments to production.
- Other technical audiences, such as system integrators, consultants, architects, administrators, and sales/support engineers who need to learn how to plan deployments and configure clusters suitable for deploying the Platform in the cloud.
Upon completion of this course, you should be able to:
- Introduce the Platform and deploy a default configuration using DevOps techniques.
- Configure the Platform using the Cloud Developer Kit (CDK).
- Deploy a configuration of the Platform based on the Cloud Deployment Model (CDM).
- Prepare the Platform for deployment to multiple environments.
- Migrate the FEC Portal sample application to Kubernetes.
The following are the prerequisites for successfully completing this course:
- Completion of the ForgeRock University [AM-400, IDM-400, DS-400, IG-400 (optional)] Core Concept courses, to ensure that you know:
- How to configure and administer DS, AM, Amster, IDM, and (optionally) ForgeRock® Identity Gateway (IG).
- How to use the appropriate commands and user interfaces for each component.
- Students should already be familiar with the following technologies and be able to use the related commands to deploy and manage software in a DevOps environment:
- kubectl command
- A cloud provider that supports Kubernetes, such as GKE, EKS, or AKS
- Optionally, Pulumi (or Terraform) for creating clusters
- Git and Git registries
Note: To deploy the Platform on Kubernetes, ForgeRock has simplified its reference cloud deployment, based on a new tool set that includes Git, Skaffold, and Kustomize, to simplify deployment to Kubernetes. The CDK and CDM examples can be used by your DevOps team to deploy and start up the Platform in a public cloud such as Amazon, Google, or Microsoft Azure.
Chapter 1: Introducing the ForgeRock Identity Platform and Deploying a DevOps Example
This chapter shows you how to access and configure your CloudShare VM development environment, access your GKE cluster in a GCP account, and deploy the Platform to the GKE cluster by following the CDK documentation and using software provided with the ForgeRock/forgeops repository.
Lesson 1: Introducing ForgeRock DevOps Documentation and Examples
- Describe the Platform and related DevOps techniques for deploying the Platform to Kubernetes
- Access your Cloudshare lab environment and developer desktop
- Access your associated GCP account for deploying the Platform
- Describe the DevOps documentation and the CDK and CDM methods of deployment
- Describe the DevOps tools for deployment, and deploy a simple application to validate the environment
Lesson 2: Deploying the ForgeRock Identity Platform to GKE
- Prepare your DevOps environment
- Deploy the Platform to a GKE cluster
- Verify that the Platform is deployed and accessible
- Work with basic DevOps commands to explore the Platform
- Remove the Platform deployment and clean up the environment
- Compare the deployment of the Platform to other cloud providers, such as Amazon Elastic Cloud Services for Kubernetes (Amazon EKS) and Azure Kubernetes Service (AKS)
Lesson 3: Troubleshooting When Problems Arise
- Approach troubleshooting of common issues in Kubernetes systematically
- Run commands for troubleshooting environment issues, containerization issues, and orchestration issues
- Identify resources for getting additional support
Chapter 2: Configuring the ForgeRock Identity Platform
This chapter shows you how to build and use your own base Docker image for deploying the Platform, and how to deploy a custom configuration using the CDM approach.
Lesson 1: Deploying the Platform with Custom Docker Images
- Navigate the forgeops repository
- Describe data used during the deployment of the Platform
- Customize Docker images for the Platform
- Work with Kubernetes manifests and objects
- Manage the configuration life cycle with Skaffold
Lesson 2: Preparing Your Environment for Deployment Based on the CDM
- Describe the ForgeRock Cloud Deployment Model (CDM)
- Describe the requirements for creating and setting up the deployment environment for the CDM
- Create a Kubernetes cluster using Pulumi
- Deploy an ingress controller on the cluster
- Deploy the certificate manager on the cluster
- Set up your local environment to push Docker images
Chapter 3: Monitoring, Backing Up, and Restoring the Environment
This chapter describes how to add monitoring to an already deployed CDK or CDM environment using the Prometheus-deploy.sh script provided in the forgeops repository. The chapter will also describe how you can use the provided benchmarking tools to generate a load on the environment for monitoring purposes.
In addition, the chapter covers how to back up and restore the Platform using the provided scripts in the forgeops repository.
Lesson 1: Monitoring Your Deployment
- Describe the monitoring infrastructure for the CDM
- Deploy the monitoring tools on a cluster
- Monitor the CDM deployment
- Benchmark the CDM deployment for monitoring
Lesson 2: Backing Up and Restoring the Platform
Upon completion of this lesson, you should be able to:
- Describe backup and restore with CDM
- Enable CDM backup
- Manage the backup schedule
- Initiate backups manually
- Use CDM restoration features
- Initiate restoration manually
Chapter 4: Deploying the Platform to Multiple Environments
This chapter covers how to manage additional environments with Skaffold and Kustomize profiles, and prepare to move the deployment configuration to other environments for deployment, such as test and production.
Lesson 1: Managing Multiple Deployment Environments
- Manage multiple environments with Skaffold and Kustomize profiles
- Prepare for deployment to multiple environments
- Move from development to other environments
Lesson 2: Building Your Own Docker Base Images
- Prepare ForgeRock software for your own base Docker images
- Create your own base Docker images
- Deploy with your own Docker base images
Lesson 3: Handling Secrets
- Provide an overview of the forgeops secret generation functionality
- Manage and override generated secrets
Chapter 5: Migrating an Application to Kubernetes
This chapter discusses how to migrate the existing FEC Portal solution from the IDM-400 Rev B course, which is using non-DevOps techniques for installation and configuration, to Kubernetes using DevOps techniques as presented in the DevOps documentation.
Lesson 1: Migrating an Existing DS Configuration to Kubernetes
- Discuss how you can migrate an existing DS configuration to Kubernetes
- Migrate the DS configuration and sample user data using the CDK
Lesson 2: Migrating an Existing AM Configuration to Kubernetes
- Discuss how you can migrate an existing AM configuration to Kubernetes
- Migrate an existing AM configuration to Kubernetes
- Customize the AM web application during deployment
Lesson 3: Migrating an Existing IDM Configuration to Kubernetes
- List the challenges of migrating IDM to Kubernetes
- Implement the required changes to IDM to update IDM from a previous release
- Migrate the configuration from a previous version of IDM to the CDK
- Migrate data from a previous version of IDM to Kubernetes (Optional)