Configuring the ForgeRock® Identity Platform in a DevOps Environment
This expert-led workshop guides students through the deployment of the ForgeRock Identity Platform® (Identity Platform) on a Kubernetes cluster running in Google Kubernetes Environment (GKE).
The workshop initially describes how to use the ForgeRock Cloud Developer's Kit (CDK) to deploy a sample configuration of the Identity Platform, which includes ForgeRock® Access Management (AM) and ForgeRock® Identity Management (IDM), which share ForgeRock® Directory Service (DS) as an identity store.
The CDK is used to configure the Identity Platform and redeploy the updated configuration in an existing Kubernetes cluster.
Students then create a new cluster to deploy the Identity Platform by following the Cloud Deployment Model (CDM). Monitoring add-ons tools are included with the CDM example. The skills gained by performing deployments with the CDK and CDM reference examples help you identify the Kubernetes cluster and the Identity Platform configuration requirements needed for preparation to move deployments into other environments, such as test and production.
The last chapter of the workshop explores the challenges of migrating an existing on-prem ForgeRock deployment to Kubernetes.
This workshop uses the ForgeRock DevOps documentation set as a reference for the hands-on labs.
Also, it is important that you have already successfully completed the relevant ForgeRock Core Concepts courses before attending this workshop. It is beneficial that you also have experience working with DevOps technology such as Kubernetes, Skaffold, Kustomize, Git, among other related tools.
Note: Revision C.2 of this course is based on the DevOps 7.2.0 documentation.
The target audiences for this course include:
- Developers who customize and deploy AM, DS, and IDM components.
- Deployment engineers who routinely set up Kubernetes clusters and deploy integrated software in the cloud.
- Site engineers who configure the Kubernetes cluster and who launch the Platform into production.
Upon completion of this course, you should be able to:
- Introduce the ForgeOps toolset and documentation, get familiar with DevOps tools, and deploy the Identity Platform using the CDK
- Configure the Identity Platform by using the CDM
- Use the provided ForgeRock scripts to add monitoring, run benchmarks, and explore the backup and restore tools for the Identity Platform. Build your custom base Docker images. Manage Secrets
- Migrate the ForgeRock Entertainment Company (FEC) Portal sample application to Kubernetes
The following are the prerequisites for successfully completing this course:
- Successful completion of the ForgeRock University core concepts courses:
- DS-440: ForgeRock® Directory Services Deep Dive
- AM-410: ForgeRock® Access Management: Deep Dive
- IDM-420: ForgeRock® Identity Management Deep Dive
- Knowledge of Linux, working in a Linux environment, using the command-line, and knowledge of shell scripting is expected.
- DevOps experience and experience with Kubernetes and Docker are recommended.
Chapter 1: Introducing DevOps Techniques and the CDK
Introduce the ForgeOps toolset and documentation, get familiar with DevOps tools, and deploy the Identity Platform using the CDK.
Lesson 1: Introducing ForgeRock DevOps Documentation and Examples
Introduce the Identity Platform, describe how to use the ForgeRock DevOps documentation to deploy the Identity Platform to a shared cluster, and introduce the DevOps techniques and tools required for a successful deployment:
- Describe the Identity Platform and related DevOps techniques for deploying the Identity Platform to Kubernetes
- Access your CloudShare lab environment and developer desktop
- Access your associated GCP account for deploying the Identity Platform
- Describe the ForgeRock DevOps documentation and the CDK and CDM methods of deployment
- Describe the DevOps tools for deployment and deploy a simple application to validate the environment
- Deploy a simple application with Skaffold to validate the tools and environment
- Examine Kustomize using a sample application
Lesson 2: Deploying the Identity Platform to GKE Using the CDK
Use the DevOps Developer’s Guide: CDK documentation to prepare the Kubernetes cluster, clone the forgeops repository, and deploy the Identity Platform to the Kubernetes cluster running in GKE:
- Prepare your DevOps environment
- Prepare to use an existing cluster for the Identity Platform
- Deploy the Identity Platform to a GKE cluster
- Verify the Identity Platform is deployed and accessible
- Work with basic DevOps commands to explore the Identity Platform
- Remove the Identity Platform deployment and clean up the environment
Lesson 3: Troubleshooting When Problems Arise
Provide some troubleshooting tips to help diagnose issues that might occur while performing the hands-on portion of this workshop:
- Approach troubleshooting of common issues in Kubernetes systematically
- Locate DevOps related troubleshooting references
- Run commands for troubleshooting environment issues
- Run commands for troubleshooting containerization issues
- Run commands for troubleshooting orchestration issues
- Identify resources for getting additional support
Lesson 4: Deploying the Identity Platform With Custom Docker Images
To build and push Docker images using a private Docker registry to deploy the Identity Platform with customized configurations of AM, IDM, and IG:
- Navigate the forgeops repository
- Describe data used during deployment of the Identity Platform
- Deploying the Identity Platform using a customized configuration profile
- Deploy the Identity Platform using a customized configuration profile
- Describe how to work with Kubernetes manifests and objects
- Describe how to use Kustomize overlays to modify Kubernetes objects
- Use Kustomize overlays to modify deployment configurations
Chapter 2: Working With the CDM
Configure the Identity Platform by using the CDM.
Lesson 1: Managing Multiple Deployment Environments
Plan and prepare for moving the Identity Platform CDM-based deployment from the development or Proof of Concept (PoC) stage into a test, and ultimately a production environment:
- Manage multiple environments with Skaffold profiles and Kustomize
- Prepare for deployment to multiple environments
- Move from development to other environments using Property Value Substitution
Lesson 2: Preparing Your Environment and Deploying the CDM
Explain the CDM, describe the requirements for setting up your deployment environment on GKE for the CDM, and deploy a new cluster based on one of the CDM configuration samples:
- Describe the CDM
- Describe the requirements for creating and setting up the deployment environment for the CDM
- Create a Kubernetes cluster
- Deploy the necessary software for the CDM
- Set up your local environment to push Docker images
- Deploy the CDM
Chapter 3: Building a Staging Environment
Use the provided ForgeRock scripts to add monitoring, run benchmarks, and explore the backup and restore tools for the Identity Platform. Build your custom base Docker images. Manage Secrets.
Lesson 1: Monitoring and Benchmarking Your Deployment
Deploy the Prometheus and Grafana monitoring tools within your deployed cluster and monitor your Kubernetes deployment objects and Identity Platform components. Generate test load and benchmark the deployment (optional):
- Describe the monitoring infrastructure for the CDM
- Monitor the CDM deployment
- Benchmark the CDM deployment for monitoring (optional)
Lesson 2: Backing Up and Restoring the Identity Platform
Describe how to back up and restore the Identity Platform on a Kubernetes cluster:
- Describe backup and restore with CDM
- Enable scheduled backups, initiate a backup, and restore user data
Lesson 3: Building Your Own Base Docker Images
Build your own base Docker image and reference it in the related product’s Dockerfile for a CDK or CDM deployment of the Identity Platform with your customizations:
- (Overview) Build custom base Docker images
- Create your own base Docker images
- Deploy using your own base Docker images
Lesson 4: Handling Secrets
Describe and handle secrets for securing access to components deployed with your configuration of the Identity Platform:
- Overview of the Forgeops secret generation
- Manage secrets
Chapter 4: Migrating an On-Prem Deployment to Kubernetes
Migrate the FEC Portal sample application to Kubernetes.
Lesson 1: General Considerations
Discuss how to migrate an existing, on-prem deployment to Kubernetes, learn about planning the migration, and securing a production environment:
- Plan the migration
- Prepare your environment
- Production considerations
Lesson 2: Migrating an On-Prem DS Configuration to Kubernetes
Discuss how to migrate an existing DS configuration to Kubernetes, and then implement the migration tasks for the given FEC Portal use case:
- Discuss how you can migrate an existing DS configuration to Kubernetes
- Migrate the DS configuration and sample user data using the CDK
Lesson 3: Migrating an On-Prem AM Configuration to Kubernetes
Discuss how to migrate an existing AM configuration to Kubernetes, and then implement the migration tasks for the given FEC Portal use case:
- Discuss how you can migrate an existing AM configuration to Kubernetes
- Migrate an existing AM configuration to Kubernetes
- Discuss how to customize the AM web application
- Customize the AM web application during deployment
Lesson 4: Migrating an On-Prem IDM Configuration to Kubernetes
Discuss how to migrate a previous IDM deployment to Kubernetes and implement the migration tasks for the given FEC Portal use case:
- Discuss how you can migrate an existing IDM configuration to Kubernetes
- Migrate the configuration from an on-prem IDM to the CDK
- Migrate identity data from an on-prem IDM to Kubernetes