Configuring the ForgeRock® Identity Platform in a DevOps Environment
FR-523
Configuring the ForgeRock® Identity Platform in a DevOps Environment
Live Virtual
Private/On Site
This expert-led workshop guides students through the deployment of the ForgeRock Identity Platform (the Platform) on a Kubernetes cluster running in Google Kubernetes Environment (GKE). The workshop initially describes how to use the ForgeRock Cloud Developer's Kit (CDK) to deploy a sample configuration of the Platform, which includes ForgeRock® Access Management (AM) and ForgeRock® Identity Management (IDM), which share ForgeRock® Directory Service (DS) as an identity store. The CDK is used to configure the Identity Platform and redeploy the updated configuration in an existing Kubernetes cluster. Students then create a new cluster to deploy the Platform by following the Cloud Deployment Model (CDM). Monitoring add-ons tools are included with the CDM example. The skills gained by performing deployments with the CDK and CDM reference examples, help you identify the Kubernetes cluster and the Platform configuration requirements needed for preparation to move deployments into other environments, such as test and production. The last chapter of the workshop explores the challenges of migrating an existing on-prem ForgeRock deployment to Kubernetes. This workshop uses the ForgeRock DevOps documentation set as a reference for the hands-on labs. Also, it is important that you have already successfully completed the relevant ForgeRock Core Concepts courses before attending this workshop. It is beneficial that you also have experience working with DevOps technology such as Kubernetes, Skaffold, Kustomize, Git, among other related tools. Note: Revision C of this course is based on the DevOps 7.1.0 documentation.
Upon completion of this course, you should be able to:
The target audiences for this course include:
The following are the prerequisites for successfully completing this course:
Introduce the ForgeOps toolset and documentation, get familiar with DevOps tools and deploy the ForgeRock® Identity Platform (Identity Platform) using the Cloud Deployment Kit (CDK). Lesson 1: Introducing ForgeRock DevOps Documentation and Examples Introduce the Identity Platform, describe how to use the ForgeRock DevOps documentation to deploy the Identity Platform to a shared cluster, and introduce the DevOps techniques and tools required for a successful deployment:Chapter 1: Introducing ForgeRock DevOps and the CDK
Lesson 2: Deploying the Identity Platform to GKE using the CDK
Use the DevOps Developer's Guide: CDK documentation to prepare the Kubernetes cluster, clone the forgeops repository, and deploy the Identity Platform to the Kubernetes cluster running in GKE:
- Prepare your DevOps environment
- Prepare to use an existing cluster for the Identity Platform
- Deploy the Identity Platform to a GKE cluster
- Verify the Identity Platform is deployed and accessible
- Work with basic DevOps commands to explore the Identity Platform
- Remove the Identity Platform deployment and clean up the environment
- Compare deployment of the Identity Platform on other cloud providers
Lesson 3: Troubleshooting When Problems Arise
Provide some troubleshooting tips to help diagnose issues that might occur while performing the hands-on portion of this workshop:
- Approaching troubleshooting of common issues in Kubernetes systematically
- Locating DevOps related troubleshooting references
- Running commands for troubleshooting environment issues
- Running commands for troubleshooting containerization issues
- Running commands for troubleshooting orchestration issues
- Identifying resources for getting additional support
Lesson 4: Deploying the Identity Platform with Custom Docker Images
To build and push Docker images using a private Docker registry to deploy the Identity Platform with customized configurations of ForgeRock® Access Management (AM), ForgeRock® Identity Management (IDM), and ForgeRock® Identity Gateway (IG):
- Navigate the forgeops repository
- Describe data used during deployment of the Identity Platform
- Deploying the Identity Platform using a customized configuration profile
- Deploy the Identity Platform using a customized configuration profile
- Describe how to work with Kubernetes manifests and objects
- Describe how to use Kustomize overlays to modify Kubernetes objects
- Use Kustomize overlays to modify deployment configurations
Chapter 2: Working with the CDM
Configure the ForgeRock® Identity Platform (Identity Platform) using the Cloud Deployment Model (CDM).
Lesson 1: Managing Multiple Deployment Environments
Plan and prepare for moving the Identity Platform Cloud Deployment Model (CDM)-based deployment from the development or Proof of Concept (PoC) stage into a test, and ultimately a production environment:
- Manage multiple environments with Skaffold profiles and Kustomize
- Prepare for deployment to multiple environments
- Move from development to other environments using Property Value Substitution
Lesson 2: Preparing Your Environment for Deployment Based on the CDM
Explain the CDM, describe the requirements for setting up your deployment environment on GKE for the CDM, and deploy a new cluster based on one of the CDM configuration samples:
- Describe the CDM
- Describe the requirements for creating and setting up the deployment environment for the CDM
- Create a Kubernetes cluster
- Deploy the Secret Agent Operator
- Deploy an ingress controller on the cluster
- Deploy the certificate manager on the cluster
- Deploy the monitoring tools on a cluster
- Set up your local environment to push Docker images
Lesson 3: Deploying the CDM
Deploy the Identity Platform using the CDM "small" profile:
- Deploy the CDM
Chapter 3: Building a Staging Environment
Use the provided ForgeRock scripts to add monitoring, run benchmarks, and explore the backup and restore tools for the ForgeRock® Identity Platform (Identity Platform). Build your custom base Docker images. Manage Secrets.
Lesson 1: Monitoring and Benchmarking Your Deployment
Deploy the Prometheus and Grafana monitoring tools within your deployed cluster and monitor your Kubernetes deployment objects and Identity Platform components. Generate test load and benchmark the deployment (optional):
- Describe the monitoring infrastructure for the CDM
- Deploy the monitoring tools on a cluster
- Monitor the CDM deployment
- Benchmark the CDM deployment for monitoring (optional)
Lesson 2: Backing Up and Restoring the Identity Platform
Describe how to back up and restore the Identity Platform on a Kubernetes cluster:
- Describe backup and restore with CDM
- Enable scheduled backups, initiate a backup, and export user data
Lesson 3: Building Your Own Base Docker Images
Build your own base Docker image and reference it in the related product's Dockerfile for a CDK or CDM deployment of the Identity Platform with your customizations:
- Overview of building custom base Docker images
- Prepare ForgeRock software for your own base Docker images
- Create your own base Docker images
- Deploy your own base Docker images
Lesson 3: Handling Secrets
Describe and handle secrets for securing access to components deployed with your configuration of the Identity Platform:
- Overview of the forgeops secret generation
- Managing secrets
Chapter 4: Migrating an On-Prem Deployment to Kubernetes
Migrate the FEC Portal sample application to Kubernetes.
Lesson 1: General Considerations
Discuss how to migrate an existing, on-prem deployment to Kubernetes, learn about planning the migration, and securing a production environment:
- Plan the migration
- Production Considerations
- Prepare your environment
Lesson 2: Migrating an On-Prem DS Configuration to Kubernetes
Discuss how to migrate an existing DS configuration to Kubernetes, and then implement the migration tasks for the given FEC Portal use case:
- Discuss how you can migrate an existing DS configuration to Kubernetes
- Migrate the DS configuration and sample user data using the CDK
Lesson 3: Migrating an On-Prem AM Configuration to Kubernetes
Discuss how to migrate an existing AM configuration to Kubernetes, and then implement the migration tasks for the given FEC Portal use case:
- Discuss how you can migrate an existing AM configuration to Kubernetes
- Migrate an existing AM configuration to Kubernetes
- Discuss how to customize the AM web application
- Customize the AM web application during deployment
Lesson 3: Migrating an On-Prem IDM Configuration to Kubernetes
Discuss how to migrate a previous IDM deployment to Kubernetes and implement the migration tasks for the given FEC Portal use case:
- Discuss how you can migrate an existing IDM configuration to Kubernetes
- Migrate the configuration from an on-prem IDM to the CDK
- Migrate identity data from a previous version of IDM to Kubernetes
Questions?
Whether you need assistance scheduling a class for yourself or for your group, GCA's Education Account Manager's will craft a customized training solution to meet the needs of your organization.