Cloud Series: Accelerate Your Own ForgeRock Cloud Deployment
If you have a robust DevOps team and you want to deploy the ForgeRock Identity Platform on Kubernetes, we have some good news. ForgeRock has simplified its reference cloud deployment. This includes new, lighter documentation, a new tool set that includes Skaffold, Kustomize, and Pulumi, to simplify cluster creation, which shortens the deployment process from one week to as little as half a day.
Cloud Deployment Model
Our Cloud Deployment Model (CDM) is a way for your DevOps team to spin up the ForgeRock Identity Platform in a public cloud such as Amazon, Google, or Microsoft Azure. We provide a GitHub repository and the online documentation needed to get your DevOps team started.
We’ve streamlined and simplified our quick start guide and documentation. We’ve created a new Cloud Developer's Kit (CDK), updating what was previously known as DevOps Examples. For more information, see "About the Cloud Developer's Kit" in the DevOps Developer's Guide: Using Minikube.
Both the CDK and the CDM now use uniformly comprehensive Access Management (AM) and Identity Management (IDM) configurations. The examples in the documentation better illustrate full-featured configurations and are no longer based on minimally viable configurations.
For the CDM, the new Cloud Deployment Cookbooks for Google Cloud Services, Microsoft Azure, and Amazon AWS are each now 40% shorter in length. The decrease in documentation length means an increase in the return on the time invested. With the old cookbooks, the time to deploy a Kubernetes version of ForgeRock was about a week. With the new documentation, it is now about half a day.
The acceleration is also attributable to the release of new tools. The GitHub forgeops repository contains new artifacts that let you deploy the ForgeRock Identity Platform using the Skaffold framework. This allows you to:
- Quickly and easily start the ForgeRock Identity Platform.
- Modify the AM, IDM, and Identity Gateway (IG) configurations.
- Build updated Docker images that include your configuration changes.
- Restart the ForgeRock Identity Platform with the updated Docker images.
Before you can use Skaffold with the ForgeRock Identity Platform, you'll need to install Skaffold software on your local computer. See the DevOps Developer's Guides for more information.
No More Helm
We no longer use Helm to orchestrate the ForgeRock Identity Platform on Kubernetes. We now use the Kustomize framework to orchestrate AM, Directory Services (DS), IDM, and IG on Kubernetes. Before you can use the Kustomize framework with ForgeRock Identity Platform, you'll need to install Kustomize software on your local computer. See the DevOps Developer's Guides for more information.
This revision uses Pulumi scripts to create clusters for CDM deployments. The previous version used a set of bash scripts for cluster creation. These scripts have been removed from the forgeops repository. For information about how to create Kubernetes clusters for the CDM using Pulumi, see the Creating and Setting up a Kubernetes Cluster sections in the CDM Cookbooks.
More Simplification, More Security
The version of the CDM Cookbook for AKS is no longer evaluation-only. We're supporting Azure in production. The revised CDM Cookbook for AKS now includes:
- The CDM deployment topology on Azure now matches the CDM deployment topology on GCP and AWS.
- Pulumi scripts demonstrate AKS cluster creation.
- Benchmark results are available for a sample deployment with 10,000,000 users.
There are also security enhancements in our CDM. The new ForgeRock secrets generator randomly generates all secrets for AM, IDM, and DS services running in the CDK and the CDM. Random secrets generation greatly improves security for CDK and CDM deployments from previous versions. The secrets generator runs as a Kubernetes job before AM, IDM, and DS are deployed.
Watch this webinar with ForgeRock Engineering Director, Warren Strange and Hub City Media CTO and Founder, Steve Giovannetti. Get a deep technical look at the architecture behind a containerized IAM solution and what your team needs for a successful deployment.
Learn more here.