Configuring the ForgeRock® Identity Platform in a DevOps Environment (FR-523 Revision C)

Description

This expert-led workshop guides students through the deployment of the ForgeRock Identity Platform™ (the Platform) on a Kubernetes cluster running in Google Kubernetes Environment (GKE).

The workshop initially describes how to use the ForgeRock Cloud Developer's Kit (CDK) to deploy a sample configuration of the Platform, which includes ForgeRock® Access Management (AM) and ForgeRock® Identity Management (IDM), which share ForgeRock® Directory Service (DS) as an identity store.

The CDK is used to configure the Platform and redeploy the updated configuration in an existing Kubernetes cluster.

Students then create a new cluster using Pulumi tools and deploy the Platform by following the Cloud Deployment Model (CDM). Monitoring add-ons tools are included with the CDM example. The skills gained by performing deployments with the CDK and CDM reference examples, help you identify the Kubernetes cluster and the Platform configuration requirements needed for preparation to move deployments into other environments, such as test and production.

The CDK is used to configure the Platform and redeploy the updated configuration in an existing Kubernetes cluster.

Students then create a new cluster deploy the Platform by following the Cloud Deployment Model (CDM). Monitoring add-ons tools are included with the CDM example. The skills gained by performing deployments with the CDK and CDM reference examples, help you identify the Kubernetes cluster and the Platform configuration requirements needed for preparation to move deployments into other environments, such as test and production.

The last chapter of the workshop explores the challenges of migrating an existing on-prem ForgeRock deployment to Kubernetes.

This workshop uses the ForgeRock DevOps documentation set as a reference for the hands-on labs.

Also, it is important that you have already successfully completed the relevant ForgeRock Core Concepts courses before attending this workshop. It is beneficial that you also have experience working with DevOps technology such as Kubernetes, Skaffold, Kustomize, Git, among other related tools.

Note: Revision C of this course is based on the DevOps 7.1.0 documentation.

Target Audiences

The target audiences for this course include:

  • Developers who customize and deploy ForgeRock® Access Management (AM), ForgeRock® Directory Server (DS), and ForgeRock® Identity Management (IDM) components.
  • Deployment engineers who routinely set up Kubernetes clusters and deploy integrated software in the cloud.
  • Site engineers who configure the Kubernetes cluster and who launch the Platform into production.

Objectives

Upon completion of this course, you should be able to:

  • Introduce the ForgeOps toolset and documentation, get familiar with DevOps tools and deploy the ForgeRock® Identity Platform (Identity Platform) using the Cloud Deployment Kit (CDK)
  • Configure the ForgeRock® Identity Platform (Identity Platform) using the Cloud Deployment Model (CDM)
  • Use the provided ForgeRock scripts to add monitoring, run benchmarks, and explore the backup and restore tools for the ForgeRock® Identity Platform (Identity Platform). Build your custom base Docker images. Manage Secrets
  • Migrate the FEC Portal sample application to Kubernetes

Prerequisites

The following are the prerequisites for successfully completing this course:

 

Duration

3 days


Course Contents

 

Introducing ForgeRock DevOps and the CDK

Introduce the ForgeOps toolset and documentation, get familiar with DevOps tools and deploy the ForgeRock® Identity Platform (Identity Platform) using the Cloud Deployment Kit (CDK).

Lesson 1: Introducing ForgeRock DevOps Documentation and Examples

Introduce the Identity Platform, describe how to use the ForgeRock DevOps documentation to deploy the Identity Platform to a shared cluster, and introduce the DevOps techniques and tools required for a successful deployment:

  • Describe the Identity Platform and related DevOps techniques for deploying the Identity Platform to Kubernetes
  • Access your CloudShare lab environment and developer desktop
  • Access your associated GCP account for deploying the Identity Platform
  • Describe the ForgeRock DevOps documentation and the CDK and CDM methods of deployment
  • Describe the DevOps tools for deployment and deploy a simple application to validate the environment
  • Deploy a simple application to validate the tools and environment

Lesson 2: Deploying the Identity Platform to GKE using the CDK

Use the DevOps Developer’s Guide: CDK documentation to prepare the Kubernetes cluster, clone the forgeops repository, and deploy the Identity Platform to the Kubernetes cluster running in GKE:

  • Prepare your DevOps environment
  • Prepare to use an existing cluster for the Identity Platform
  • Deploy the Identity Platform to a GKE cluster
  • Verify the Identity Platform is deployed and accessible
  • Work with basic DevOps commands to explore the Identity Platform
  • Remove the Identity Platform deployment and clean up the environment
  • Compare deployment of the Identity Platform on other cloud providers

Lesson 3: Troubleshooting When Problems Arise

Provide some troubleshooting tips to help diagnose issues that might occur while performing the hands-on portion of this workshop:

  • Approaching troubleshooting of common issues in Kubernetes systematically
  • Locating DevOps related troubleshooting references
  • Running commands for troubleshooting environment issues
  • Running commands for troubleshooting containerization issues
  • Running commands for troubleshooting orchestration issues
  • Identifying resources for getting additional support

Lesson 4: Deploying the Identity Platform with Custom Docker Images

To build and push Docker images using a private Docker registry to deploy the Identity Platform with customized configurations of ForgeRock® Access Management (AM), ForgeRock® Identity Management (IDM), and ForgeRock® Identity Gateway (IG):

  • Navigate the forgeops repository
  • Describe data used during deployment of the Identity Platform
  • Deploying the Identity Platform using a customized configuration profile
  • Deploy the Identity Platform using a customized configuration profile
  • Describe how to work with Kubernetes manifests and objects
  • Describe how to use Kustomize overlays to modify Kubernetes objects
  • Use Kustomize overlays to modify deployment configurations

 

Chapter 2: Working with the CDM

Configure the ForgeRock® Identity Platform (Identity Platform) using the Cloud Deployment Model (CDM).

Lesson 1: Managing Multiple Deployment Environments

Plan and prepare for moving the Identity Platform Cloud Deployment Model (CDM)-based deployment from the development or Proof of Concept (PoC) stage into a test, and ultimately a production environment:

  • Manage multiple environments with Skaffold profiles and Kustomize
  • Prepare for deployment to multiple environments
  • Move from development to other environments using Property Value Substitution

Lesson 2: Preparing Your Environment for Deployment Based on the CDM

Explain the CDM, describe the requirements for setting up your deployment environment on GKE for the CDM, and deploy a new cluster based on one of the CDM configuration samples:

  • Describe the CDM
  • Describe the requirements for creating and setting up the deployment environment for the CDM
  • Create a Kubernetes cluster
  • Deploy the Secret Agent Operator
  • Deploy an ingress controller on the cluster
  • Deploy the certificate manager on the cluster
  • Deploy the monitoring tools on a cluster
  • Set up your local environment to push Docker images

Lesson 3: Deploying the CDM

Deploy the Identity Platform using the CDM “small” profile:

  • Deploy the CDM
  • Deploy the CDM

 

Chapter 3: Building a Staging Environment

Use the provided ForgeRock scripts to add monitoring, run benchmarks, and explore the backup and restore tools for the ForgeRock® Identity Platform (Identity Platform). Build your custom base Docker images. Manage Secrets.

Lesson 1: Monitoring and Benchmarking Your Deployment

Deploy the Prometheus and Grafana monitoring tools within your deployed cluster and monitor your Kubernetes deployment objects and Identity Platform components. Generate test load and benchmark the deployment (optional):

  • Describe the monitoring infrastructure for the CDM
  • Deploy the monitoring tools on a cluster
  • Monitor the CDM deployment
  • Benchmark the CDM deployment for monitoring (optional)

Lesson 2: Backing Up and Restoring the Identity Platform

Describe how to back up and restore the Identity Platform on a Kubernetes cluster:

  • Describe backup and restore with CDM
  • Enable scheduled backups, initiate a backup, and export user data

Lesson 3: Building Your Own Base Docker Images

Build your own base Docker image and reference it in the related product’s Docker file for a CDK or CDM deployment of the Identity Platform with your customisations:

  • Overview of building custom base Docker images
  • Prepare ForgeRock software for your own base Docker images
  • Create your own base Docker images
  • Deploy your own base Docker images

Lesson 3: Handling Secrets

Describe and handle secrets for securing access to components deployed with your configuration of the Identity Platform:

  • Overview of the forgeops secret generation
  • Managing secrets

 

Chapter 4: Migrating an On-Prem Deployment to Kubernetes

Migrate the FEC Portal sample application to Kubernetes.

Lesson 1: General Considerations

Discuss how to migrate an existing, on-prem deployment to Kubernetes, learn about planning the migration, and securing a production environment:

  • Plan the migration
  • Production Considerations
  • Prepare your environment

Lesson 2: Migrating an On-Prem DS Configuration to Kubernetes

Discuss how to migrate an existing DS configuration to Kubernetes, and then implement the migration tasks for the given FEC Portal use case:

  • Discuss how you can migrate an existing DS configuration to Kubernetes
  • Migrate the DS configuration and sample user data using the CDK

Lesson 3: Migrating an On-Prem AM Configuration to Kubernetes

Discuss how to migrate an existing AM configuration to Kubernetes, and then implement the migration tasks for the given FEC Portal use case:

  • Discuss how you can migrate an existing AM configuration to Kubernetes
  • Migrate an existing AM configuration to Kubernetes
  • Discuss how to customize the AM web application
  • Customize the AM web application during deployment

Lesson 3: Migrating an On-Prem IDM Configuration to Kubernetes

Discuss how to migrate a previous IDM deployment to Kubernetes and implement the migration tasks for the given FEC Portal use case:

  • Discuss how you can migrate an existing IDM configuration to Kubernetes
  • Migrate the configuration from an on-prem IDM to the CDK
  • Migrate identity data from a previous version of IDM to Kubernetes
Train Your Team with ForgeRock Private Training

Request a Private Event

Available Courses
Configuring the ForgeRock® Identity Platform in a DevOps Environment
(FR-523-BVP Rev C)
Tech Data UK - Europe Various
Dec 6, 2021 - Dec 8, 2021
Language: en

Configuring the ForgeRock® Identity Platform in a DevOps Environment
(FR-523-BVP Rev C)
ExitCertified - Americas Various
Jan 19, 2022 - Jan 21, 2022

Configuring the ForgeRock® Identity Platform in a DevOps Environment
(FR-523-BVP Rev C)
Tech Data UK - Europe Various
Feb 14, 2022 - Feb 16, 2022

Configuring the ForgeRock® Identity Platform in a DevOps Environment
(FR-523-BVP Rev C)
ExitCertified - Americas Various
Mar 22, 2022 - Mar 24, 2022

Configuring the ForgeRock® Identity Platform in a DevOps Environment
(FR-523-BVP Rev C)
Tech Data UK - Europe Various
Jun 6, 2022 - Jun 8, 2022

Configuring the ForgeRock® Identity Platform in a DevOps Environment
(FR-523-BVP Rev C)
ExitCertified - Americas Various
Jun 14, 2022 - Jun 16, 2022

Configuring the ForgeRock® Identity Platform in a DevOps Environment
(FR-523-BVP Rev C)
ExitCertified - Americas Various
Sep 7, 2022 - Sep 10, 2022

Configuring the ForgeRock® Identity Platform in a DevOps Environment
(FR-523-BVP Rev C)
ExitCertified - Americas Various
Nov 15, 2022 - Nov 17, 2022