Deploying the ForgeRock Identity Platform™ Using DevOps Techniques
Deploying the ForgeRock Identity Platform™ Using DevOps Techniques (FR-523)
This expert-led workshop leads students through the ForgeRock DevOps documentation set to learn how to deploy all of the ForgeRock Identity Platform software components to a Kubernetes cluster running in the Google Kubernetes Environment (GKE). It then explores how you can use the DevOps Cloud Deployment Model Cookbook to standardize and simplify the deployment of the ForgeRock Identity Platform in a production-quality Kubernetes cloud environment. An optional chapter is included at the end of the workshop that explores how you can get started migrating the ForgeRock Entertainment Company (FEC) portal configuration from the core concepts courses to Kubernetes using the DevOps techniques covered in the documentation.
This workshop uses the DevOps documentation set as your reference for the hands-on labs instead of a dedicated Student Workbook as with the core concepts courses. You work with your instructor to improvise any steps that are necessary for the given lab environment. Also, it is important that you have already successfully completed the core concepts courses before attending this workshop, and you have experience working with Kubernetes and Helm.
Note: Revision A of this course is built on version 6.5.1 of the ForgeRock Identity Platform. Also note that the optional chapter is not usually covered within the three days allocated for the workshop.
This workshop is aimed at technical audiences who are responsible for deploying the ForgeRock Identity Platform to Kubernetes and managing the platform as a whole in a Kubernetes environment. This includes, but is not limited to, those with the following responsibilities:
- Developers who are responsible for deploying and configuring ForgeRock Identity Platform in a DevOps development environment and helping others migrate those deployments to production.
- Other technical audiences, such as system integrators, consultants, architects, administrators, and sales/support engineers who need to learn how to deploy the ForgeRock Identity Platform to Kubernetes using DevOps techniques.
Upon completion of this course, you should be able to:
- Work through the instructions in the ForgeRock DevOps Quick Start Guide, DevOps Release Notes, and DevOps Developer’s Guide to deploy the ForgeRock Identity Platform to a Kubernetes cluster running in GKE using the default ForgeRock DevOps Examples.
- Use Chapters 4, 5, and 6 of the ForgeRock DevOps Developer’s Guide to deploy each of the ForgeRock Identity Platform components with a custom configuration. Note that you will need your own Git repository, such as a free account on GitHub, to work with the ForgeRock Identity Platform component configurations.
- Explore how to use the ForgeRock DevOps Cloud Deployment Model Cookbook for GKE (the cookbook) to standardize and simplify the deployment of the ForgeRock Identity Platform in a production-quality Kubernetes cloud environment. Note that this will mainly be a discussion, with a demonstration by your instructor.
- Optionally, explore how you can get started migrating the FEC Portal configuration from the ForgeRock University core concepts courses to a Kubernetes environment. You use the techniques learned earlier to start the migration of an existing ForgeRock Identity Platform deployment to Kubernetes. You work with your instructor to discuss the migration challenges and work with the existing FEC Portal deployment available in the lab to implement some of the migration tasks.
Note that a handout is included with the workshop to help you stay on track and provide topics for discussion. The handout is not a workbook with detailed, step-by-step instructions.
The following are the prerequisites for successfully completing this course:
- Completion of the ForgeRock University core concept courses (AM-400 Rev B, IDM-400 Rev B, DS-400 Rev A):
- You should know how to configure and administer ForgeRock® Directory Services (DS), ForgeRock® Access Management (AM), Amster, ForgeRock® Identity Management (IDM), and ForgeRock® Identity Gateway (IG).
- You should know how to use the appropriate commands and user interfaces for each component.
- Knowledge and experience working with Linux, Docker, Kubernetes, Helm, GKE, Google Cloud SDK, and GitHub for working with the labs and understanding the DevOps examples. Following are some examples of the knowledge and skills you should have before attending this workshop:
- Run administrator-level commands in a Linux terminal window and understand their output.
- Install the various DevOps tools, like Docker, Kubernetes, Helm, and others in a Linux environment.
- Run various Kubernetes commands to deploy pods, query pods, and query cluster objects.
- Use the kubectl command for operating within a cluster, and connect to containers running in the pod for diagnostic purposes.
- Read and modify a Helm chart and use the helm command to manage releases
- Have a GitHub account and use the Git commands to fork, clone, pull, and push changes to a Git repository.
- Review the ForgeRock Identity Platform announcement and access the DevOps documentation
- Review the DevOps documentation available for the ForgeRock Identity Platform
- Verify the DevOps third-party tools and complete the developer tasks for implementing a DevOps environment
- Deploy the ForgeRock Identity Platform on Kubernetes using the default DevOps example
- Review the DevOps Developer’s Guide
- Implement a cloud DevOps environment on GKE
- Deploy the ForgeRock Identity Platform
- Remove the deployed platform and cleanup the environment
- Describe the differences deploying the ForgeRock DevOps Examples to other cloud providers
- Describe a systematic approach to troubleshooting common issues in a Kubernetes environment
- Run commands for troubleshooting environment issues
- Run commands for troubleshooting containerization issues
- Run commands for troubleshooting orchestration issues
- Describe the resources for getting additional support through the community and ForgeRock commercial support
Chapter 2: Deploying the ForgeRock Identity Platform Individual Components Using the ForgeRock DevOps Examples
- Describe the role of the ForgeRock Git repositories
- Create a configuration repository for your deployments
- Configure and install the frconfig Helm chart
- Describe the DevOps features and limitations for deploying AM and DS using DevOps techniques
- Deploy the AM and DS example
- Modify the AM configuration and synchronize the changes with the configuration repository
- Describe the DevOps features and limitations for deploying IDM using DevOps techniques
- Deploy the IDM example
- Modify the IDM configuration and push the changes to a configuration repository
- Describe the DevOps features and limitations for deploying IG using DevOps techniques
- Deploy the IG example
- Discuss options for modifying and redeploying IG after deployment
Chapter 3: Exploring the Cloud Deployment Model Cookbook for GKE to migrate from Development to Production
- Describe the role of the the cookbook instructions for implementing the Cloud Deployment Model (CDM), and how you can use the CDM with your deployment
- Review the additional requirements for setting up a Google Cloud Platform (GCP) project for the CDM
- Review the additional requirements for creating and setting up a Kubernetes cluster for the CDM
- Demonstrate deploying the CDM monitoring tools
Please note that this chapter is optional depending on the time constraints of the workshop. This chapter introduces students to the migration challenges and techniques you can use to migrate and existing non-DevOps deployment to Kubernetes.
- Discuss how you can migrate, or whether you should migrate, an existing DS and AM configuration to Kubernetes
- Migrate the DS configuration and sample user data
- Update your Amster pod configuration for an existing AM deployment
- Migrate an existing AM configuration to Kubernetes
- Customize the AM web application before installation using a script
- List the challenges of migrating IDM to Kubernetes and describe a method or plan for that migration
- Implement the required changes to IDM to update IDM from a previous release
- Migrate a server configuration from a previous version of IDM to Kubernetes
- Migrate user data from a previous version of IDM to Kubernetes
- Describe how you can build and push Docker images for the ForgeRock Identity Platform