Deploying the ForgeRock Identity Platform™ Using DevOps Techniques
Deploying the ForgeRock Identity Platform™ Using DevOps Techniques (FR-523 Revision A.1)
This expert-led workshop leads students through the ForgeRock DevOps documentation set to learn how to deploy all of the ForgeRock Identity Platform software components to a Kubernetes cluster running in the Google Kubernetes Environment (GKE). It then explores how you can use the DevOps Cloud Deployment Model Cookbook to standardize and simplify the deployment of the ForgeRock Identity Platform in a production-quality Kubernetes cloud environment. An optional chapter is included at the end of the workshop that explores how you can get started migrating the ForgeRock Entertainment Company (FEC) portal configuration from the core concepts courses to Kubernetes using the DevOps techniques covered in the documentation.
This workshop uses the DevOps documentation set as your reference for the hands-on labs instead of a dedicated Student Workbook as with the core concepts courses. You work with your instructor to improvise any steps that are necessary for the given lab environment. Also, it is important that you have already successfully completed the core concepts courses before attending this workshop, and you have experience working with Kubernetes and Helm.
Note: Revision A.1 of this course is built on version 6.5.2 of the ForgeRock Identity Platform. Also note that the optional Chapter 4 is not usually covered within the three days allocated for the workshop.
This workshop is aimed at technical audiences who are responsible for deploying the ForgeRock Identity Platform to Kubernetes and managing the platform as a whole in a Kubernetes environment. This includes, but is not limited to, those with the following responsibilities:
- Developers who are responsible for deploying and configuring ForgeRock Identity Platform in a DevOps development environment and helping others migrate those deployments to production.
- Other technical audiences, such as system integrators, consultants, architects, administrators, and sales/support engineers who need to learn how to deploy the ForgeRock Identity Platform to Kubernetes using DevOps techniques.
Upon completion of this course, you should be able to:
- Work through the instructions in the ForgeRock DevOps Quick Start Guide, DevOps Release Notes, and DevOps Developer’s Guide to deploy the ForgeRock Identity Platform to a Kubernetes cluster running in GKE using the default ForgeRock DevOps Examples.
- Use Chapters 4, 5, and 6 of the ForgeRock DevOps Developer’s Guide to deploy each of the ForgeRock Identity Platform components with a custom configuration. Note that you will need your own Git repository, such as a free account on GitHub, to work with the ForgeRock Identity Platform component configurations.
- Explore how to use the ForgeRock DevOps Cloud Deployment Model Cookbook for GKE (the cookbook) to standardize and simplify the deployment of the ForgeRock Identity Platform in a production-quality Kubernetes cloud environment. Note that this will mainly be a discussion, with a demonstration by your instructor.
- Optionally, explore how you can get started migrating the FEC Portal configuration from the ForgeRock University core concepts courses to a Kubernetes environment. You use the techniques learned earlier to start the migration of an existing ForgeRock Identity Platform deployment to Kubernetes. You work with your instructor to discuss the migration challenges and work with the existing FEC Portal deployment available in the lab to implement some of the migration tasks.
Note that a handout is included with the workshop to help you stay on track and provide topics for discussion. The handout is not a workbook with detailed, step-by-step instructions.
The following are the prerequisites for successfully completing this course:
- Completion of the ForgeRock University core concept courses (AM-400, IDM-400, DS-400, IG-400 (optional)):
- You should know how to configure and administer ForgeRock® Directory Services (DS), ForgeRock® Access Management (AM), Amster, ForgeRock® Identity Management (IDM), and ForgeRock® Identity Gateway (IG).
- You should know how to use the appropriate commands and user interfaces for each component.
- Knowledge and experience working with Linux, Docker, Kubernetes, Helm, GKE, Google Cloud SDK, and GitHub for working with the labs and understanding the DevOps examples. Following are some examples of the knowledge and skills you should have before attending this workshop:
- Run administrator-level commands in a Linux Terminal window and understand their output.
- Install the various DevOps tools, like Docker, Kubernetes, Helm, and others in a Linux environment.
- Run various Kubernetes commands to deploy pods, query pods, and query cluster objects.
- Use the kubectl command for operating within a cluster, and connect to containers running in the pod for diagnostic purposes.
- Read and modify a Helm chart and use the helm command to manage releases
- Have a GitHub account and use the Git commands to fork, clone, pull, and push changes to a Git repository.
Chapter 1: Deploying the ForgeRock Identity Platform Using the ForgeRock DevOps Examples
Lesson 1: Overview of the ForgeRock DevOps Documentation and Examples
- Review the ForgeRock Identity Platform announcement and access the ForgeRock DevOps documentation
- Review the DevOps documentation available for the ForgeRock Identity Platform
- Access your assigned CloudShare lab environment
- Verify the DevOps third-party tools on the CloudShare VM
Lesson 2: Deploying the ForgeRock DevOps Examples to GKE
- Review the DevOps Developer’s Guide
- Implement a cloud DevOps environment on GKE
- Deploy the ForgeRock Identity Platform on Kubernetes using the default DevOps example
- Remove the deployed platform and cleanup the environment
- Describe the differences deploying the ForgeRock DevOps Examples to other cloud providers
Lesson 3: Troubleshooting the ForgeRock Identity Platform Running in a Kubernetes Cluster
- Describe a systematic approach to troubleshooting common issues in a Kubernetes environment
- Run commands for troubleshooting environment issues
- Run commands for troubleshooting containerization issues
- Run commands for troubleshooting orchestration issues
- Describe the resources for getting additional support through the community and ForgeRock commercial support
Chapter 2: Deploying the ForgeRock Identity Platform Individual Components Using the ForgeRock DevOps Examples
Lesson 1: Working With the ForgeRock Public Git Repositories
- Describe the role of the public ForgeRock Git repositories
- Create a configuration repository for your deployments
- Configure and install the frconfig Helm chart
Lesson 2: Deploying the AM and DS Example
- Describe the DevOps features and limitations for deploying AM and DS using DevOps techniques
- Deploy the AM and DS example in your namespace
- Modify the AM configuration and synchronize the changes with the configuration repository
Lesson 3: Deploying the IDM Example
- Describe the DevOps features and limitations for deploying IDM using DevOps techniques
- Deploy the IDM example to your namespace
- Modify the IDM configuration and synchronize the changes with the configuration repository
Lesson 4: Deploying the IG Example
- Describe the DevOps features and limitations for deploying IG using DevOps techniques
- Deploy the IG example in your namespace
- Discuss options for modifying and redeploying IG after deployment
Chapter 3: Exploring the Cloud Deployment Model Cookbook for GKE to Migrate from Development to Production
Lesson 1: Overview of the Cloud Deployment Model Cookbook for GKE
- Describe the role of the Cloud Deployment Model and related cookbook instructions
Lesson 2: Setting Up the Deployment Environment With Monitoring
- Review the additional requirements for setting up a GCP project for the CDM
- Review the additional requirements for creating and setting up a Kubernetes cluster for the CDM
- Demonstrate deploying the CDM monitoring tools
Chapter 4: Getting Started Migrating an Existing Deployment to Kubernetes
Lesson 1: Migrating an Existing DS and AM Configuration to Kubernetes
- Discuss how you can migrate an existing DS and AM configuration to Kubernetes
- Migrate the DS configuration and sample user data
- Update your Amster pod configuration for an existing AM deployment
- Migrate an existing AM configuration to Kubernetes
- Customize the AM web application during deployment
Lesson 2: Migrating an Existing IDM Configuration to Kubernetes
- List the challenges of migrating IDM to Kubernetes
- Implement the required changes to IDM to update IDM from a previous release
- Migrate a server configuration from a previous version of IDM to Kubernetes
- Migrate user data from a previous version of IDM to Kubernetes
Lesson 3: Building and Pushing Docker Images for the ForgeRock Identity Management Platform
- Describe how you can build and push Docker images for the ForgeRock Identity Platform