ForgeOps

Staged installation

By default, the forgeops apply command installs the entire Ping Identity Platform.

You can also install the platform in stages to help troubleshoot deployment issues.

To install the platform in stages:

  1. Verify that you have set up your environment and created a Kubernetes cluster as documented in the setup section.

  2. Enable the Python3 virtual environment:

    $ source .venv/bin/activate

  3. The configuration of a ForgeOps deployment is steered through the use of Kustomize overlays or Helm values. Use the forgeops env command to set up the Kustomize overlays and Helm values files to configure your ForgeOps deployment environment:

    On cloud platforms

    • If you want to use the issuer provided with the platform for demo, then you can use default-issuer.

    • For a clusters on a cloud environment specify the --deployment-size as --small, --medium, or --large.

    • For a single-instance deployment, specify --deployment-size as --single-instance.

      $ cd /path/to/forgeops/bin
$ ./forgeops env --env-name my-env --fqdn my-fqdn --cluster-issuer my-cluster-issuer --deployment-size

      In the command above, replace my-fqdn, my-cluster-issuer, and --deployment-size with appropriate values from your environment.

    On Minikube

    In a Minikube environment, use the single instance deployment. For example:

    $ cd /path/to/forgeops/bin
$ ./forgeops env --env-name my-env --fqdn my-fqdn \
  --cluster-issuer my-cluster-issuer --single-instance

    Learn more about deployment sizes in Cluster and deployment sizes and about single instances here.

  4. Install the base and ds components first. Other components have dependencies on these two components:

    1. Install the platform base component:

      $ cd /path/to/forgeops/bin
$ ./forgeops apply base --env-name my-env
...
configmap/platform-config created
Warning: spec.privateKey.rotationPolicy: In cert-manager >= v1.18.0, the default value changed from Never to Always.
certificate.cert-manager.io/ds-master-cert created
certificate.cert-manager.io/ds-ssl-cert created
issuer.cert-manager.io/selfsigned-issuer created
secretagentconfiguration.secret-agent.secrets.forgerock.io/forgerock-sac created
Waiting for secrets to be ready.
...
Relevant passwords:
...

Relevant URLs:
...

    2. After you’ve installed the base component, install the ds component:

      $ ./forgeops apply ds --env-name my-env
service/ds-cts created
statefulset.apps/ds-cts created
service/ds-idrepo created
statefulset.apps/ds-idrepo created
configmap/ds-set-passwords-scripts created
job.batch/ds-set-passwords created

  5. Install the other Ping Identity Platform components. You can either install all the other components by using the forgeops apply apps command, or install them separately:

    1. Install AM:

      $ ./forgeops apply am --env-name my-env

configmap/am-entrypoint created
configmap/am-import-pem-certs created
configmap/am-logback created
service/am created
deployment.apps/am created
ingress.networking.k8s.io/am created
Targeting namespace: my-ns

    2. Install Amster:

      $ ./forgeops apply amster --env-name my-env
job.batch/amster created

    3. Install IDM:

      $ ./forgeops apply idm --env-name my-env
configmap/idm created
configmap/idm-import-pem-certs created
configmap/idm-logback-xml created
configmap/idm-logging-properties created
service/idm created
deployment.apps/idm created
ingress.networking.k8s.io/idm created

  6. Install the user interface components. You can either install all the applications by using the forgeops apply ui command, or install them separately:

    1. Install the administration UI:

      $ ./forgeops apply admin-ui --env-name my-env
name my-env
service/admin-ui created
deployment.apps/admin-ui created
ingress.networking.k8s.io/admin-ui created

    2. Install the login UI:

      $ ./forgeops apply login-ui --env-name my-env
service/login-ui created
deployment.apps/login-ui created
ingress.networking.k8s.io/login-ui created

    3. Install the end user UI:

      $ ./forgeops apply end-user-ui --env-name my-env
name my-env
service/end-user-ui created
deployment.apps/end-user-ui created
ingress.networking.k8s.io/end-user-ui created

  7. In a separate terminal tab or window, run the kubectl get pods command to monitor status of the deployment. Wait until all the pods are ready.

Multiple component installation

You can specify multiple components with a single forgeops apply command. For example, to install the base, ds, am, and amster components in a ForgeOps deployment:

$ ./forgeops apply base ds am amster --env-name my-env