ForgeOps 2025.2
release notes
Subscribe to the
ForgeOps
2025.2 RSS feed to get notification when there’s an update to
ForgeOps 2025.2
documentation.
Learn more about configuring GitHub notifications here so you can get notified on ForgeOps releases. |
Important information for this ForgeOps release:
Validated Kubernetes, Ingress-NGINX Controller, HAProxy Ingress, cert-manager, and operator versions for deploying Ping Identity Platform 2025.2.0 |
|
Limitations when deploying Ping Identity Platform |
|
More information about the evolving nature of the |
|
Legal notices |
|
Archive of release notes in 2024 and before are available from ForgeOps release 7.5 documentation |
|
Archive of release notes in 2023 and before are available from ForgeOps release 7.4 documentation |
2025
August 27, 2025
Release 2025.2
Highlighted new features
The main highlights of ForgeOps release 2025.2 are covered in the What’s new in ForgeOps 2025.2. Additional improvements and bug fixes are covered here.
Other improvements
- New secret agent release available
-
We’ve released the new secret agent 1.2.7 to resolve the latest security vulnerabilities.
- New Ping Identity Platform product versions available
-
PingIDM 7.4.1 and 7.5.2 and PingGateway 2025.6.0 are available to deploy with
forgeops
tooling. - Option to provision keystores without the secret agent
-
When
secret-generator
andkeystore-create
Kubernetes jobs are enabled, a single keystore is created for PingAM and PingIDM, and the keystore configurations are consolidated under thekeystore_create.config
Helm values. - Truststore no longer provisioned by the secret agent
-
OpenSSL now provides the default root certificate authorities. Users can provide additional certificates through the Helm chart.
- Removed curl from
ldif-importer
andamster
jobs -
Curl often has security vulnerabilities, and it has been removed from
ldif-importer
and amster jobs. Curl has been replaced with:-
ldapsearch
inldif-importer
job. -
wget
inamster
job.
-
- New forgeops prereqs command
-
This command replaces
charts/scripts/install-prereqs
. The prerequisite settings have been moved into theforgeops.conf
file. Learn more at prerequisites reference. - New forgeops rotate command
-
This new command helps with no downtime in DS password rotations for the ds-env-secrets and ds-passwords secrets. It creates
old-ds-env-secrets
andold-ds-passwords
secrets that are used by theds-set-passwords
job and theinit
container to maintain the old passwords during the rotation process. - New forgeops upgrade command
-
Use this command to upgrade existing Kustomize overlays. It is used to update the
secrets
child overlay with the new structure and to update the ForgeOps-provided default overlay in the future.If you use an alternate default overlay, upgrade that one first. Test the upgraded overlay to ensure that all your customizations are retained.
- Expanded section on alternate release files
-
Customers who need to build their own container images can create their own release files so
forgeops image
andforgeops info
commands can work with these custom images.
Fixes
- Fix forgeops amster import/export commands
-
Reordered the patches in the
amster/upload
andamster/export
sub overlays to manage amster configuration correctly. - Renamed
FORGEOPS_ROOT
toFORGEOPS_DATA
-
To reduce confusion, the optional
FORGEOPS_ROOT
environment variable is renamedFORGEOPS_DATA
. Theforgeops
command prompts and fixes this in the~/.forgeops.conf
file ifFORGEOPS_ROOT
is detected. - Stop AM failing if the
openam
container restarts -
Ensure the
openam
container has access to the defaultboot.json
when something causes the container to restart. This is because thefbc-init
init container doesn’t run when theopenam
container restarts so the defaultboot.json
isn’t set for startup. - Fixed a bug in the forgeops info command
-
The forgeops info -e my-env command would throw an exception when an image has a tag that is not in the form
x.y.z
. This was due to a bug inlib.python.releases.is_valid_release()
. It now returnsfalse
if a tag doesn’t match that pattern. - Fixed a bug in the forgeops build command
-
The forgeops build command didn’t work properly if the proper tag was not provided. It now will use
latest
if a tag is not specified.
July 22, 2025
Documentation updates
- Limitations updated
-
Learn more about the updated ForgeOps limitations Limitations.
- The ldif-importer job renamed ds-set-passwords
-
The ldif-importer Kubernetes job was used for setting and importing DS passwords. The Kubernetes job is renamed ds-set-passwords to clearly state it’s purpose.
July 11, 2025
Documentation updates
- Updated support page
-
The support page has been updated to clarify the product lifecycle support. Learn more at ForgeOps Lifecycle Policy.
July 8, 2025
Documentation updates
- Documented the forgeops prereqs command
-
Added the forgeops prereqs command and replaced install-prereqs to install ForgeOps prerequisites. Learn more in the forgeops prereqs command reference.
July 1, 2025
Documentation updates
- Added the secret generator in technical preview
-
Included a new technical preview section highlighting the use secret generator as the secret management utility. Learn more in Secret Generator.
June 4, 2025
Documentation updates
- Added reference for secrets
-
Included a section to describe the different Kubernetes secrets used in ForgeOps. Learn more in Secrets Reference.
May 21, 2025
Documentation updates
- Workaround for AM base image creation
-
The script used for generating AM base image from AM zip file had a flaw. A workaround has been documented. Learn more in Base Docker images.
May 6, 2025
Documentation updates
- Updated AM version to 8.1.0
-
Steps to build customized base images are updated to use
AM-8.1.0
. Learn more at Base Docker images. - Updated Java version
-
Steps to build customized base images are updated to use Java version 21. Learn more at Base Docker images.
May 1, 2025
New ForgeOps 2025.1.2 released
New features and updated functionality
- New PingGateway version available
-
PingGateway 2025.3.0 Docker image has been released. The forgeops command has been updated to deploy PingGateway in a ForgeOps deployment.
- Updated PingGateway deployment to use the new
admin
endpoint -
PingGateway has two endpoints now:
-
/ig
the main entry point to PingGateway -
/admin
the API of the PingGateway administration, containing the/ping
handler used for live check, for example.
-
- Updated the Kubernetes version to 1.32
-
The Terraform cluster creation manifests have been updated to use Kubernetes version 1.32 on all platforms.
- Custom environment variables in Helm chart
-
Implemented a mechanism to define extra environment variables for AM, IDM and custom variables to the platform configuration map.
Update the
values.yaml
file for your environments with the desired configuration. Theenv
arrays should contain maps of Kubernetes environment configurations. The following sections in thecharts/identity-platform/values.yaml
file contain examples:-
platform.configMap.data: Map of custom key,value pairs for
platform-config
-
platform.env: Shared custom environment variables
-
am.env: AM custom environment variables
-
idm.env: IDM custom environment variables
-
- The install-prereqs script is updated
-
The following new features have been added to the install-prereqs script:
-
A usage statement.
-
The
--upgrade
flag for easy upgrading of prereqs. -
The ability to provide a config file to pin versions.
-
- Prometheus and Grafana added to the Helm chart
-
Added the ability to enable Prometheus and Grafana in the Helm chart.
- Improved release detection
-
Using forgeops image and forgeops info commands, you can now look for and select a newer version, skipping the version you specified in the command if it isn’t available.
Bugfixes
- Fix
--amster-retain
option -
Added the
--amster-retain
option to the forgeops env command. You can configure a ForgeOps deployment environment to keep theamster
pod running for troubleshooting purposes. - Fix VolumeSnapshots in Kustomize deployments
-
The forgeops env command now adds a patch to update the namespace when enabling volume snapshots.
Removed Features
- Removed the forgeops generate command
-
The deprecated forgeops generate command has been removed.
- Removed the separate scripts to deploy
certmanager
andsecret-agent
-
The
certmanager-deploy.sh
andsecret-agent
scripts have been removed in favor of thecharts/scripts/install-prereqs
script, which includes steps to deploycertmanager
andsecret-agent
.
April 22, 2025
ForgeOps updates
- The
debug-logs
utility updated -
The
debug-log
utility is updated to use the new ForgeOps deployment environments and parameters. Learn more at Kubernetes logs and other diagnostics.
April 9, 2025
Documentation updates
- Third-party software
-
Updated the list of third-party software required for ForgeOps deployment. Included third-party software requirement in the Getting Started section. Learn more at your cluster environment at Setup overview.
ForgeOps updates
- Prometheus update
-
Monitoring tools Grafana and Prometheus have been updated to use the latest versions, along with newer monitoring endpoints. Learn more at About ForgeOps deployment monitoring.
April 4, 2025
Documentation updates
- Removed the
disaster
subcommand from the ds-debug command -
The DS team has removed the
disaster
subcommand from the ds-debug command. Accordingly, that subcommand description is removed from the Troubleshooting section. - Fixed the name of the ingress controller used
-
The name of the ingress controller used by default in ForgeOps deployment is corrected to Ingress-NGINX controller.
- Corrected steps to install PingGateway
-
Procedures to install PingGateway are corrected. Learn more at Deploy PingGateway and Custom PingGateway image.
March 19, 2025
Documentation updates
- Revise steps to enable volume snapshots
-
The steps to enable volume snapshots have been simplified with the use of the forgeops env command. Learn more in Backup and restore using volume snapshots.
- Command reference for forgeops image
-
Added the command reference for the forgeops image command. Learn more at the forgeops image command reference page.
March 05, 2025
Documentation updates
- Revamp the Upgrade section
-
The Upgrade document section is updated to cover the new format of the forgeops command and the ForgeOps deployment environment. Learn more in the Upgrade and Migration Overview section.
- Update the Troubleshooting
amster
section -
The amster command has been subsumed in the forgeops amster command. Learn more in the Troubleshooting
amster
pod section.
February 19, 2025
New ForgeOps 2025.1 released
New features and updated functionality
- Ability to set
FORGEOPS_ROOT
-
You can set
FORGEOPS_ROOT
parameter to specify the local folder that contains the Docker, Helm, and Kustomize configurations. This allows you to keep your changes in a separate Git repository. You can create a~/.forgeops.conf
file with your overrides. Your development team can place aforgeops.conf
file in theirFORGEOPS_ROOT
location which contains team-wide settings.You can clone the
forgeops
repository and check out only the version tag you need. This makes it easier to keep track of the ForgeOps version you’re using and upgrade to a newer version consistently.
Don’t create or modify the |
- forgeops info command can provide release information
-
You can now get a list of supported platform releases and their latest flags using the forgeops info --list-releases command.
You can get details for any release on
releases.forgeops.com
using the forgeops info --release xyz command. - forgeops env command supports PingGateway
-
You can now define and update PingGateway node configuration parameters, such as CPU, memory, replicas, and pull policy in a ForgeOps deployment environment. This lets you install PingGateway quickly in a ForgeOps deployment.
- Version of
pyyaml
is updated -
The version of
pyyaml
is updated. Run the [.command]forgeops configure# command to update your libraries.
Bugfixes
forgeops info --env-name
command has been fixed-
The timestamp issue in the forgeops info --env-name has been fixed.
- DS certificates are now deployed in Helm pre-install
-
Helm pre-install hooks are now used to deploy DS certificates. These certificates are no longer deleted when the Helm chart is uninstalled.
- AM service target ports are updated
-
Updated the AM service in the Helm chart to use HTTPS target port.
- Prometheus ports are updated
-
Prometheus default ports and labels have been updated to match the new Helm chart.
Documentation updates
- Upgrade procedures revised
-
The procedures to upgrade ForgeOps artifacts and component images are revised. Learn more in Upgrade and Migration Overview.
February 10, 2025
New features and updated functionality
- Added sample storage class definition files
-
We’ve added sample storage class definition files required for ForgeOps deployment. This helps users who set up Kubernetes clusters without using the ForgeOps-provided Terraform manifests.
Documentation updates
- Updated the procedure to set up minikube cluster
-
Because we’ve removed the
forgeops-minikube
script, we’ve revised the steps to create a minikube cluster to use the generic minikube command. Learn more about creating a minikube cluster here. - Updated the procedure to perform ForgeOps deployment on minikube
-
We’ve added the step to create the
fast
storage class required for ForgeOps deployment on minikube.
January 27, 2025
January 13, 2025
New features and updated functionality
- The ForgeOps releases are based on the
main
branch -
The
master
branch offorgeops
repository is no longer used. The ForgeOps artifacts are released from themain
branch. The latest Docker images are tagged asdev
images. You can view the available Docker images using the forgeops image command. - New forgeops command
-
-
The forgeops-ng command has been renamed forgeops. The new forgeops command subsumes all the functionality provided by the previous version of forgeops command. The previous version of the forgeops-ng command has been removed.
-
The process of deploying and managing ForgeOps deployments has been improved with the use of provisioning environments with the forgeops env command for both Kustomize and Helm user environments. Learn more about the forgeops env command in the forgeops env command].
-
Provided an option to select the Docker image as appropriate for a user deployment with the forgeops image command.
-
You can view configured environments and product versions using the forgeops info command.
-
Learn more in forgeops command reference
- ForgeOps-provided Docker images are now supported
-
Ping Identity now supports ForgeOps-provided Docker images. We’ve revised the documentation and removed the "unsupported" admonition.
- New supported product versions
-
Platform UI
7.5.1
PingAM
7.4.1, 7.5.1
PingDS
7.4.3, 7.5.1
PingGateway
2024.6.0, 2024.9.0, 2024.11.0
PingIDM
7.5.0
- Removed legacy DS docker directories
-
Removed the legacy docker/ds/idrepo and docker/ds/cts directories. The content that was in docker/ds/ds-new is now in docker/ds.
- Removed the requirement to build
ldif-importer
-
The
ldif-importer
component uses the DS Docker image, you don’t need to build a separate Docker image. The requiredldif-importer
scripts are mounted to theldif-importer
pod using a configmap.
Documentation updates
- New forgeops command reference
-
The new forgeops command reference contains more information on the new forgeops command.
- Description of the release process
-
Learn more about the new ForgeOps release process here
- New section on customizing DS image
-
Learn more about customizing DS image in the new section on Customizing DS image.
2024
December 05, 2024
Documentation updates
- Added description of the release process
-
Learn more about the new ForgeOps release process
- Moved the forgeops command description and reference to the Reference section
-
The new forgeops command is supported, so we’ve moved the corresponding documentation pages to the Reference section. Learn more in the forgeops command reference.
The previous version of the forgeops utility is not supported in this ForgeOps release. It continues to be supported in ForgeOps 7.5 and 7.4, as long as the corresponding Ping Identity Platform components are supported.
- Moved Base Docker Image page to the Reference section
-
Considering the ForgeOps-provided docker images are supported, you need to build base Docker images only in special cases. Accordingly, we’ve moved the Base Docker Images section to the Reference section.