Staged installation
By default, the forgeops apply command installs the entire Ping Identity Platform.
You can also install the platform in stages to help troubleshoot deployment issues.
To install the platform in stages:
-
Verify you’ve set up your environment and created a Kubernetes cluster as documented in the setup section.
-
Use the terminal where you have already activated Python3 virtual environment. If you haven’t already done so, activate the virtual environment in a new terminal window:
$ source .venv/bin/activate
-
The configuration of a ForgeOps deployment is steered through the use of Kustomize overlays or Helm values. Use the forgeops env command to set up the Kustomize overlays and Helm values files to configure your ForgeOps deployment environment:
-
If you want to use the issuer provided with the platform for demo, then you can use default-issuer.
-
For a clusters on a cloud environment specify the --deployment-size as
--small,--medium, or--large. -
For a single-instance deployment, specify --deployment-size as
--single-instance.$ cd /path/to/forgeops/bin $ ./forgeops env --env-name my-env --fqdn my-fqdn --cluster-issuer my-cluster-issuer --deployment-size
In the command above, replace my-fqdn, my-cluster-issuer, and --deployment-size with appropriate values from your environment.
Learn more about deployment sizes in Cluster and deployment sizes and about single instances here.
-
-
Install the
baseanddscomponents first. Other components have dependencies on these two components:-
Install the platform
basecomponent:$ cd /path/to/forgeops/bin $ ./forgeops apply base --env-name my-env ... configmap/platform-config created Warning: spec.privateKey.rotationPolicy: In cert-manager >= v1.18.0, the default value changed from Never to Always. certificate.cert-manager.io/ds-master-cert created certificate.cert-manager.io/ds-ssl-cert created issuer.cert-manager.io/selfsigned-issuer created secretagentconfiguration.secret-agent.secrets.forgerock.io/forgerock-sac created Waiting for secrets to be ready. ... Relevant passwords: ... Relevant URLs: ... -
After you’ve installed the
basecomponent, install thedscomponent:$ ./forgeops apply ds --env-name my-env service/ds-cts created statefulset.apps/ds-cts created service/ds-idrepo created statefulset.apps/ds-idrepo created configmap/ds-set-passwords-scripts created job.batch/ds-set-passwords created
-
-
Install the other Ping Identity Platform components. You can either install all the other components by using the forgeops apply apps command, or install them separately:
-
Install AM:
$ ./forgeops apply am --env-name my-env configmap/am-entrypoint created configmap/am-import-pem-certs created configmap/am-logback created service/am created deployment.apps/am created ingress.networking.k8s.io/am created Targeting namespace: my-ns
-
Install Amster:
$ ./forgeops apply amster --env-name my-env job.batch/amster created -
Install IDM:
$ ./forgeops apply idm --env-name my-env configmap/idm created configmap/idm-import-pem-certs created configmap/idm-logback-xml created configmap/idm-logging-properties created service/idm created deployment.apps/idm created ingress.networking.k8s.io/idm created
-
-
Install the user interface components. You can either install all the applications by using the forgeops apply ui command, or install them separately:
-
Install the administration UI:
$ ./forgeops apply admin-ui --env-name my-env name my-env service/admin-ui created deployment.apps/admin-ui created ingress.networking.k8s.io/admin-ui created -
Install the login UI:
$ ./forgeops apply login-ui --env-name my-env service/login-ui created deployment.apps/login-ui created ingress.networking.k8s.io/login-ui created -
Install the end user UI:
$ ./forgeops apply end-user-ui --env-name my-env name my-env service/end-user-ui created deployment.apps/end-user-ui created ingress.networking.k8s.io/end-user-ui created
-
-
In a separate terminal tab or window, run the kubectl get pods command to monitor status of the deployment. Wait until all the pods are ready.