ForgeOps release notes
Subscribe to the ForgeOps 2026.2.0 RSS feed to get notification when there’s an update to the latest ForgeOps documentation.
|
Learn more about configuring GitHub notifications here so you can get notified on ForgeOps releases. |
Validated Kubernetes, Ingress-NGINX Controller, HAProxy Ingress, cert-manager, and operator versions for deploying Ping Identity Platform 2026.2 |
|
Limitations when deploying Ping Identity Platform |
|
More information about the evolving nature of the |
|
Legal notices |
|
Archive of release notes in ForgeOps 2026.1 are available from ForgeOps release 2026.1 documentation. |
|
Archive of release notes in ForgeOps 2025.1 and 2025.2 are available from ForgeOps release 2025.2 documentation. |
|
Archive of release notes in 2024 and before are available from ForgeOps release 7.5 documentation. |
|
Archive of release notes in 2023 and before are available from ForgeOps release 7.4 documentation |
2026
ForgeOps 2026.2 release features
- Read-only root filesystem for init containers (Helm only)
-
The init containers of all pods have been reconfigured to enable
readOnlyRootFilesystemsecurity context. This has no impact on deployments, but requires that DS stateful sets be recreated. To enable thereadOnlyRootFilesystemsecurity context, follow these steps. - Flags to enable or disable security features (Helm only)
-
You can enable or disable the new security features in your ForgeOps environment using the
--secureor--insecureflags. By default, new environments are created with the--secureflag, so the new security features are enabled.
|
These flags can be enabled or disabled only in ForgeOps environments deployed using Helm. |
To enable the security features in an existing environment:
-
Run the
forgeopscommand:$ cd /path/to/forgeops $ ./bin/forgeops env --env-name my-env --secure -
Recreate the DS stateful set using the instructions in the how to recreate an STS article.
- The platform pods deployed as non-root user using user ID
-
The AM, DS, and IDM pods are now deployed as the standard non-root user ID
11111and the username is no longer referred to. The user ID11111is a security standard across the platform. This user ID is set in the pod security context as therunAsUserproperty. PodDisruptionBudgetsfor product components-
You can enable
PodDisruptionBudgetsfor platform product components in the Helm charts for Ping Identity Platform including PingGateway. This feature is disabled by default. You can enable it for each component by setting component.pdb.enabled: true` in your values file.The default policy keeps at least one pod available by setting
minAvailable: 1. You can change this value by appropriately changing the value of[.var] component.pdb.minAvailableorcomponent.pdb.maxUnavailable.The affected components are:
am,idm,admin-ui,end-user-ui,login-ui,ds-idrepo,ds-ctsandig(ping-gateway). - Supported Ping Identity Platform images
-
ForgeOps supports the last three major or minor versions of the Ping Identity Platform images. With the availability of 8.1 images, ForgeOps supports 8.1, 8.0, and 7.5 versions of the platform images, and 7.4 images are no longer supported.
We recommend customers that upgrade to a newer version of the platform images. Use the upgrade guide to upgrade to the latest image. The older tags remain available on http://releases.forgeops.com until the next major/minor release.
- New
ttloptions for use withamsterandds-set-passwordsjobs -
The
amsterandds-set-passwordsjobs now have a time-to-live (TTL) option that you can set to retain these jobs for a specified time. This is useful for jobs that are run manually need and to be retained to run to completion. To use this feature, set thettlSecondsAfterFinishedoption. The default is 7200 seconds.This feature is available in new environments only.
- Ability to define
apiVersion,kind, andspecfor a secret -
You can now define the
apiVersion,kind, andspecfor secrets defined in theplatform.secrets. This allows you to define secrets usingexternal-secrets.