ForgeOps

Custom IG image

The IG configuration provided in the CDK canonical configuration profile is an example, and is not meant for use in production. Remove this configuration and replace it with your own routes before using IG in your environment.

See the IG Deployment Guide for configuring routes.

Prerequisites

Before starting to build your custom IG image and deploy IG, initialize a new configuration profile and set up your local environment to write Docker images:

  1. Initialize a new configuration profile by copying the canonical CDK configuration:

    $ cd /path/to/forgeops/docker/ig/config-profiles
    $ cp -r cdk my-ig
  2. Configure your environment to write to your Docker registry:

    Minikube

    Set up your local environment to execute docker commands on Minikube’s Docker engine:

    1. Run the docker-env command in your shell:

      $ eval $(minikube docker-env)
    2. Stop Skaffold from pushing Docker images to a remote Docker registry:

      $ skaffold config set --kube-context minikube local-cluster true
      set value local-cluster to true for context minikube
    GKE shared cluster

    To set up your local computer to push Docker images:

    1. If it’s not already running, start Docker on your local computer. For more information, see the Docker documentation.

    2. Set up a Docker credential helper:

      $ gcloud auth configure-docker
    3. Run the kubectx command to obtain the Kubernetes context.

    4. Configure Skaffold with the Docker registry location you obtained from your cluster administrator and the Kubernetes context you obtained in Context for the shared cluster:

      $ skaffold config set default-repo my-docker-registry --kube-context my-kubernetes-context
    EKS shared cluster

    Set up your local computer to push Docker images to Amazon ECR:

    1. If it’s not already running, start Docker on your local computer. For more information, see the Docker documentation.

    2. Log in to Amazon ECR. Use the Docker registry location you obtained from your cluster administrator:

      $ aws ecr get-login-password | \
       docker login --username AWS --password-stdin my-docker-registry
      stdin my-docker-registry
      Login Succeeded

      ECR login sessions expire after 12 hours. Because of this, you’ll need to perform these steps again whenever your login session expires.

    3. Run the kubectx command to obtain the Kubernetes context.

    4. Configure Skaffold with the Docker registry location and the Kubernetes context:

      $ skaffold config set default-repo my-docker-registry --kube-context my-kubernetes-context
    AKS shared cluster

    Set up your local computer to push Docker images to Azure container registry:

    1. If it’s not already running, start Docker on your local computer. For more information, see the Docker documentation.

    2. Install the ACR Docker Credential Helper.

    3. Run the kubectx command to obtain the Kubernetes context.

    4. Configure Skaffold with the Docker registry location you obtained from your cluster administrator and the Kubernetes context you obtained in Context for the shared cluster:

      $ skaffold config set default-repo my-docker-registry --kube-context my-kubernetes-context

Build a custom IG image and deploy IG

  1. Verify that the CDK is up and running.

  2. Configure IG by creating, modifying, or deleting rules in the /path/to/forgeops/docker/ig/config-profiles/[.var]#my-ig/config/routes-service# directory.

  3. Build a new IG image that includes your custom configuration:

    $ /path/to/forgeops/bin/forgeops build ig --config-profile my-ig
    Generating tags…​
     - ig → ig:0a27bdfea
    Checking cache…​
     - ig: Not found. Building
    Starting build…​
    Found [minikube] context, using local docker daemon.
    Building [ig]…​
    Sending build context to Docker daemon  55.81kB
    Step 1/5 : FROM gcr.io/forgerock-io/ig:2023.11.0
     --→ ba6f8150204e
    Step 2/5 : ARG CONFIG_PROFILE=cdk
    . . .
    Step 5/5 : COPY --chown=forgerock:root . /var/ig
     --→ c173995218a3
    Successfully built c173995218a3
    Successfully tagged ig:0a27bdfea
    
    Updated the image_defaulter with your new image for ig: "ig:c173995218a3c55dbca76fff08588153db0693a51ff0904e6adee34b7163340a"
  4. Uninstall the previously deployed IG from your CDK:

    1. Set the active namespace in your local Kubernetes context to the namespace in which you have deployed the IG.

    2. Delete IG:

      $ /path/to/forgeops/bin/forgeops delete ig
      Uninstalling component(s): ['ig']
      OK to delete these components? [Y/N] y
      secret "openig-secrets-env" deleted
      service "ig" deleted
      deployment.apps "ig" deleted
  5. Deploy IG using your customized IG image:

    $ /path/to/forgeops/bin/forgeops install ig --cdk
    Checking secret-agent operator and related CRDs: secret-agent CRD found in cluster.
    Checking ds-operator and related CRDs: ds-operator CRD found in cluster.
    
    Installing component(s): ['ig']
    
    secret/openig-secrets-env created
    service/ig created
    deployment.apps/ig created
    
    Enjoy your deployment!
  6. Run the kubectl get pods command to check the status of the IG pod. Wait until the IG pod is ready before proceeding to the next step.

  7. Verify that your IG routes work.