--- title: CDK architecture description: You deploy the CDK to get the Ping Identity Platform up and running on Kubernetes. CDK deployments are useful for demonstrations and proofs of concept. They're also intended for developmentā€”building custom Docker images for the platform. component: forgeops version: 7.4 page_id: forgeops::cdk/architecture canonical_url: https://docs.pingidentity.com/forgeops/7.4/cdk/architecture.html keywords: ["CDK", "Ingress Controller", "Kubernetes", "Kubernetes Namespace", "Secret Agent Operator", "Certificate Manager"] section_ids: cdk-pods: CDK pods next_step: Next step --- # CDK architecture You deploy the CDK to get the Ping Identity Platform up and running on Kubernetes. CDK deployments are useful for demonstrations and proofs of concept. They're also intended for developmentā€”building custom Docker images for the platform. | | | | - | ------------------------------------------------------------------------------------------ | | | Do not use the CDK as the basis for a production deployment of the Ping Identity Platform. | Before you can deploy the CDK, you must have: * Access to a Kubernetes cluster with the Ingress-NGINX controller deployed on it. * Access to a namespace in the cluster. * Third-party software installed in your local environment, as described in [the Setup section that pertains to your cluster type](setup-cdk.html). This diagram shows the CDK components: ![The forgeops install command.](../_images/cdk-install-dev.svg) The forgeops install command [deploys the CDK](deploy.html) in a Kubernetes cluster: * Installs Docker images for the platform specified in the [image defaulter](https://github.com/ForgeRock/forgeops/blob/release/7.4-20240805/kustomize/deploy/image-defaulter/kustomization.yaml). Initially, the image defaulter specifies the ForgeOps-provided Docker images for ForgeOps 7.4 release, available from the public registry. These images use ForgeRock's canonical configurations for AM and IDM. * Installs additional software as needed\[[1](#_footnotedef_1 "View footnote.")]: * **Secret Agent operator.** Generates Kubernetes secrets for Ping Identity Platform deployments. More information [here](../how-to/security/secret-agent.html). * **cert-manager software.** Provides certificate management services for the cluster. More information [here](../how-to/security/https.html). After you've deployed the CDK, you can access AM and IDM UIs and REST APIs to customize the Ping Identity Platform's configuration. You can then create Docker images that contain your customized configuration by using the forgeops build command. This command: * Builds Kubernetes manifests based on the Kustomize bases and overlays in your local `forgeops` repository clone. * Updates the image defaulter file to specify the customized images, so that the next time you deploy the CDK, your customized images will be used. See [`am` image](develop/am.html) and [`idm` image](develop/idm.html) for detailed information about building customized AM and IDM Docker images. ## CDK pods After deploying the CDK, the following pods run in your namespace: ![Diagram of the deployed ${cdk.abbr}.](../_images/cdk-deployment.svg) * `am` Runs PingAM. When AM starts in a CDK deployment, it obtains its [configuration](develop/fr-data.html#configuration-data) from the AM Docker image specified in the [image defaulter](https://github.com/ForgeRock/forgeops/blob/release/7.4-20240805/kustomize/deploy/image-defaulter/kustomization.yaml). After the `am` pod has started, a job is triggered that populates AM's application store with several agents and OAuth 2.0 client definitions that are used by the CDK. * `ds-idrepo-0` The `ds-idrepo-0` pod provides directory services for: * The identity repository shared by AM and IDM * The IDM repository * The AM application and policy store * AM's Core Token Service * `idm` Runs PingIDM. When IDM starts in a CDK deployment, it obtains its [configuration](develop/fr-data.html#configuration-data) from the IDM Docker image specified in the [image defaulter](https://github.com/ForgeRock/forgeops/blob/release/7.4-20240805/kustomize/deploy/image-defaulter/kustomization.yaml). In containerized deployments, IDM must retrieve its configuration from the file system and not from the IDM repository. The default values for the `openidm.fileinstall.enabled` and `openidm.config.repo.enabled` properties in the CDK's system.properties file ensure that IDM retrieves its configuration from the file system. Do not override the default values for these properties. * UI pods Several pods provide access to ForgeRock common user interfaces: * `admin-ui` * `end-user-ui` * `login-ui` ## Next step * [icon: check-square-o, set=fa][Become familiar with the CDK](intro.html) * [icon: check-square-o, set=fa][Understand CDK architecture](#) * [icon: square-o, set=fa]*[Set up your local environment](setup-cdk.html)* * [icon: square-o, set=fa][Deploy the platform](deploy.html) * [icon: square-o, set=fa][Access platform UIs and APIs](access.html) * [icon: square-o, set=fa][(Optional) Develop custom Docker images](develop/intro.html) *** [1](#_footnoteref_1). If any of these software components are already installed in your cluster, they are not reinstalled.