ForgeOps

ForgeOps 7.4 release notes

Get an email when there’s an update to ForgeOps 7.4. Go to the Notifications page in your Backstage profile and select ForgeOps 7.4 Changes in the Documentation Digests section.

Or subscribe to the ForgeOps 7.4 RSS feed.

Important information for this ForgeOps release:

Validated Kubernetes, NGINX Ingress Controller, HAProxy Ingress, cert-manager, and ForgeRock operator versions for deploying ForgeRock Identity Platform 7.4

Link

Limitations when deploying ForgeRock Identity Platform 7.4 on Kubernetes

Link

More information about the rapidly evolving nature of the forgeops repository, including technology previews, legacy features, feature deprecation, and feature removal

Link

Archive of release notes prior to October 5, 2023

Link

2024

August 15, 2024

Highlights

New automatic disaster recovery procedure backported

The manual disaster recovery process in 7.4 is difficult to use. The current DS version supports automated DR process. This process is now backported to the DS version 7.4.2.

Changes

DS Docker images updated

New evaluation-only Docker image versions are now available for the DS component.

Documentation updates

Updated the procedure to create new CDM instance from backup

Revised the procedure to create new CDM instance from backup. Refer to New CDM using DS backup for more information.

July 12, 2024

Documentation updates

Added Bash version 4 or above to the required third-party software

Bash version 4 or above is required to run mapfile used by snapshot-restore.sh and stdlib.sh scripts. The snapshot-restore.sh script is used when restoring DS from snapshot backup. The stdlib.sh script contains general functions that can be used by other Bash scripts.

May 16, 2024

Documention updates

Upgrade DS in ForgeOps version 7.1 to version 7.4

Documented a procedure to upgrade DS in ForgeOps version 7.1 to version 7.4. Refer to Upgrade the DS from version 7.1 to 7.4 for further details.

May 13, 2024

Changes

Updated ds-operator to version 0.3.0

The DS Operator is updated to version v0.3.0 with security updates. Refer to the DS operator release notes for full details.

April 19, 2024

Document updates

Link to DS scripts

February 19, 2024

Highlights

Simplified procedure to create IDM base Docker image

The procedure to create IDM base Docker image has been simplified. For more information, refer to the steps to create IDM base Docker image.

Changes

JQ is required third-party software

JQ is required for implementing backup and restore operations using Kubernetes volume snapshots. For more information, refer to Backup and restore using volume snapshots.

January 31, 2024

Highlights

New evaluation-only Docker images are now available from ForgeRock

New evaluation-only Docker image versions are now available for the following ForgeRock Identity Platform components:

  • ForgeRock Directory Services: 7.4.1

  • ForgeRock Identity Gateway: 2023.11.0

For more information about changes to the ForgeRock Identity Platform, refer to the Release Notes for platform components at https://backstage.forgerock.com/docs.

To upgrade to the new versions, you’ll need to rebuild your custom Docker images. Refer to Base Docker images for instructions.

2023

December 12, 2023

Highlights

Updates to the forgeops repository

Updates for ForgeRock Identity Platform version 7.4 are available in the release/7.4-20240805 branch of the forgeops repository.

Updated ds-operator to version 0.2.8

The DS Operator is updated to version v0.2.8 with security updates and patches. Refer to the DS operator release notes for full details.

This is the new minimum ds-operator version supported by the forgeops command.

Support for annotations and labels in the directoryservice custom resource

The directoryservice custom resource now supports annotations and labels.

Documentation updates

New backup and restore procedures using volume snapshots

A new Backup and restore using volume snapshots section has been added which describes how to use Kubernetes volume snapshots to back up and restore DS data.

Docker images for Helm installs

Instructions about how to specify Docker images for Helm installs have been added.

November 15, 2023

Documentation updates

New task to initialize deployments

A new task to initialize deployment environments has been added to the instructions for developing custom Docker images using the CDK.

Before you can use a new deployment environment, you must initialize a directory that supports the environment.

Clarification about support for environments that deviate from the published CDK and CDM architecture

The Support from ForgeRock page has been updated to state that environments that deviate from the published CDK and CDM architecture are not supported. For details, refer to Support limitations.

November 14, 2023

Highlights

Helm deployment preview

Deploying the ForgeRock Identity Platform with Helm is available as a technology preview.

Deploying the platform with Helm is an alternative to using the forgeops install command, which uses Kustomize bases and overlays. Deploying the platform with the forgeops install command continues to be supported.

For more information and example commands, refer to the following pages:

If you deploy the platform with Helm, you’ll need to continue using the forgeops command with the following options:

  • forgeops build to build custom Docker images

  • forgeops info to write administrative passwords and URLs for accessing ForgeRock Identity Platform admin UIs to standard output

Helm deployment does not support Kustomize manifest generation using the forgeops generate command. Continue deploying the platform with the forgeops command if you use Kustomize manifest generation.

Existing Kustomize-based deployments can’t be changed to be Helm-based. If you want to use Helm, create a new deployment separate from any existing Kustomize-based deployments.

October 13, 2023

This major release of the forgeops repository supports ForgeRock Identity Platform 7.4. In addition to enabling new features in the platform, this release adds usability and security enhancements.

Highlights

Updates to the forgeops repository for ForgeRock Identity Platform version 7.4

Updates for ForgeRock Identity Platform version 7.4 are available in the release/7.4-20231003 branch of the forgeops repository.

New evaluation-only Docker images are now available from ForgeRock

New evaluation-only Docker image versions are now available for the following ForgeRock Identity Platform components:

  • ForgeRock Access Management: 7.4.0

  • ForgeRock Identity Management: 7.4.1

  • ForgeRock Directory Services: 7.4.2

  • ForgeRock Identity Gateway: 2023.11.0

For more information about changes to the ForgeRock Identity Platform, refer to the Release Notes for platform components at https://backstage.forgerock.com/docs.

The evaluation-only Docker images for ForgeRock Identity Platform version 7.4 are multi-architecture images that support both the ARM and x86 architectures.

To upgrade to the new versions, you’ll need to rebuild your custom Docker images. Refer to Base Docker images for instructions.

Running the CDK on Minikube on ARM-based machines is now supported

The new multi-architecture images let you run the platform natively on ARM and x86 CPUs without using an emulation layer. Because of this, the limitation against running the CDK on Minikube on macOS systems with ARM-based chipsets, such as the Apple M1 or M2, has been removed.

All evaluation-only Docker images are now based on Java 17

ForgeRock’s evaluation-only Docker images are all based on Java 17. All the Dockerfiles for building base Docker images specify Java 17.

In version 7.3, some of ForgeRock’s evaluation-only Docker images were based on Java 11.

Changes

CDM backup techniques

The techniques for backing up and restoring CDM data have changed. Refer to updates on the following pages:

Refer to the backup and restore overview for more information.

Deprecated

The DS operator

The DS operator is deprecated in version 7.4 of the ForgeRock Identity Platform. Because of this:

  • No DS operator pod needs to be deployed together with the CDK and the CDM.

  • The forgeops install command no longer deploys the DS operator if it isn’t running.

If you take volume snapshots for backups, you must continue to deploy the deprecated DS operator together with the CDK and the CDM.

The DS operator became available with version 7.2 of the ForgeRock Identity Platform. If you deployed the CDK or the CDM with version 7.2 or 7.3 of the platform:

  • If you prefer to no longer use the operator, migration is required. Refer to Upgrade the platform from version 7.3 to 7.4.

  • If you prefer to continue to use the operator, no migration is required; however, you will need to specify the --operator option with the forgeops install and forgeops generate commands. Refer to the sections on these two commands in the forgeops command reference.

ForgeOps artifacts for deploying ForgeRock Identity Platform 7.3

The ForgeOps artifacts for deploying ForgeRock Identity Platform 7.3 are deprecated. You should migrate to version 7.4 as soon as you’re able to.

Removed

Scheduled backup using the export-ldif utility

The ds-backup.sh script does not support scheduling backups that use the export-ldif utility. It only supports scheduling CDM data backups that use the dsbackup utility.