ForgeOps

ds image

The ds Docker image contains the DS configuration. You can customize the DS image before deploying it in your production environment.

The customization described here is for use in new Ping Identity Platform deployments.

This section covers:

  • Customize LDAP configuration by including LDIF format LDAP configuration files in ldif-ext directory.

  • Customize LDAP schema by including customized schema LDIF files in the config directory.

  • Customize DS setup behavior by updating the setup and post-init runtime scripts in the default-scripts directory.

  • Build an updated DS Docker image that contains the above-mentioned customizations.

  • Redeploy DS.

  • Verify the changes you’ve made to the DS configuration are in the new Docker image.

Detailed steps

  1. Verify that:

  2. Perform version control activities on your forgeops repository clone:

    1. Run the git status command.

    2. (Optional) Run the git commit command to commit changes to files that have been modified.

  3. Add your DS customizations:

    1. Refer to custom LDAP configuration to add LDAP configuration.

    2. Refer to custom LDAP schema to add LDAP schema.

    3. Customize DS’s setup behavior in the /path/to/forgeops/docker/ds/ds-new directory:

      1. To set up profiles and indexes, edit the default-scripts/setup script. For more information, refer to setup script details.

      2. To add custom configurations on a running deployment, edit the default-scripts/post-init script. In this case the existing directory data is not deleted. For more information, refer to post-init script details.

      3. To prepare the DS docker image for setup, edit the ds-setup.sh script. For more information, refer to ds-setup.sh script details.

  4. Identify the repository to which you’ll push the Docker image. You’ll use this location to specify the --push-to argument value in the build ds image step.

  5. Decide on the DS image tag for each build of the image. You’ll use this tag to specify the --tag argument value in the build DS image step.

  6. Build a new DS image that includes your customization:

    $ cd /path/to/forgeops/bin
$ ./forgeops build ds --config-profile my-profile --push-to my-repo --tag my-ds-tag

  7. Redeploy DS using your new DS image:

  • Deploy using the forgeops command

  • Deployment using Helm

The forgeops build command calls Docker to build a new ds Docker image and to push the image to your Docker repository. The new image includes your custom ldap and schema files. It also updates the image defaulter file so that the next time you install DS, the deployed DS server will include your custom DS image.

Perform version control activities on your forgeops repository clone:

  1. Run the git status command.

    Review the state of the kustomize/deploy/image-defaulter/kustomization.yaml file.

  2. (Optional) Run the git commit command to commit changes to the image defaulter file.

  3. Remove DS from your ForgeOps deployment:

    $ ./forgeops delete ds
...
deployment.apps "ds" deleted

  4. Delete the PVCs attached to DS pods using the kubectl delete pvc command.

  5. Redeploy DS using the new Docker image:

    $ ./forgeops install ds --single-instance
Checking cert-manager and related CRDs: cert-manager CRD found in cluster.
Checking secret-agent operator and related CRDs: secret-agent CRD found in cluster

  1. Locate the repository and tag for the new DS Docker image from the forgeops build command output.

  2. Delete the PVCs attached to DS pods using the kubectl delete pvc command.

    If the attached DS pod is running, the PVC will not get deleted immediately. So you should stop the running DS pods.

    In another terminal window, stop the DS pods using the kubectl delete pods command. This deletes the pods and attached PVCs.

  3. Redeploy DS using the new Docker image:

    $ cd /path/to/forgeops/charts/identity-platform
$ helm upgrade identity-platform \
oci://us-docker.pkg.dev/forgeops-public/charts/identity-platform \
--version 7.5 --namespace my-namespace \
--set ds.image.repository=my-repository' \
--set 'ds.image.tag=my-ds-tag'

Next step