Cloud Series: Accelerate Your Own ForgeRock Cloud Deployment

Cloud Series: Accelerate Your Own ForgeRock Cloud Deployment.png


If you have a robust DevOps team and you want to deploy the ForgeRock Identity Platform on Kubernetes, we have some good news. ForgeRock has simplified its reference cloud deployment. This includes new, lighter documentation, a new tool set that includes Skaffold, Kustomize, and Pulumi, to simplify cluster creation, which shortens the deployment process from one week to as little as half a day.

Cloud Deployment Model 

Our Cloud Deployment Model (CDM) is a way for your DevOps team to spin up the ForgeRock Identity Platform in a public cloud such as Amazon, Google, or Microsoft Azure. We provide a GitHub repository and the online documentation needed to get your DevOps team started. 

We’ve streamlined and simplified our quick start guide and documentation. We’ve created a  new Cloud Developer’s Kit (CDK), updating what was previously known as DevOps Examples. For more information, see “About the Cloud Developer’s Kit” in the DevOps Developer’s Guide: Using Minikube.

Both the CDK and the CDM now use uniformly comprehensive Access Management (AM) and Identity Management (IDM) configurations. The examples in the documentation better illustrate full-featured configurations and are no longer based on minimally viable configurations. 

Lighter Documentation 

For the CDM, the new Cloud Deployment Cookbooks for Google Cloud Services, Microsoft Azure, and Amazon AWS are each now 40% shorter in length. The decrease in documentation length means an increase in the return on the time invested. With the old cookbooks, the time to deploy a Kubernetes version of ForgeRock was about a week. With the new documentation, it is now about half a day.  

The acceleration is also attributable to the release of new tools. The GitHub forgeops repository contains new artifacts that let you deploy the ForgeRock Identity Platform using the Skaffold framework. This allows you to:

  • Quickly and easily start the ForgeRock Identity Platform.
  • Modify the AM, IDM, and Identity Gateway (IG) configurations.
  • Build updated Docker images that include your configuration changes.
  • Restart the ForgeRock Identity Platform with the updated Docker images.

Before you can use Skaffold with the ForgeRock Identity Platform, you’ll need to install Skaffold software on your local computer. See the DevOps Developer’s Guides for more information.

No More Helm 

We no longer use Helm to orchestrate the ForgeRock Identity Platform on Kubernetes. We now use the Kustomize framework to orchestrate AM, Director Services (DS), IDM, and IG on Kubernetes. Before you can use the Kustomize framework with ForgeRock Identity Platform, you’ll need to install Kustomize software on your local computer. See the DevOps Developer’s Guides for more information.

This revision uses Pulumi scripts to create clusters for CDM deployments. The previous version used a set of bash scripts for cluster creation. These scripts have been removed from the forgeops repository. For information about how to create Kubernetes clusters for the CDM using Pulumi, see the Creating and Setting up a Kubernetes Cluster sections in the CDM Cookbooks.

More Simplification, More Security 

The version of the CDM Cookbook for AKS is no longer evaluation-only. We’re supporting Azure in production. The revised CDM Cookbook for AKS now includes:

  • The CDM deployment topology on Azure now matches the CDM deployment topology on GCP and AWS.
  • Pulumi scripts demonstrate AKS cluster creation.
  • Benchmark results are available for a sample deployment with 10,000,000 users.

There are also security enhancements in our CDM. The new ForgeRock secrets generator randomly generates all secrets for AM, IDM, and DS services running in the CDK and the CDM. Random secrets generation greatly improves security for CDK and CDM deployments from previous versions. The secrets generator runs as a Kubernetes job before AM, IDM, and DS are deployed.

Learn more here.

*** This is a Security Bloggers Network syndicated blog from Forgerock Blog authored by Robert Vamosin. Read the original post at: