Kubernetes deployment for the ForgeRock® Identity Platform.
This repository provides Docker and Kustomize artifacts for deploying the ForgeRock Identity Platform on a Kubernetes cluster.
This GitHub repository is a read-only mirror of ForgeRock's Bitbucket Server repository. Users with ForgeRock BackStage accounts can make pull requests on our Bitbucket Server repository. ForgeRock does not accept pull requests on GitHub.
This repository is provided on an “as is” basis, without warranty of any kind, to the fullest extent permitted by law. ForgeRock does not warrant or guarantee the individual success developers may have in implementing the code on their development platforms or in production configurations. ForgeRock does not warrant, guarantee or make any representations regarding the use, results of use, accuracy, timeliness or completeness of any data or information relating to these samples. ForgeRock disclaims all warranties, expressed or implied, and in particular, disclaims all warranties of merchantability, and warranties related to the code, or any service or software related thereto. ForgeRock shall not be liable for any direct, indirect or consequential damages or costs of any type arising out of any action taken by you or others related to the samples.
See Support from ForgeRock for information about our support offering for this repository.
The highlights of the 7.1 release are:
- New CDK technology preview
- DS operator technology preview
- New RCS Agent pod in the CDM
- Cloud Deployment Quickstart (CDQ)
- New Secret Agent operator
- New cluster provisioning scripts
- Small, medium, and large CDM cluster sizing
See the instructions here for information about how to work with a supported release.
Before you start working with a release, make sure that you have the documentation that corresponds to that release.
The provided configuration, which we call the Cloud Developer's Kit (CDK), is a basic installation that can be further extended by developers to meet their requirements. The configuration provides the following features:
- Deployments for ForgeRock AM, IDM, DS and IG. IG is not deployed by default, but is available optionally.
- AM configured with a single root realm.
- A number of OIDC clients configured for AM/IDM integration and for smoke tests.
Note that the
idm-provisioning,idm-admin-uiand theend-user-uiclient configurations are required for the integration of IDM and AM. - Directory service instances configured for:
- The shared AM/IDM repo (ds-idrepo).
- The AM dynamic runtime data store for polices and agents. Currently, the ds-idrepo is used.
- The Access Manager Core Token Service (ds-cts).
- A Gatling test harness, which exercises the basic deployment and can be modified to include additional tests.
If you just want to observe the ForgeRock Identity Platform in action on a Kubernetes cluster, you can try out our CDQ (Cloud Deployment Quickstart). You can get the CDQ up and running quickly, but its capabilities are very limited.
For a full CDK deployment, you'll need to install the required third-party software, set up a Kubernetes cluster, and install the ForgeRock Identity Platform.
See the CDK documentation for detailed information about all these tasks.
Details here.
ForgeRock uses the config.sh script to manage configurations. See here for more information.
In version 7.1, the new cdk is introduced, using the new cdk you can manage
configurations and the entire deployment and management workflow. For more
information on the new cdk, see the
New Cloud Developer’s Kit Documentation.
ForgeRock uses secrets generated by Secret Agent Operator.
See the troubleshooting page in the CDK documentation.
See CDK Shutdown and Removal in the CDK documentation.