ForgeRock dev environment (forgeops) – Cheat Sheet

A lot has changed in the ForgeRock DevOps space since I last wrote a blog post about setting up ForgeRock in Docker containers (way back in 2016).  ForgeRock has since integrated with Kubernetes and has instructions for deploying to local development environments and to Google and Amazon cloud environments.
Here’s a quick and dirty set of steps to get ForgeRock’s AM, DS and IDM spun up quickly using Docker containers and MiniKube.  I am using a Mac but you can use similar steps for Linux or Windows.
 

Caveats:

  • These steps are documented in greater detail here (read the docs first) – I copied these instructions directly from the documentation (all credit goes to ForgeRock)
  • These steps are not a substitute for reading the documentation (e.g. this is just my cheat sheet)

Setup Dev Env.

Obtain the forgeops repo:

  • git clone https://github.com/ForgeRock/forgeops.git
Check the documentation for the latest tags to checkout
  • https://backstage.forgerock.com/docs/forgeops/6.5/devops-guide-minikube/#devops-implementation-env-forgeops
Check out the latest release tag, creating a branch named my-branch
  • cd forgeops
  • git checkout tags/6.5-2020.06.24 -b my-branch
Note: check the actual forgeops repo for the latest tags … this changes frequently.
 
Install third-party software
  • https://backstage.forgerock.com/docs/forgeops/6.5/devops-guide-minikube/#devops-implementation-env-sw
Note: On Mac/Linux – use Homebrew – https://backstage.forgerock.com/docs/forgeops/6.5/devops-guide-minikube/#app-devops-minikube-homebrew
 
Create a Minikube VM instance.
  • minikube start –memory=12288 –cpus=3 –disk-size=40g –vm-driver=virtualbox –bootstrapper kubeadm –kubernetes-version=1.17.4
 
enable ingress controller
  • minikube addons enable ingress

Workaround for Minikube issue 1568 – let’s pods deployed on minikube reach themselves on network

  • minikube ssh sudo ip link set docker0 promisc on
Create namespace
  • kubectl create namespace my-namespace
Make the namespace the current namespace (assumes that this was created before)
  • kubens my-namespace
Check the minikube ip (will need for /etc/hosts)
  • minikube ip
Add entry to your /etc/hosts (ip should be the ip from the previous command)
  • 192.168.99.102 my-namespace.iam.example.com
Setup local computer to use minikube’s docker engine
  • eval $(minikube docker-env)
Stop Skaffold from pushing Docker images to a remote Docker registry
  • skaffold config set –kube-context minikube local-cluster true

Deploy the Platform

Change the kustomize file
  • cd ~/dev/forgeops/kustomize/overlay/6.5/all
  • vi kustomization.yaml
  • change text: namespace: default to namespace: my-namespace
Initialize the staging area for config profiles
  • cd ~/dev/forgeops/bin
  • ./config.sh init –profile cdk –version 6.5
Run skaffold to build docker images and deploy the FR identity platform
  • cd ~/dev/forgeops
  • skaffold dev -f skaffold-6.5.yaml

Using the Platform

Obtain Admin Passwords
  • cd ~/dev/forgeops/bin
  • ./print-secrets.sh amadmin
  • ./print-secrets.sh idmadmin
  • ./print-secrets.sh dsadmin
AM Console
  • https://my-namespace.iam.example.com/am
IDM Admin UI Console
  • https://my-namespace.iam.example.com/admin
View Minkikube dashboard (in browser)
  • minikube dashboard
to stop environment
  • ctrl-c (this does not remove anything)

to restart the environment

  • minikube start –memory=12288 –cpus=3 –disk-size=40g –vm-driver=virtualbox –bootstrapper kubeadm –kubernetes-version=1.17.4
  • minikube addons enable ingress
  • kubens my-namespace
  • eval $(minikube docker-env)
  • cd ~/dev/forgeops
  • skaffold dev -f skaffold-6.5.yaml
Clean up (this removes the minikube vm … like terminates with conviction)
  • minikube stop && minikube delete

Additional commands

list all pods
  • kubectl get pods
ssh to the pod
  • kubectl exec <pod name> -c openam -it /bin/bash

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous article

Deploying #OpenAM instances in #Docker