ForgeOps

ds image

The ds Docker image contains the DS configuration. You can customize the DS image before deploying it in your production environment.

The customization described here is for use in new Ping Identity Platform deployments.

This section covers:

  • Customize LDAP configuration by including LDIF format LDAP configuration files in ldif-ext directory.

  • Customize LDAP schema by including customized schema LDIF files in the config directory.

  • Customize DS setup behavior by updating the setup and post-init runtime scripts in the runtime-scripts directory.

  • Build an updated DS Docker image that contains the above-mentioned customizations.

  • Redeploy DS.

  • Verify the changes you’ve made to the DS configuration are in the new Docker image.

Detailed steps

  1. Verify that:

  2. Perform version control activities on your forgeops repository clone:

    1. Run the git status command.

    2. (Optional) Run the git commit command to commit the changes.

  3. Add your DS customizations:

    1. Learn more at custom LDAP configuration to add LDAP configuration.

    2. Learn more in custom LDAP schema to add LDAP schema.

    3. Customize DS’s setup behavior in the /path/to/forgeops/docker/ds/ds-new directory:

      1. To set up profiles and indexes, edit the runtime-scripts/setup script. Learn more in setup script details.

      2. To add custom configurations after indexes have been rebuilt, edit the runtime-scripts/post-init script. Learn more in post-init script details.

      3. To prepare the DS docker image for setup, edit the ds-setup.sh script. Learn more in ds-setup.sh script details.

  4. Identify the repository where you’ll push the Docker image. You’ll use this location to specify the --push-to argument value in the build ds image step.

  5. Decide on the DS image tag for each build of the image. You’ll use this tag to specify the --tag argument value in the build DS image step.

  6. Build a new DS image that includes your customization:

    $ cd /path/to/forgeops/bin
$ ./forgeops build ds --env-name my-env --config-profile my-profile --push-to my-repo --tag my-ds-tag

  7. Redeploy DS using your new DS image:

  • Deploy using the forgeops command

  • Deploy using Helm

The forgeops build command calls Docker to build a new ds Docker image and to push the image to your Docker repository. The new image includes your custom LDAP and schema files. It also updates the image defaulter file so that the next time you install DS, the deployed DS server includes your custom DS image.

Perform version control activities on your forgeops repository clone:

  1. Run the git status command.

    Review the state of the kustomize/deploy/image-defaulter/kustomization.yaml file.

  2. (Optional) Run the git commit command to commit changes to the image defaulter file.

  3. Remove DS from your ForgeOps deployment:

    $ ./forgeops delete ds --env-name my-env
...
deployment.apps "ds" deleted

  4. Delete the PVCs attached to DS pods using the kubectl delete pvc command.

  5. Redeploy DS using the new Docker image:

    $ ./forgeops apply ds --env-name my-env --single-instance
Checking cert-manager and related CRDs: cert-manager CRD found in cluster.
Checking secret-agent operator and related CRDs: secret-agent CRD found in cluster

  1. Locate the repository and tag for the new DS Docker image from the forgeops build command output.

  2. Delete the PVCs attached to DS pods using the kubectl delete pvc command.

    If the attached DS pod is running, the PVC is not deleted immediately. So you should stop the running DS pods.

    In another terminal window, stop the DS pods using the kubectl delete pods command. This deletes the pods and its attached PVC.

  3. Redeploy DS using the new Docker image:

    $ cd /path/to/forgeops/charts/identity-platform
$ helm upgrade identity-platform ./ \
 --version 2025.1.0 --namespace my-namespace \
 --set 'ds.image.repository=my-repository' \
 --set 'ds.image.tag=my-ds-tag'

Next step