forgeops command reference

forgeops — The new generation utility simplifies deploying and managing Ping Identity Platform components in a Kubernetes cluster. You can create and manage custom Kustomize overlays and Helm value files for each deployment. You can then apply the customized overlays or value files using Kustomize or Helm appropriately.

The forgeops command reference documentation is currently in developmental preview stage, and not all command options have been documented yet. To get help in the command-line interface, use the forgeops --help command.

Synopsis

forgeops subcommand options

Description

Generate custom component overlays and value files.
Use Kustomize or Helm to install Ping Identity Platform components in a Kubernetes cluster.
Delete platform components from a Kubernetes cluster.
Build custom Docker images for the Ping Identity Platform.

Options

The forgeops command takes the following option:

--help: Display command usage information.

The following subcommands clean, config, install, and generate have been deprecated because their functionality is provided through other existing subcommands.

Subcommands

forgeops apply

forgeops apply components options

Runs the kubectl apply -k command to apply Ping Identity Platform Kustomize overlay from the specified overlay directory into a Kubernetes namespace. If the specified overlay directory doesn’t exist, a new one is created.

The forgeops apply subcommand subsumes all the functionality of forgeops install. Accordingly, forgeops install is deprecated.

For components, specify:

am, amster, ds-cts, ds-idrepo, idm, or ig to deploy each Ping Identity Platform component.
More than one component or set of components separated by a space to deploy multiple Ping Identity Platform components. For example, forgeops apply ds-idrepo ds-cts am.
secrets, to deploy Kubernetes secrets. Secrets generated by cert-manager are not deployed.
base, to deploy the platform-config configmap Kubernetes ingress resources, and Kubernetes secrets. Secrets generated by cert-manager are not deployed.
all, to deploy all the Ping Identity Platform components.

The default value for components is all.

Options

The forgeops apply subcommand takes the following options:

--amster-retain n

Keep the amster pod running for n seconds. The default is 10 seconds. Specify infinity to keep the amster pod running indefinitely.

--create-namespace

Create a namespace if it doesn’t exist. The default is the current namespace of the user.

--debug

Display debug information when executing the command.

--dryrun

To perform a dry run without actually applying or installing the components.

--env-name ENV_NAME

Name of environment to apply. The default is demo.

--fqdn fqdn

The fully qualified hostname to use in the deployment.

The namespace specified in the forgeops env command is used by default. For simple demo purposes, the namespace specified in the default overlay file is used.
Relevant only for the forgeops apply all and forgeops apply base commands. This option is ignored for other forgeops apply commands.

--namespace ns

The namespace in which to install the ForgeOps platform components. If you need to create the namespace, then specify the --create-namespace | -c option.

--kustomize PATH

The directory which contains Kustomize overlays. Specify the full path to the directory or the path relative to the base of your local forgeops repository. The default value is kustomize.

Examples

Normal operation for demo overlay: forgeops apply
Use custom overlay named my-overlay: forgeops apply --env-name my-overlay
Do a dryrun: forgeops apply --dryrun --env-name my-overlay

forgeops build

forgeops build --env-name my_env components options

Use the forgeops build command to build custom Docker images for one or more Ping Identity Platform components, and update the Helm values file and the Kustomize image-defaulter overlay file for the specified environment.

Building amster image is not supported, use bin/amster.
The --config-profile option is applicable only for AM, idm_abbr, and PingGateway.
Use the --push-to option or set the PUSH_TO variable in your environment.
Use the --push-to none option for building local images in Minikube.

For components, specify:

am, ds, idm, or ig, to build a custom Docker image for a single Ping Identity Platform component.
More than one component or set of components separated by a space to build multiple Docker images in a single forgeops build command. For example, forgeops build --env-name [.var]#my-env am idm#.
all, to build Docker images for all the Ping Identity Platform components^[1] by running a single forgeops build command.

Options

In addition to the global forgeops command options, the forgeops build subcommand takes the following options:

--build-path path

The directory path where the build images are to be located. By default, the images are placed in path/to/forgeops/docker.

--config-profile config-profile-path

Path that contains the configuration for am, idm, or ig. The forgeops build command incorporates the configuration files located in this path in the custom Docker image it builds.

Configuration profiles reside in subdirectories of one of these paths in a forgeops repository clone:

docker/am/config-profiles
docker/idm/config-profiles
docker/ig/config-profiles

For more information, refer to Configuration profiles.

Customized ds images do not use configuration profiles. To customize the ds image, add customizations to the docker/ds directory before running the forgeops build ds command.

--debug

Display debug information when executing the command.

--dryrun

To perform a dry run without actually building the component images.

--env-name ENV_NAME

The name of the deployment environment which is used for building or deploying the image. Deployment environments let you manage deployment manifests and image defaulters.

You must initialize new deployment environments before using them for the first time. You must specify the --env-name option in the forgeops build command if you have not set up the ENV_NAME shell environment variable.

The forgeops build command updates the image defaulter in the target environment. For example, if you ran forgeops build --env-name prod, the image defaulter in the kustomize/overlay/deploy-prod/image-defaulter directory would be updated.

--kustomize

The path to the directory where the Kustomize overlays and the image defaulter files for the environment are located. You can specify either the full path or path relative to the local directory of your forgeops repository clone.

--push-to registry

Docker registry to which the Docker image being built is pushed. You must specify the push-to option unless you have set the PUSH_TO environment variable.

For deployments on Minikube, specify --push-to none to push the Docker image to the Docker instance running within Minikube.

If you specify both the --push-to option and the PUSH_TO environment variable, the value of the --push-to option takes precedence.

--reset

Revert all the tags and new image names in the image defaulter file to their last committed values.

--tag tag

Tag to apply to the Docker image being built.

Examples

Normal operation: forgeops build --config-profile prod --env-name prod --tag prod-am-123 am
Do a dryrun: forgeops build --config-profile prod --env-name prod --dryrun am

forgeops delete

forgeops delete --env-name my-env <components> <options>

Delete Ping Identity Platform components or sets of components, PVCs, volume snapshots, and Kubernetes secrets from a running Kustomize-based ForgeOps deployment.

By default, the forgeops delete command prompts you to confirm if you want to delete PVCs, volume snapshots, and Kubernetes secrets. You can suppress confirmation prompts as necessary by using the --yes option. For example, forgeops delete --env-name test --yes, deletes all Ping Identity Platform components in the test environment.

For components, specify:

am, ds-cts, ds-idrepo, idm, or ig, to delete a single Ping Identity Platform component.
secrets, to delete the Kubernetes secrets from the deployment.
- base, to delete the dev-utils and platform-config configmaps, Kubernetes ingress resources, and Kubernetes secrets. Secrets generated by cert-manager are not deleted.
all, to delete all the Ping Identity Platform components.
More than one component or set of components separated by a space to delete multiple Ping Identity Platform components. For example, forgeops delete am idm.

The default value for components is all.

Options

The forgeops delete subcommand takes the following options:

--debug: Display debug information when executing the command.
--dryrun: To perform a dry run without actually deleting the components.
--env-name ENV_NAME: The name of the deployment environment that contains the Kustomization overlays. You must specify the --env-name option, otherwise the forgeops delete command will fail to run.
--force: When deleting Ping Identity Platform components, also delete PVCs, volume snapshots, and Kubernetes secrets.

When you specify this option, you still receive the OK to delete components? confirmation prompt. Specify the --yes option together with --force to suppress this confirmation prompt.
--namespace namespace: The namespace from which to delete Ping Identity Platform components.

Defaults to the active namespace in your local Kubernetes context.
--yes: Suppress all confirmation prompts.

When you specify this option, PVCs, volume snapshots, and Kubernetes secrets are not deleted. Specify the --force option together with --yes to delete PVCs, volume snapshots, and Kubernetes secrets.

Examples

Normal operation: forgeops delete --env-name prod am
Do a dryrun: forgeops delete --env-name prod am—dryrun

forgeops env

Configure and manage a ForgeOps deployment environment. This subcommand has no component specifications. Use the environment configurations as specified in the table:

Options in forgeops env
Option	Detail
`--help`	Show this help message and exit
`--debug`	Turn on debugging (Default: False)
`--fqdn` FQDN	A Comma separated list of FQDNs. (Default: None)
`--helm path/to/helm/directory`	The directory where helm values files are located. The directory path can be relative to the `forgeops` root directory or an absolute path.
`--ingress INGRESS`	Ingress class name (default: None)
`--kustomize KUSTOMIZE`	The directory which contains Kustomize overlays. The directory path can be an absolute or relative to the `forgeops` root directory.
`--namespace NAMESPACE`	The Kubernetes namespace where the Ping Identity Platform components are deployed. (Default: None)
`--no-namespace`	Remove namespace from overlay. (Default: False)
`--env-name ENV_NAME`	Name of environment to manage. (Default: None)
`--single-instance`	Use a single-instance configuration. (Default: False)
`--source SOURCE`	Name of the source kustomize overlay. (Default: None)
`--ssl-secretname SSL_SECRETNAME`	Name of the secret containing private ssl data. (Default: None)
`--am-cpu, --am-mem, --am-rep`	Specify CPU, memory, and number of replicas for AM pods.
`--cts-cpu, --cts-disk, --cts-mem, --cts-rep, --cts-snap-enable`	Specify CPU, disk size, memory, replicas, and volume snapshots for `ds-cts` pods.
`--idm-cpu --idm-mem --idm-rep`	Specify CPU, memory, and number of replicas for IDM pods.
`--idrepo-cpu, --idrepo-disk, --idrepo-mem, --idrepo-rep, --idrepo-snap-enable`	Specify CPU, disk size, memory, replicas, and enable volume snapshots for `ds-idrepo` pods.
`--pull-policy PULL_POLICY`	Set policy for all platform images.
`--no-helm`	Don’t create/manage helm values files. (Default: False)
`--no-kustomize`	Don’t create/manage kustomize overlay. (Default: False)
`--small`	A small deployment. (Default: None)
`--medium`	A medium sized deployment. (Default: None)
`--large`	A large sized deployment. (Default: None)
`--issuer ISSUER`	TLS cert Issuer. (Default: None)
`--cluster-issuer CLUSTER_ISSUER`	TLS cert ClusterIssuer (default: None)
`--skip-issuer`	Skip TLS cert issuer setup (default: False)

1. Except for the deprecated amster component.