ForgeOps

Additional setup

This page covers setup tasks that you’ll need to perform before you can develop custom Docker images for the Ping Identity Platform. Complete all of the tasks on this page before proceeding.

Use a single-instance ForgeOps deployment

You must use a single-instance ForgeOps deployment to develop custom Docker images for the Ping Identity Platform.

Use the following links for information about how to create single-instance ForgeOps deployments:

Set up your environment to push to your Docker registry

ForgeOps deployments support any container registry that supports Docker containers. You’ll need to set up your local environment to support your container registry. Here are setup steps for four commonly-used container registries:

Docker registry on minikube

Set up your local environment to execute docker commands on minikube’s Docker engine.

The ForgeOps team recommends using the built-in Docker engine when developing custom Docker images using minikube. When you use minikube’s Docker engine, you don’t have to build Docker images on a local engine and then push the images to a local or cloud-based Docker registry. Instead, you build images using the same Docker engine that minikube uses. This streamlines development.

To set up your local computer to use minikube’s Docker engine, run the docker-env command in your shell:

$ eval $(minikube docker-env)

For more information about using minikube’s built-in Docker engine, refer to Use local images by re-using the Docker daemon in the minikube documentation.

Google Cloud Artifact Registry or Container Registry

To set up your local computer to build and push Docker images:

  1. If it’s not already running, start a virtual machine that runs Docker engine. Refer to Docker engine for more information.

  2. Set up a Docker credential helper:

    $ gcloud auth configure-docker
AWS Elastic Container Registry

To set up your local computer to push Docker images:

  1. If it’s not already running, start a virtual machine that runs Docker engine. Refer to Docker engine for more information.

  2. Log in to Amazon ECR:

    $ aws ecr get-login-password | \
 docker login --username AWS --password-stdin my-docker-registry
Login Succeeded

    ECR login sessions expire after 12 hours. Because of this, you’ll need to perform these steps again whenever your login session expires.[1]

Azure Container Registry

To set up your local computer to push Docker images:

  1. If it’s not already running, start a virtual machine that runs Docker engine. Refer to Docker engine for more information.

  2. Install the ACR Docker Credential Helper.

Identify the Docker repository to push to

When you execute the forgeops build command, you must specify the repository to push your Docker image to with the --push-to argument.

The forgeops build command appends a component name to the destination repository. For example, the command forgeops build am --push-to us-docker.pkg.dev/my-project pushes a Docker image to the us-docker.pkg.dev/my-project/am repository.

To determine how to specify the --push-to argument for four commonly-used container registries:

Docker registry on minikube

Specify --push-to none with the forgeops build command to push the Docker image to the Docker registry embedded in the minikube cluster.

Google Cloud Artifact Registry or Container Registry

Obtain the --push-to location from your cluster administrator. After it builds the Docker image, the forgeops build command pushes the Docker image to this repository.

AWS Elastic Container Registry

Obtain the --push-to location from your cluster administrator. After it builds the Docker image, the forgeops build command pushes the Docker image to this repository.

Azure Container Registry

Obtain the --push-to location from your cluster administrator. After it builds the Docker image, the forgeops build command pushes the Docker image to this repository.

Initialize deployment environments

Deployment environments let you manage deployment manifests and image defaulters for multiple environments in a single forgeops repository clone.

Before you can perform a new ForgeOps deployment, you must initialize a new deployment environment using the forgeops env command:

On cloud platforms

  1. Verify you’ve set up your environment and created a Kubernetes cluster as documented in the setup section.

  2. Use the terminal where you have already activated Python3 virtual environment. If you haven’t already done so, activate the virtual environment in a new terminal window:

    $ source .venv/bin/activate

  3. The configuration of a ForgeOps deployment is steered through the use of Kustomize overlays or Helm values. Use the forgeops env command to set up the Kustomize overlays and Helm values files to configure your ForgeOps deployment environment:

    • If you want to use the issuer provided with the platform for demo, then you can use default-issuer.

    • For a clusters on a cloud environment specify the --deployment-size as --small, --medium, or --large.

    • For a single-instance deployment, specify --deployment-size as --single-instance.

      $ cd /path/to/forgeops/bin
$ ./forgeops env --env-name my-env --fqdn my-fqdn --cluster-issuer my-cluster-issuer --deployment-size

      In the command above, replace my-fqdn, my-cluster-issuer, and --deployment-size with appropriate values from your environment.

      Learn more about deployment sizes in Cluster and deployment sizes and about single instances here.

On minikube

  1. Verify you’ve set up your environment and created a Kubernetes cluster as documented in the setup section.

  2. Use the terminal where you have already activated Python3 virtual environment. If you haven’t already done so, activate the virtual environment in a new terminal window:

    $ source .venv/bin/activate

  3. The configuration of a ForgeOps deployment is steered through the use of Kustomize overlays or Helm values. Use the forgeops env command to set up the Kustomize overlays and Helm values files to configure your ForgeOps deployment environment:

    In a minikube environment, use the single instance deployment. For example:

    $ cd /path/to/forgeops/bin
$ ./forgeops env --env-name my-env --fqdn my-fqdn \
  --cluster-issuer my-cluster-issuer --single-instance

    Learn more about deployment sizes in Cluster and deployment sizes and about single instances here.

If you need multiple deployment environments, you’ll need to initialize each environment before you can start using it.

Next step

1. You can automate logging into ECR every 12 hours by using the cron utility.