ForgeRock AM 6.5 Deployment on K8S
In this Medium publication, my goal is to discuss and provide information on how to configure/install/upgrade certain products offered by ForgeRock and primarily OpenAM and OpenIDM. For these articles to be practical and hands-on, and where applicable I will provide companion videos via my YouTube channel and source-code will be available on Github. With intro out of the way, let’s get our hands dirty.
In this article, we will see how to install ForgeRock Access Management version 6.5.0 a.k.a OpenAM. I will use Kubernetes (K8S) to orchestrate Docker based containers running ForgeRock platform. The use of K8S is opinionated and to quickly get up and running, and by no means we discuss any best practices around K8S in this article. Please note this is not a production grade deployment and is rather meant for development/testing purposes.
Technology Stack:
- ForgeRock Access Management 6.5.0
- Tomcat v8.5.35
- OpenJDK v1.8.0_111
- K8S via Docker for Desktop
Step-by-step instructions are provided in the video but at a high-level we’ll be to do the following:
- Build AM 6.5.0 Docker image;
- Deploy AM 6.5.0 via K8S
Deployment; - Expose K8S deployment using
NodePortservice.
Dockerize AM 6.5 using Dockerfile
FROM java:8-jre# Optional set of tools for debugging
RUN apt-get update \
&& apt-get install telnet \
&& apt-get install dnsutils -yENV CATALINA_HOME /usr/local/tomcat
ENV PATH $CATALINA_HOME/bin:$PATH
RUN mkdir -p "$CATALINA_HOME"
WORKDIR $CATALINA_HOME# See https://www.apache.org/dist/tomcat/tomcat-8/KEYS
RUN gpg --keyserver pool.sks-keyservers.net --recv-keys \
05AB33110949707C93A279E3D3EFE6B686867BA6 \
07E48665A34DCAFAE522E5E6266191C37C037D42 \
47309207D818FFD8DCD3F83F1931D684307A10A5 \
541FBE7D8F78B25E055DDEE13C370389288584E7 \
61B832AC2F1C5A90F0F9B00A1C506407564C17A3 \
79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED \
9BA44C2621385CB966EBA586F72C284D731FABEE \
A27677289986DB50844682F8ACB77FC2E86E29AC \
A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 \
DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 \
F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE \
F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23ENV TOMCAT_MAJOR 8
ENV TOMCAT_VERSION 8.5.35
ENV TOMCAT_TGZ_URL https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gzRUN set -x \
&& curl -fSL "$TOMCAT_TGZ_URL" -o tomcat.tar.gz \
&& curl -fSL "$TOMCAT_TGZ_URL.asc" -o tomcat.tar.gz.asc \
&& gpg --verify tomcat.tar.gz.asc \
&& tar -xvf tomcat.tar.gz --strip-components=1 \
&& rm bin/*.bat \
&& rm tomcat.tar.gz*EXPOSE 8080
ENV AM_VERSION 6.5.0ADD ./artifacts/AM-${AM_VERSION}.zip /tmpRUN unzip /tmp/AM-${AM_VERSION}.zip -d /opt \
&& cp /opt/openam/AM-${AM_VERSION}.war $CATALINA_HOME/webapps/openam.war \
&& rm /tmp/AM-${AM_VERSION}.zipENV AM_HOME /opt/openam
ENV PATH $AM_HOME:$PATHCMD ["catalina.sh", "run"]
K8S Configuration
apiVersion: apps/v1
kind: Deployment
metadata:
name: am
labels:
app: am
type: accessmanagement
spec:
replicas: 1
selector:
matchLabels:
app: am
template:
metadata:
labels:
app: am
spec:
containers:
- name: am
image: sqoopdata/am:1.0
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: am
labels:
app: am
spec:
type: NodePort
ports:
- port: 8080
selector:
app: amPlease watch the companion video for detailed steps from start to finish. And don’t forget to hit “Subscribe” for notifications on future videos.
