Setting Up a ForgeRock Stack On Your Local Machine
The step-by-step instructions mentioned in this article will teach you how to set up a Forgerock stack on your Mac OS, following prerequisite software.
Join the DZone community and get the full member experience.Join For Free
It is quite hard to grok or grasp certain security concepts if you do not have an actual environment to play with, or sometimes you need to raise a ForgeRock ticket and you need a vanilla environment to replicate an issue. This article will help you set up the latest version of the vanilla Forgerock environment.
The instructions mentioned in this article are about how to set up the whole Forgerock stack on a Mac machine. Before continuing you should already have the prerequisite software already set up on your Mac machine.
- Docker Desktop—Install Docker Desktop for Mac via the download file.
- Allocate ample resources to your docker
Enable Kubernetes Cluster in your docker
K9s— K9s is a Kubernetes dashboard for browsing and managing deployed Kubernetes resources/objects. Use the following command:
$ brew install derailed/k9s/k9s
kubectx—kubectx is to set the context of the current shell so that all subsequent kubectl commands would be contextualized to a set cluster. Use the following command:
$ brew install kubectx
Skaffold—skaffold is a CI/CD tool for Kubernetes clusters; here it is used to set up the ForgeRock cluster. Use the following command:
$ brew install skaffold
kubefwd—kubefwd is a tool to mass-forward services ports so that you could access the services from outside the Kube cluster, this is important for testing purposes. Use the following command:
$ brew install txn2/tap/kubefwd
kustomize—kustomize is a tool that allows users to create configuration overlays that could be applied to Kubernetes configuration files before they are being deployed into the kube environment; in short, it allows for users to surfaced out configuration so that it could be injected by ci/cd pipelines. Use the following command:
$ brew install kustomize
Docker desktop Kube Ingres Controller—In order for you to access the Forgerock stack after set up you will need an ingress controller installed in your Docker Desktop Kube cluster.
Forgerock Secret Agent—You will need the ForgeRock secret agent to turn out passwords and secrets while it is being installed and set up.
3.0 Setting Up the Forgerock Stack
The following instructions will allow you to set up the whole Forgerock stack of components in your local mac machine.
3.1 Cloning the ForgeOps Repository
The first step to set up the whole ForgeRock stack is to clone the ForgeOps Github code. For more information about the deployment of ForgeRock components in Kubernetes Clusters and how to automate them via CI/CD pipelines, you could head on to the ForgeOps documentation. Run the following command to clone the code:
$ git clone https://github.com/ForgeRock/forgeops.git
Now switch the code into a feature branch that is used for deployments to the local Kubernetes cluster.
3.2 Setting Up the Right Execution Context
Before you go further you need to set up the Kube context. In order to check what Kubernetes context you are on right now, you can run kubectx without any arguments. The following print screen shows that my current Kube context is set to the docker Kubernetes cluster because it is highlighted in yellow.
If the docker Kubernetes cluster is not set as context then run the following command:
$ kubectx docker-desktop
In these instructions, we are going to use the default namespace in the Kube cluster and the default namespace is also called default.
$ kubens default
Now finally we need to set up the right Skaffold context, run the following command:
$ skaffold config set --kube-context docker-desktop local-cluster true
3.3 Installing the Forgerock Stack
Before you run the Skaffold command to inflate the Forgorck stack onto your local Kubernetes cluster you need to modify a line of code in the ForgeOps repository; go to the following file:
The path provided above is a relative path from inside the ForgeOps folder. Modify the FQDN to the following.
After modifying the file, please remember to save it. Then run the following command so that the environment-specific files will be generated:
$ cd bin; ./config.sh init --profile cdk --version 7.0
Once the configuration files are churned out, go back to the ForgeOps root directory and run Skaffold:
$ cd ..; skaffold run
After running Skaffold it will start to deploy all the ForgeRock components into your local Kubernetes cluster, you need to wait for the deployment to finish and for all the components to come up.
In order to view the statuses of the components run k9s and you will get the following dashboard; here I have listed all pods from all namespaces.
Depending on the color schemes you have configured, once all of them turn blue,ll mean that all the ForgeRock components are ready and running.
3.4 Setting Up The Network
The following is the kubeforward command; you need to run this in a separate terminal, as it could be run as a long-running process to forward ports from services that reside in the listed namespaces. To stop port forwarding just type CTL+D or CTRL+C.
$ sudo kubefwd services -n default -n ingress-nginx
Once you run the kubefwd command it will create entries of all the forwarded services in your /etc/hosts file like the following.
The highlighted box is an entry we have configured as the FQDN in section 3.3; it is important that you configure this to localhost, because all request to this FQDN will be picked up by the Kubernetes ingress controller and in turn will be picked up by the ForgeRock ingress configurations and eventually be forwarded to its respective components.
3.5 Accessing The Forgerock Stack
The following URL will bring you to the installed ForgeRock stack.
The first login page you will see is the following.
In order to get the password for the amadmin user, you need to run the following command from the ForgeOps directory:
You will get something like the following output. The output is the password for the amadmin user.
Once you login you will see the following.
After running all the setup steps mentioned in the preceding sections you have actually successfully installed the following ForgeRock components.
- Directory Service
- Identity Management Service
- Access Manager Service
For more details about the mentioned components go to the Forgerock documentation. The setup steps will always install the latest available version of ForgeRock components into your machine because it is using Forgerock’s own Google Container Registry’s docker images.
Published at DZone with permission of Kian Ting, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.