header-logo
  • Solutions
    CIAM Accelerators Affirm ID CUBE Guardian
    AI & ML Fraud Prevention LLM Intelligent Operations
    PQC Tangible Solutions PQC Advisory Services
  • Resources
  • About
  • Customer Support
  • Career
CONTACT US
✕
  • Solution
    • CIAM
      • Accelerators
      • Affirm ID
      • CUBE
      • Guardian
    • AI & ML
      • Fraud Prevention
      • LLM
      • Intelligent Operations
    • PQC
      • Tangible Solutions
      • Advisory Services
  • Resources
    • Case Studies
    • Blogs
    • Whitepaper
    • Training
  • About
  • Career
  • Customer Support
  • Contact Us
April 18, 2020
Categories
Tags
  • Home
  • So you want to deploy the ForgeRock User Store on Kubernetes?
18.04.2020

So you want to deploy the ForgeRock User Store on Kubernetes?

Ajit Gupta . 2 Minutes Read

SHARE

This post is aimed at #ForgeRock practitioners who are deploying the user store on #Kubernetes.

ForgeRock's advice currently recommends:

"... deploying DS in VMs as the processes to do maintenance and troubleshooting are well mastered..." however they "understand and accept that customers choose to deploy in Kubernetes, as long as they understand the limitations"

Refer to: https://forum.forgerock.com/2019/06/directory-services-docker-kubernetes-friends-foes/

In this paper we will explain how Midships mitigate the risks associated with deploying the ForgeRock User Store on Kubernetes. Please reach out to us if you have any queries.

Utilise the benefits of Kubernetes (Auto-Restarts and Statefulsets)

Our ForgeRock Accelerator leverages the benefits that comes with using Kubernetes, namely:

  1. Auto-scaling
  2. Auto-restart on failure
  3. Persistent storage.

[2] and [3] are leveraged by the User, Configuration and Token stores whereas [1] is used by the Access Manager.

Kubernetes orchestrates Stateful applications using a combination of its “stateful sets”, “persistent volume” and “persistent volume claims” frameworks. All stores are setup with a persistent volume set to a “Retain” reclaim policy. This ensure that when the application is deleted the data remains for later use.

Note: Persistent Volumes use disks outside of the Kubernetes estate, with varying performance and costs, just like Virtual Machines. i.e. the risk of data loss through physical failure is similar to that of Virtual Machines. On most cloud providers you can utilise block-level data storage products that are low latency, high performing, durable, and reliable.

Deploy Multiple User Store Instances

Our ForgeRock Accelerator by default deploys a minimum of two User Store instances in each region in an active-active state, ensuring high availability and data redundancy. Each instance has its own dedicated storage.

Prior to production, we recommend that Customers configure the User Store sizing to support the peak production loads such that in the event a User Store failure, the impact to customers is minimised.

Data Replication

By default all User, Configuration, and Token Stores are deployed and configured with self replication turn on to ensure that all instances are kept in sync. In the case where replication is required across regions or cloud providers, replication servers can be used.

Following the restart of a failed User Store instance, the already running instance will ensure it is up to date by replicating any information that was added, removed or modified while it was unavailable and being restarted.

Regular Backups

We provide our customers with a runbook on how to take regular snapshots of the underlining cloud disks supporting the persistent volumes and how to restore in the event of a disaster. Note we have procedures for AWS, GCP, Azure, AliCloud and OCI.

Note that we recommended customers to move to a multi region and / or multi cloud model to provide an additional layer of resilience when possible. In the event the underlying storage does fail, the procedures provide an expedient mechanism to recover Customer accounts.

Please contact us if you have any queries, require clarification or would like to discuss other Topics relating to #ForgeRock #Kubernetes #DevOps.

Navigate Your Customer Experience Today

TALK TO US
Solutions
  • CIAM
  • Accelerators
  • Affirm ID
  • CUBE
  • Guardian
  • AI & ML
  • Fraud Prevention
  • LLM
  • Intelligent Operations
  • PQC
  • Tangible Solutions
  • PQC Advisory Services
Resources
  • Blogs
  • Whitepapers
  • Case Studies
  • Training
About
Customer Support
Career
Contact Us
EMAIL

sales@midships.io

Singapore

MIDSHIPS GLOBAL PTE. LTD

Company Reg. No.: 202336865Z 2 Venture Drive, #08-28, Vision Exchange, Singapore 608526

Malaysia

MIDSHIPS SDN. BHD

Company Reg. No.: 202301036999 229A, Jalan Impian Emas 22, Taman Impian Emas, 81300 Skudai, Johor, Johor, Malaysia

India

MIDSHIPS INDIA PRIVATE LIMITED

Company Reg. No.: U63119MH2023FTC407551 5,Fl-1, Plot755/4B, 1 Padam, Dr Gopalrao Deshmukh Marg, Cumballa Hill, Mumbai - 400026, Maharashtra, India

Copyright © 2025 by Midships Group of Companies

Blogs Whitepapers Case Studies Training