Standalone IDM deployment with Helm

This topic has 7 replies, 3 voices, and was last updated 3 years, 5 months ago by jayp.

  • Author
  • #21106

    I am having trouble deploying a standalone IDM container that relies on embedded DS to Kubernetes. Later the point would be to integrate with external JDBC db and use that instead of embedded DS. However, I haven’t been able to find a suitable Helm chart from Forgerock. I think forgerock/openidm is the closest one but it also relies on postgresql container. I tried modifying the chart but no luck.

    Any tips how this should be done or how to modify the helm chart?

     Warren Strange

    We don’t have an official helm chart for supporting the embedded DS server in OpenIDM.

    There is a sample deployment that you may want to look at for inspiration (this is purely a demo – and is not supported):


    Any Helm charts which are supported for deploying with external JDBC repos? Could that be acheved for example with cpm-idm-opendj-postgres by giving the external repo parameters in the values.yaml?

     Warren Strange

    That composite chart deploys a postgres database in a container – but if you have some other external database you can just point your IDM configuration to it. This:

    Demonstrates how to connect up IDM to a cloud SQL repository. It assumes you have created the database with the right schema.


    Thanks Warren for the tips. However, I still have trouble understanding how to pass the values from values.yaml to the idm’s boot.props or other files. Configmap in Kubernetes look ok and has the correct values. When I check the actual idm files in the contianer, they do not have the values form the values.yaml. For example does not correlate with configmap. Could you please explained this a little further? Thanks for the help, much appreciated!

     Warren Strange

    The file is defined in the configmap and is mounted on the opendim container at /var/run/openidm.

    Have a look at the entrypoint:

    It points IDM at this bootstrap file.

    The idm project configuration is cloned from git, and is also mounted on the idm containers file system at /git/config.


    Thanks for the clarification. Now I got the configuration process. The /var/run/boot.props looks correct and contains all the values from the helm values.yaml

    However, I am getting a strange error regarding database drivers:

    + [ openidm = openidm ]
    + PROJECT_HOME=/git/forgeops-init/default/idm/dev
    + [ -z  ]
    + [ -n /git/forgeops-init/default/idm/dev -a -r /git/forgeops-init/default/idm/dev/conf/ ]
    + LOGGING_CONFIG=-Djava.util.logging.config.file=/git/forgeops-init/default/idm/dev/conf/
    + hostname
    + HOSTNAME=openidm-fbfbb6fc9-b9l6w
    + NODE_ID=openidm-fbfbb6fc9-b9l6w
    + BOOT_PROPERTIES=/var/run/openidm/
    + [ -r secrets/keystore.jceks ]
    + echo Copying Keystores
    + cp -L secrets/keystore.jceks secrets/truststore security
    + [ -r /var/run/openidm/ ]
    + OPENIDM_OPTS=-Dopenidm.boot.file=/var/run/openidm/
    + echo Using OPENIDM_OPTS: -Dopenidm.boot.file=/var/run/openidm/
    + CLOPTS=-p /git/forgeops-init/default/idm/dev
    + LAUNCHER=org.forgerock.openidm.launcher.Main
    + cp /opt/openidm/conf/authentication.json.patch /opt/openidm/conf/identityProviders.json.patch /opt/openidm/conf/info-login.json.patch /opt/openidm/conf/info-ping.json.patch /opt/openidm/conf/info-version.json.patch /opt/openidm/conf/managed.json.patch /opt/openidm/conf/policy.json.patch /opt/openidm/conf/selfservice-registration.json.patch /opt/openidm/conf/selfservice.kba.json.patch /opt/openidm/conf/ui-dashboard.json.patch /opt/openidm/conf/ui.context-admin.json.patch /opt/openidm/conf/ui.context-selfservice.json.patch /git/forgeops-init/default/idm/dev/conf
    + echo Starting OpenIDM with options: -p /git/forgeops-init/default/idm/dev
    + exec java -Djava.util.logging.config.file=/git/forgeops-init/default/idm/dev/conf/ -server -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Dopenidm.boot.file=/var/run/openidm/ -Djava.endorsed.dirs= -classpath /opt/openidm/bin/*:/opt/openidm/framework/* -Dopenidm.system.server.root=/opt/openidm -Djava.endorsed.dirs= -Djava.awt.headless=true org.forgerock.openidm.launcher.Main -c /opt/openidm/bin/launcher.json -p /git/forgeops-init/default/idm/dev
    Copying Keystores
    Using OPENIDM_OPTS: -Dopenidm.boot.file=/var/run/openidm/
    Starting OpenIDM with options: -p /git/forgeops-init/default/idm/dev
    Apr 03, 2018 10:53:15 AM org.forgerock.openidm.logging.LogServiceTracker logEntry
    SEVERE: Bundle: org.forgerock.openidm.repo-jdbc [9] FrameworkEvent ERROR
    org.apache.felix.log.LogException: org.osgi.framework.BundleException: Activator start error in bundle org.forgerock.openidm.repo-jdbc [9].
            at org.apache.felix.framework.Felix.activateBundle(
            at org.apache.felix.framework.Felix.startBundle(
            at org.apache.felix.framework.Felix.setActiveStartLevel(
    Caused by: org.apache.felix.log.LogException: org.forgerock.openidm.config.enhanced.InvalidException: Could not find configured database driver com.mysql.jdbc.Driver to start repository 
            at org.forgerock.openidm.datasource.jdbc.impl.NonPoolingDataSourceFactory.newInstance(
            at org.forgerock.openidm.datasource.jdbc.impl.JDBCDataSourceService.initDataSourceService(
            at org.forgerock.openidm.datasource.jdbc.impl.JDBCDataSourceService.getBootService(
            at org.forgerock.openidm.repo.jdbc.impl.Activator.start(
            at org.apache.felix.framework.util.SecureAction.startActivator(
            at org.apache.felix.framework.Felix.activateBundle(
            ... 4 more
    Caused by: java.lang.ClassNotFoundException: com.mysql.jdbc.Driver not found by org.forgerock.openidm.repo-jdbc [9]
            at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(
            at org.apache.felix.framework.BundleWiringImpl.access$400(
            at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(
            at java.lang.ClassLoader.loadClass(
            at java.lang.Class.forName0(Native Method)
            at java.lang.Class.forName(
            at org.forgerock.openidm.datasource.jdbc.impl.NonPoolingDataSourceFactory.newInstance(
            ... 9 more
    ShellTUI: No standard input...exiting.
    Apr 03, 2018 10:54:08 AM$4 run
    SEVERE: OpenIDM failure during startup, ACTIVE_NOT_READY: Not all modules started [] [org.forgerock.openidm.repo-jdbc] []

    I’ve followed the installation and integration guides procedures and tested the setup locally. However when deploying to the Kubernetes the containerized IDM cannot find the drivers in the bundle dir. The git/path/to/config/bundle contains the mysql-connector-java-5.1.46-bin.jar and git/path/to/config/conf the datasource.jdbc-default.json and repo.jdbc.json files.


    The solution to the problem was to put the drivers into the docker image’s openidm/bundle directory . The jars are not actually read from the /git/project directory in a container.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?