Skip to content

Frequently asked questions

Docker Images

What are the latest Ping product versions available as Docker images? The latest Ping product images are tagged with {RELEASE}-{PRODUCT VERSION}. You can find more information about our latest product images by consulting the Product Version matrix.
Do the images come as product only or combined with an OS layer? The DevOps program uses Alpine as its base OS shim for all images. For more information please visit Supported OS Shim.
I have created a custom product installation. If we require a specific image, can that be supplied by Ping? We do not provide custom images, but you are welcome to build the image locally with your customized bits. For more information, see Build Local Images.
It is important to note using a custom image might affect support options and timing.

Container Operations

How do files move around when the container starts up? To find out how our files are moved at start up, please visit File Flowchart.
How do I turn off the calls to the Message of the Day (MOTD)? Set the environment variable in PingBase to: MOTD_URL=""

For more information about the PingBase environment variables, please visit PingBase.

How do I get more verbosity in log outputs? Set the environment variables in PingBase to: VERBOSE=“true”

For more information about the PingBase environment variables, please visit PingBase

Orchestration / Helm / Kubernetes

My container environment is not allowed to make any external calls to services such as Github or Docker
Hub. Can I still use Ping Identity containers?

Yes. This practice is common in production scenarios. To use Ping Identity containers in this situation:

 1. Use an Existing License.

 2. Use an empty remote profile SERVER_PROFILE_URL="". Optionally, you can build your profile into the image, visit Server Profiles for more information.

 3. Turn off license verification with MUTE_LICENSE_VERIFICATION="true".

 4. Turn off calls to the Message of the Day (MOTD) with MOTD_URL="".
How do we run the console and engines in a container environment? The helm chart supports instantiating both consoles and engines. Ingress to the consoles would have to be laid out for UI access.

For more information about the Ping's Helm Charts, please visit Ping Helm

Can I use Podman instead of Docker? Yes, just like Docker, you will be able to use Podman for container orchestration.
Why does Ping recommand K8s vs docker?
 1. Docker or a pure container solution like ECS by itself is generally not as robust or resilient as a K8s environment. While managed Docker services like ECS provide some of the functionality of Kubernetes, you are locked into that provider and you would have a different experience at Google, Azure, or another cloud provider. Kubernetes, even managed services like EKS, provides more flexibility and portability.

 2. It is the model we use for our SaaS offerings, so internal teams at Ping are more familiar with this model.

 3. Orchestration among multiple applications and services is native to Kubernetes, a bit of an add-on with Container-only services.

 4. Workload management using Kubernetes native objects, such as Horizontal Pod Autoscaling, Node scaling and so on.

 5. Management through Infrastructure-as-Code principles using Helm Charts and Values files.

Configuration and Server Profile

How do I customize a container? There are many ways to customize the container for a Ping product. For example, you can create a customized server profile to save a configuration.

To find more ways on how to customize a container, see Customizing Containers.

How do I save product configurations? In order to save configurations, create a server profile and store in a server profile repository. This repository can be used to pass the configuration into the runtime environment. For help with creating a custom server profile, visit Server Profiles.

Examples of how to get the profile data from the different products:

PingFederate Profile
curl -k https://localhost:9999/pf-admin-api/v1/bulk/export?includeExternalResources=false \
-u administrator:2FederateM0re \
-H 'X-XSRF-Header: PingFederate' \
-o data.json
  PingAccess Profile
curl -k https://localhost:9000/pa-admin-api/v3/config/export \
-u administrator:2FederateM0re \
-H "X-XSRF-Header: PingAccess" \
-o data.json
PingDirectory Profile
kubectl exec -it pingdirectory-0 \
-- manage-profile generate-profile \
--profileRoot /tmp/pd.profile
What should be in my server profile? For more information about what information should be in the server profile consist, please visit Container Anatomy and Profile Structures.
Does my server profile have to be hosted on Github? No, it can be any Public or Private git repository.

You are also able to use a Local Directory as your repository, which is convenient for testing and development.

How do I access various product consoles? For a Helm-deployed stack, there are two basic ways you can access the consoles.

1. PortForward to the pod to access with localhost.

kubectl port-forward <podName> <containerPort>:<localPort>

2. Using Helm, add the ingress definition in the yaml file in order to access the container with a URL. See Creating Ingresses. You must have an ingress controller in your cluster for the ingress to work.
How do I use an existing license? You can mount the license in the container's opt/in directory. Please see using existing licenses for more information.
How do I turn off the license verification? Set the environment variable in PingBase to: MUTE_LICENSE_VERIFICATION="true"

For more information about the PingBase environment variables, please visit PingBase.