Requirements for Oracle HTTP Server on Kubernetes

3.5 Requirements for Oracle HTTP Server on Kubernetes

This section provides information about the system requirements and limitations for deploying and running Oracle HTTP Server (OHS) on Kubernetes.

System Requirements for OHS on Kubernetes

You must have a running Kubernetes cluster that meets the following requirements:

The Kubernetes cluster and container engine must meet the minimum version requirements outlined in document ID 3058838.1 on My Oracle Support.
An administrative host from which to deploy the products. This host could be a Kubernetes Control host, a Kubernetes Worker host, or an independent host. This host must have kubectl deployed using the same version as your cluster.
The Kubernetes cluster must have sufficient nodes and resources.
A supported container engine such as CRI-O or Docker must be installed and running on the Kubernetes cluster.
The system clocks on node of the Kubernetes cluster must be synchronized. Run the date command simultaneously on all the nodes in each cluster and then synchronize accordingly.

Note:

This documentation does not tell you how to install a Kubernetes cluster, the container engine, or how to push container images to a container registry. Please refer to your vendor specific documentation for this information.

Before deploying OHS you must consider what architecture to deploy and then plan accordingly.

Oracle Access Management Requirements

If you intend to use OHS with Oracle WebGate and Oracle Access Management (OAM), then OAM must have been deployed beforehand, either in an on-premises environment, or in a Kubernetes cluster. You must have an understanding of OAM and Oracle WebGate before proceeding.

Instructions for deploying OAM 14.1.2.1.0 in a Kubernetes cluster can be found in Deploying and Managing Oracle Access Management on Kubernetes. OAM in a Kubernetes cluster must be deployed as per one of the supported architectures defined. See, Supported Architectures for Oracle HTTP Server.

To use Oracle WebGate with OHS you must perform the following before deploying OHS:

Update the Load Balancing and WebGate Traffic Load Balancer to the entry point for OAM. For example, if OAM is accessed via the load balancer (https://loadbalancer.example.com), then the OAM Server Host, OAM Server Port, and OAM Server Protocol should be updated to loadbalancer.example.com, 443, and HTTPS respectively. For more information, see Updating the OAM Hostname and Port for the Loadbalancer.
Create an Agent in the Oracle Access Management console. After creating the agent, make sure the User Defined Parameters for OAMRestEndPointHostName, OAMRestEndPointPort, and OAMServerCommunicationMode are set to the same values as the load balancing settings above. See, Registering a WebGate Agent.
In the Application Domain created for the WebGate, update the resources with any resources you wish to protect.
Create any Host Identifier(s) for any URL’s you require. For example if you access OAM via a load balancer, create a host identifier for both the load balancer hostname.domain and the OHS hostname.domain. If you access OAM directly via OHS, create a host identifier for the OHS hostname.domain. See, Creating Host Identifiers.
Download the zip file for the Agent from the OAM Console. This zip file will later be copied and extracted to the $WORKDIR/ohsConfig/webgate/config directory. See, Preparing Your OHS Configuration Files.