1. Administering Oracle Advanced Authentication and Oracle Adaptive Risk Management
  2. Installing Oracle Advanced Authentication, Oracle Adaptive Risk Management, and Oracle Universal Authenticator
  3. Procedure for Installing OAA, OARM, and OUA
  4. Prerequisite Configurations for Installing OAA, OARM, and OUA
  5. Installing a Container Image Registry (CIR)

4.2.5 Installing a Container Image Registry (CIR)

During the management container installation, container images are pushed to a Container Image Registry (CIR). During deployment, images are pulled from the same registry. You must therefore install a Container Image Registry as a prerequisite. This registry must be accessible from all nodes in the Kubernetes cluster where OAA, OARM, and OUA is to be deployed.

Depending on the CIR you are using, you may have to create the following repository entries in the CIR prior to installation. For example, if using Oracle Container Registry in Oracle Cloud Infrastructure (OCI) you must create these repository entries in advance, otherwise the install will fail to push the images:
  • oaa-admin
  • oaa-factor-email
  • oaa-factor-fido
  • oaa-factor-kba
  • oaa-factor-push
  • oaa-factor-sms
  • oaa-factor-totp
  • oaa-factor-yotp
  • oaa-factor-custom
  • oaa-mgmt
  • oaa-policy
  • oaa-spui
  • oaa-svc
  • risk-cc
  • risk-engine
  • oaa-drss

Additional Images

During installation the following additional images are installed:
  • oraclelinux:8-slim and oraclelinux7-instantclient:19 from https://ghcr.io/oracle
  • controller:v1.0.0 from https://registry.k8s.io/ingress-nginx. This image is only pulled if you want to use the ingress controller installed during the OAA install. See Installing OAA, OARM, and OUA Using NGINX Ingress.

Administrators must whitelist these sites to allow the Kubernetes cluster to pull these images.

If you cannot whitelist these sites, then you must pull the images down manually and store them in your container registry. For example to pull the ghcr.io/oracle images: 
podman pull ghcr.io/oracle/oraclelinux7-instantclient:19
podman pull ghcr.io/oracle/oraclelinux:8-slim
In order for the installation to know about the location of the oraclelinux:8-slim and oraclelinux7-instantclient:19 images, you must edit the installOAA.properties and in the ## 5. Chart configuration# section, set install.global.testrepo to the location of your container registry.

Note:

This parameter is not shown in the installOAA.properties file by default.
See, Preparing the Properties file for Installation.
For controller:v1.0.0 it is recommended to pull the latest controller:v1.X version. See https://github.com/kubernetes/ingress-nginx/releases to find the latest release. For example:
podman pull registry.k8s.io/ingress-nginx/controller:v1.X.X
In order for the installation to know about the location of the controller:v1.X.X image, add the following parameters to the installOAA.properties in the ##7. Ingress configuration## section:

Note:

These parameters are not shown in the installOAA.properties file by default. 
ingress.install.controller.image.repository=<registry>
ingress.install.controller.image.image=<repository>
ingress.install.controller.image.tag=<tag>
For example: 
ingress.install.controller.image.repository=container-registry.example.com
ingress.install.controller.image.image=ingress-nginx/controller
ingress.install.controller.image.tag=v1.X.X
See Preparing the Properties file for Installation.