1. Administering Oracle Advanced Authentication and Oracle Adaptive Risk Management
  2. Installing Oracle Advanced Authentication, Oracle Adaptive Risk Management, and Oracle Universal Authenticator
  3. Procedure for Installing OAA, OARM, and OUA
  4. Prerequisite Configurations for Installing OAA, OARM, and OUA
  5. Kubernetes Cluster Requirements

4.2.1 Kubernetes Cluster Requirements

OAA, OARM, and OUA are designed to be deployed on a Cloud Native Environment. They are composed of multiple components that run as microservices on a Kubernetes cluster, managed by Helm charts. Specifically, each component (microservice) is composed as a Kubernetes Pod, which is deployed to a Kubernetes node in the cluster.

Topics:

4.2.1.1 Configuring a Kubernetes Cluster

You must install a Kubernetes cluster that meets the following requirements:

  • The Kubernetes cluster must have a minimum of three nodes.
  • The nodes must meet the following system minimum specification requirements:
    System Minimum Requirements
    Memory 64 GB RAM
    Disk 150 GB
    CPU 8 x CPU with (Virtualization support. For example, Intel VT)
  • An installation of Helm is required on the Kubernetes cluster. Helm is used to create and deploy the necessary resources.
  • A supported container engine must be installed and running on the Kubernetes cluster.
  • The Kubernetes cluster and container engine must meet the minimum version requirements outlined in Document ID 2723908.1 on My Oracle Support.
  • The nodes in the Kubernetes cluster must have access to a shared volume such as a Network File System (NFS) mount. Ths NFS mounts are used by the Management Container pod during installation, during runtime for the File Based Vault (if not using OCI based vault), and for other post installation tasks such as loading geo-location data.

Note:

This documentation does not explain how to configure a Kubernetes cluster given the products can be deployed on any compliant Kubernetes vendor. If you need to understand how to configure a Kubernetes cluster ready for an OAA, OARM, and OUA deployment, you can follow the Enterprise Deployment Guide for Oracle Identity and Access Management in a Kubernetes Cluster.

4.2.1.2 Configuring NFS Volumes

All nodes in the Kubernetes cluster require access to shared volumes on an NFS server. During the installation, the management container pod stores configuration information, credentials, and logs in the NFS volumes. Once the installation is complete the pods require access to a volume that contains the File based vault (if not using OCI based vault), for storing and accessing runtime credentials.

The following NFS volumes must be created prior to the installation. In all cases the NFS export path must have read/write/execute permission for all. Make sure the NFS volumes are accessible to all nodes in the cluster.

Volume Description Path
Configuration A NFS volume which stores the OAA configuration such as installOAA.properties. <NFS_CONFIG_PATH>
Credentials A NFS volume which stores OAA credentials such as Kubernetes and Helm configuration, SSH key, PKCS12 files, and the OUA TAP partner keystore. <NFS_CREDS_PATH>
Logs A NFS volume which stores OAA installation logs and status. <NFS_LOGS_PATH>
File based vault A NFS volume which stores OAA runtime credentials. <NFS_VAULT_PATH>

Note:

The NFS Server IP address and NFS PATH's will be set in the install.mount.* parameters in the installOAA.properties. See Preparing the Properties file for Installation.