1. Administering Oracle Advanced Authentication and Oracle Adaptive Risk Management
  2. Installing Oracle Advanced Authentication, Oracle Adaptive Risk Management, and Oracle Universal Authenticator
  3. Procedure for Installing OAA, OARM, and OUA
  4. About the Management Container

4.1 About the Management Container

The Management Container is a container that includes all the required scripts and tools needed to install OAA, OARM, and OUA on a new or existing Kubernetes cluster.

This container runs as a pod in the Kubernetes cluster. It is not part of the deployment itself, but facilitates deploying OAA, OARM, and OUA to the Kubernetes cluster.

The Management Container pod has the following binaries installed based on oraclelinux, along with the standard linux utilities such as zip, iputils, net-tools, and vim:
  • kubectl
  • helm
  • sqlplus: instantclient_19_10
  • openssl

For more information about the Management Container, see the following topics:

4.1.1 Components of the Management Container

This section provides an overview of important files and folders in the management container pod.

Table 4-1 Management Container Files and Folder Reference

Files and Folders Description
OAA.sh This script file is used to install OAA, OARM, and OUA. The installOAA.properties file must be given as an argument to the script for installing OAA, OAA-OARM, OARM, and OAA-OARM-OUA.

For more information, see Preparing the Properties file for Installation
installsettings This folder contains the oaaoverride.yaml that can be customized to set the replicaCount for some of the services in OAA, OARM, and OUA.

To enable this you must set the common.deployment.overridefile property in the installOAA.properties.

helmcharts This folder contains helm charts and values.yaml for all OAA, OARM, and OUA services.
libs This folder contains the following files:
  • OAAAuthnPlugin.jar: this plugin is used for integrating OAM with OAA.
    • If your OAM is pre April 22 Bundle patch (12.2.1.4.220404), the plugin must be imported into OAM.
    • If your OAM has April 22 Bundle patch (12.2.1.4.220404) or later then the plugin is included in OAM by default.
    For details, see Install the OAA Plugin for OAM
  • messagingprovider-interface-install-oaa-<release-version>.jar: This file can be used to customize the SMS and email factors in OAA. For more information, see Customizing Email and SMS Messaging Provider
logs This folder maps to the NFS volume <NFS_LOG_PATH> and stores logs and status of the OAA, OARM, and OUA installation.
oaa_cli This folder contains files that can be customized and used to install geo-location data for OARM. For more information, see Loading Geo-Location Data
scripts/creds This folder maps to the NFS volume <NFS_CREDS_PATH> and contains the following files that get copied, created, and used during installation:
  • trust.p12
  • cert.p12
  • k8sconfig
  • helmconfig
  • <OUAtapPartner>.jks
scripts/settings This folder maps to the NFS volume <NFS_CONFIG_PATH> and stores installOAA.properties, and oaaoverride.yaml configuration files required for installation.
service/store/oaa This folder maps to the NFS volume <NFS_VAULT_PATH> that is shared between management container and the OAA, OARM, and OUA deployment. It stores the file based vault (if not using OCI based vault).

4.1.2 Preset Environment Variables in Management Container

The Management Container pod is configured with a predefined set of environment variables.

Table 4-2 Preset Environment Variables

Environment Variable Description
HELM_CONFIG This is set to /u01/oracle/scripts/creds/helmconfig.
KUBECONFIG This is set to /u01/oracle/scripts/creds/k8sconfig.
SCRIPT_PATH This is set to /u01/oracle/scripts. This contains the installation scripts.
CONFIG_DIR This is a NFS volume <NFS_CONFIG_PATH> used to store the configuration externally.

It is mounted to the path /u01/oracle/scripts/settings in the container.

CREDS_DIR This is a NFS volume <NFS_CREDS_PATH> used to store credentials, such as helmconfig, kubeconfig, tap partner keystores, and login private keys.

It is mounted to the path /u01/oracle/scripts/creds in the container.

LOGS_DIR This is a NFS volume <NFS_LOGS_PATH> used to store installation logs and status.

It is mounted to path /u01/oracle/logs in the container.

HELM_CHARTS_PATH This is the path where all the helm charts related to the installation exist.
LD_LIBRARY_PATH Sets the instantclient folder. The variable is required to run the sqlplus and DB-related commands from instantclient present in the container.
LIBS_DIR This exists in the path /u01/oracle/libs.

It contains the jar file required for customizing email and SMS providers and the OAM Authentication plugin.

It also contains jars that are required for file based vault deployment.
JARPATH This contains the jars required for file based vault to run properly.

4.1.3 Mounted Volumes in the Management Container

This section provides details about the mounted volumes in the Management Container pod.

Table 4-3 Mounted Volumes in Management Container

Mount Folder Description Permissions to be Set
/u01/oracle/logs Path not configurable.

This is used to store installation logs and status.

This maps to NFS volume <NFS_LOG_PATH> created as a prerequisite.

Read-Write-Execute

The NFS volume <NFS_LOG_PATH> must have Read-Write-Execute permissions for all.

/u01/oracle/scripts/settings Path not configurable.

This is used to store the customized configuration file for installing OAA and OARM.

This maps to NFS volume <NFS_CONFIG_PATH> created as a prerequisite.

Read-Write-Execute

The NFS volume <NFS_CONFIG_PATH> must have Read-Write-Execute permissions for all.

/u01/oracle/scripts/creds Path not configurable.

This is used to store credential files such as k8sconfig, helmconfig, trust.p12 and cert.p2.

This maps to NFS volume <NFS_CREDS_PATH> created as a prerequisite.

Read-Write-Execute

The NFS volume <NFS_CREDS_PATH> must have Read-Write-Execute permissions for all.

/u01/oracle/service/store/oaa Path is configurable.

This is used to store the vault artifacts for file-based vault.

This maps to NFS volume <NFS_VAULT_PATH> created as a prerequisite.

Read-Write-Execute

The NFS volume <NFS_VAULT_PATH> must have Read-Write-Execute permissions for all.

For more details about NFS volume requirements, see Configuring NFS Volumes.