1. Administering Oracle Advanced Authentication and Oracle Adaptive Risk Management
  2. Installing Oracle Advanced Authentication, Oracle Adaptive Risk Management, and Oracle Universal Authenticator
  3. Installing OAA, OARM, and OUA Using NGINX Ingress
  4. Installing your own Ingress Controller
  5. Prerequisites for Installing OAA, OARM, and OUA using Ingress

5.2.1 Prerequisites for Installing OAA, OARM, and OUA using Ingress

If using your own Ingress controller, you must install it before installing OAA, OARM, and OUA. Perform the following steps to install NGINX ingress controller on one of the nodes in the cluster.

  1. Generate SSL Certificate
    1. Generate a private key (tls.key) and certificate signing request (CSR) using a tool of your choice. Send the CSR to your certificate authority (CA) to generate the certificate (tls.crt). Instructions on how to do this can be found under Using a third party CA for generating certificates in Generating Server Certificates and Trusted Certificates.
      Alternatively, to use a certificate for testing purposes you can generate a self-signed certificate using openssl:
      mkdir /OAA/ingress_ssl
      cd /OAA/ingress_ssl
      openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=node.example.com"

      Note:

      If you created your own CA in Generating Server Certificates and Trusted Certificates, you can also generate a certificate using that CA.

      Note:

      The CN must match the host.domain of the kubernetes node you are installing on to prevent hostname problems during certificate verification.
    2. Create a secret for SSL by running the following command:
      kubectl create secret tls oaa-tls-cert --key /OAA/ingress_ssl/tls.key --cert /OAA/ingress_ssl/tls.crt
  2. Install NGINX ingress
    1. Add the helm chart repository for NGINX using the following command
      helm repo add stable https://kubernetes.github.io/ingress-nginx
    2. Update the repository using the following command
      helm repo update
    3. Create a namespace, for example nginxssl:
      kubectl create namespace nginxssl
    4. Install NGINX using the helm install nginx-ingress command. For example:
      helm install nginx-ingress -n nginxssl --set controller.extraArgs.default-ssl-certificate=oaa-tls-cert  --set controller.service.type=NodePort --set controller.admissionWebhooks.enabled=false stable/ingress-nginx
    5. Get the nodeport port number. For example:
      kubectl get services -n nginxssl -o jsonpath="{.spec.ports[1].nodePort}" nginx-ingress-ingress-nginx-controller

      The command will return the port number, for example 31281. Therefore, the URL for the ingress controller is http://node.example.com:31281

      The hostname and port returned is used for the install.global.serviceurl parameter in the installOAA.properties in Updating the Install Properties File for Installing OAA/OARM/OUA Using Ingress