8.1 Configuring Traefik

You must configure an ingress controller to allow access to Oracle Identity Governance (OIG).

The ingress can be configured in the following ways:

• Without SSL
• With SSL
• OIG URI’s are accessible from all hosts
• OIG URI’s are accessible using virtual hostnames only

The option you choose will depend on the architecture you are configuring. For example, if you have an architecture such as Oracle HTTP Server on an Independent Kubernetes cluster, where SSL is terminated at the load balancer, then you would configure the ingress without SSL.

In almost all circumstances, the ingress should be configured to be accessible from all hosts (using host.enabled: false in the values.yaml). You can only configure ingress to use virtual hostnames (using host.enabled: true in the values.yaml), if all of the following criteria are met:

• SSL is terminated at the load balancer
• The SSL port is 443
• You have separate hostnames for OIG administration URL’s (for example https://admin.example.com/em), and OIG runtime URL’s (for example https://runtime.example.com/oig/server).

This chapter includes the following topics:

• Installing the Traefik Repository
• Creating a Kubernetes Namespace for Traefik
• Generating SSL Certificates for Traefik
• Installing the Traefik Controller
• Preparing the Traefik values.yaml
• Creating the Traefik Ingress