1. Administering Oracle Advanced Authentication and Oracle Adaptive Risk Management
  2. Installing Oracle Advanced Authentication, Oracle Adaptive Risk Management, and Oracle Universal Authenticator
  3. Procedure for Installing OAA, OARM, and OUA
  4. Prerequisite Configurations for Installing OAA, OARM, and OUA
  5. Setting Up a Container Image Registry (CIR)

5.1.8 Setting Up a Container Image Registry (CIR)

During the management container installation, container images are pushed to a Container Image Registry (CIR). During deployment, images are pulled from the same registry. You must therefore setup a Container Image Registry as a prerequisite. This registry must be accessible from all nodes in the Kubernetes cluster where OAA, OARM, and OUA is to be deployed.

Depending on the CIR you are using, you may have to create the following repository entries in the CIR prior to installation. For example, if using Oracle Container Registry in Oracle Cloud Infrastructure (OCI), you must create these repository entries in advance otherwise the install will fail to push the images:
  • oaa-admin
  • oaa-factor-email
  • oaa-factor-fido
  • oaa-factor-kba
  • oaa-factor-push
  • oaa-factor-sms
  • oaa-factor-totp
  • oaa-factor-yotp
  • oaa-factor-custom
  • oaa-mgmt
  • oaa-policy
  • oaa-spui
  • oaa-svc
  • risk-cc
  • risk-engine
  • oaa-drss

Additional Images

During installation the following additional images are installed:
  • oraclelinux:8-slim and oraclelinux7-instantclient:19 from https://ghcr.io/oracle

Administrators must whitelist these sites to allow the Kubernetes cluster to pull these images.

If you cannot whitelist these sites, then you must pull the images down manually and store them in your container registry. For example to pull the ghcr.io/oracle images: 
podman pull ghcr.io/oracle/oraclelinux7-instantclient:19
podman pull ghcr.io/oracle/oraclelinux:8-slim
In order for the installation to know about the location of the oraclelinux:8-slim and oraclelinux7-instantclient:19 images, you must edit the installOAA.properties and in the ## 5. Chart configuration# section, set install.global.testrepo to the location of your container registry.

Note:

This parameter is not shown in the installOAA.properties file by default.
See, Preparing the Properties file for Installation.

5.1.8.1 Configuration Checkpoint

  1. Before proceeding make sure you have the following information:
    Variable Your Value Sample Value Description
    <CIR_HOST> cir.example.com The fully qualified hostname of the Container Image Registry
    <CIR_REPOSITORY>   cir.example.com/repository/oaa The repository where the OAA images will be pushed to.