5.1.8 Setting Up a Container Image Registry (CIR)

During the management container installation, container images are pushed to a Container Image Registry (CIR). During deployment, images are pulled from the same registry. You must therefore setup a Container Image Registry as a prerequisite. This registry must be accessible from all nodes in the Kubernetes cluster where OAA, OARM, and OUA is to be deployed.

Depending on the CIR you are using, you may have to create the following repository entries in the CIR prior to installation. For example, if using Oracle Container Registry in Oracle Cloud Infrastructure (OCI), you must create these repository entries in advance otherwise the install will fail to push the images:
  • oaa-admin
  • oaa-factor-email
  • oaa-factor-fido
  • oaa-factor-kba
  • oaa-factor-push
  • oaa-factor-sms
  • oaa-factor-totp
  • oaa-factor-yotp
  • oaa-factor-custom
  • oaa-mgmt
  • oaa-policy
  • oaa-spui
  • oaa-svc
  • risk-cc
  • risk-engine
  • oaa-drss

Additional Images

During installation the following additional image is installed:
  • oraclelinux:8-slim from https://ghcr.io/oracle

Administrators must whitelist this sites to allow the Kubernetes cluster to pull this image.

If you cannot whitelist this site, then you must pull the image down manually and store them in your container registry. For example to pull the ghcr.io/oracle image: 
podman pull ghcr.io/oracle/oraclelinux:8-slim
In order for the installation to know about the location of the oraclelinux:8-slim image, you must edit the installOAA.properties and in the ## 5. Chart configuration# section, set install.global.testrepo to the location of your container registry.

Note:

This parameter is not shown in the installOAA.properties file by default.
See, Preparing the Properties file for Installation.

5.1.8.1 Configuration Checkpoint

  1. Before proceeding make sure you have the following information:
    Variable Your Value Sample Value Description
    <CIR_HOST> cir.example.com The fully qualified hostname of the Container Image Registry
    <CIR_REPOSITORY>   cir.example.com/repository/oaa The repository where the OAA images will be pushed to.