This chapter discusses security features and requirements for the TimesTen Kubernetes Operator, covering these topics:
Kubernetes is an open-source platform for managing containerized workloads and services. Kubernetes manages the resources of multiple hosts in a cluster and runs containers as required across these hosts.
TimesTen provides a Kubernetes Operator that manages Kubernetes objects of type TimesTenClassic. TimesTen can be deployed, monitored, managed, and controlled in an automated manner with no required human intervention.
See Oracle TimesTen In-Memory Database Kubernetes Operator User's Guide for information about the TimesTen Kubernetes Operator.
The TimesTen Operator creates and manages Pods and containers running TimesTen on behalf of the user. It monitors and controls TimesTen in those containers through the TimesTen agent.
The Operator requires privileges in the Kubernetes cluster. The service_account.yaml file is a file included with the TimesTen Operator. When you run the service_account.yaml file, a Kubernetes role with a particular set of permissions is defined. The Operator runs with the permissions you granted to this role. See "Configuring Kubernetes" in Oracle TimesTen In-Memory Database Kubernetes Operator User's Guide for information on the service_account.yaml file.
The TimesTen Operator must be given suitable permissions to create and monitor the other objects in the Kubernetes cluster. The service_account.yaml file contains the default permissions.
The set of Kubernetes users who can create, modify, and delete TimesTenClassic objects in a Kubernetes cluster is under the control of the Role Based Access Control (RBAC) configuration of the cluster.
In order to provide a secure installation, you should restrict the set of users who have Kubernetes RBAC permissions to GET Secret objects in the Kubernetes namespace. (See the next section, "Encryption for the TimesTen Kubernetes Operator", regarding Secrets.)
The TimesTen agent creates the TimesTen instance, runs as the oracle user, and starts TimesTen. The oracle user is the instance administrator of the TimesTen instance. The Operator limits the set of open ports in containers that are running TimesTen to those ports that TimesTen uses.
To ensure that only the TimesTen Operator can communicate with the TimesTen agents:
Communication between the TimesTen Operator and the TimesTen agents is secured through TLS using self-signed certificates that are created by the Operator. These certificates, inside an Oracle Wallet, are transmitted to the agents through Kubernetes Secrets that the Operator creates. The TimesTen Operator runs in a customer-specified Kubernetes namespace. These Secrets are created in that namespace.
Containers that run the TimesTen agent (and TimesTen itself) have access to the Secrets, and therefore to the certificates included in them. This insures that only the Operator and the agents have access to these certificates, preventing other users from using the agent to control TimesTen.
The Operator creates a different self-signed certificate for each TimesTenClassic object when the object is created. These certificates are created by the standard Java keytool command and are stored in a pkcs12 keystore.
The Operator stores each keystore in a different Kubernetes Secret. When the Operator instructs Kubernetes to create Pods and containers (that run the TimesTen agents), the contents of the Secret are mounted as files in the file system of the TimesTen agent. This ensures that the certificate is securely communicated between the Operator and the TimesTen agents.
The TimesTen agent is configured to accept only HTTPS connections and to authenticate those connections using the self-signed certificate. The agent is configured to listen on port 8443 and to not accept any other form of communication.