About Accessing the Endpoint from Outside the Cluster
When the TimesTen Operator starts up, it creates a NodePort Service that maps to the metrics endpoint. This allows applications outside the cluster to access this information. The TimesTen Operator attempts to create this NodePort Service on an external port number that you provide. If successful, applications outside the cluster can then issue GETs to this port number on any node in the cluster in order to retrieve the TimesTen connection strings. It is up to you to make the IP addresses of cluster nodes and the external port number available to applications.
The metrics endpoint by default uses https, secured with a self-signed certificate created by the TimesTen Operator. Applications running inside the cluster can get the appropriate certificate to allow them to access the endpoint by mounting the Kubernetes Secret called timesten-operator-metrics-client. The TimesTen Operator automatically creates this Secret.
However, applications outside the cluster cannot directly access this Secret or other Secrets within the cluster. You must manually extract the contents of the timesten-operator-metrics-client Secret and make it available to applications outside the cluster that want to use the Connection Manager API.
-
ca.crt: Adds the TimesTen Operator's certificate to the list of certificates that the application accepts (or trusts). -
client.crt: Contains a client certificate that the TimesTen Operator trusts. -
client.key: Contains the private key for the client certificate.
To access the Connection Manager API, applications must authenticate to the TimesTen Operator using this information.