About Creating Your Own Oracle Wallet, Certificates, and Kubernetes Secrets
You have the option of creating your own Oracle Wallet, certificates, and Kubernetes Secrets to serve TimesTen metrics by https. If you choose this option, the TimesTen Operator cannot create a PodMonitor object with sufficient information to allow Prometheus to access TimesTen. You can create a PodMonitor object yourself or otherwise edit the Prometheus configuration files to cause Prometheus to scrape TimesTen metrics.
After you create a Kubernetes Secret containing an Oracle Wallet (that contains the necessary certificates), you must include this Secret in your TimesTenClassic or TimesTenClassic object YAML manifest file. You do this by specifying the .spec.ttspec.prometheus.certSecret
datum in your object definition.
apiVersion: timesten.oracle.com/v1
kind: TimesTenClassic
metadata:
name: samplecertsecret
spec:
ttspec:
…
prometheus:
certSecret: prometheuscert
port: 7777
-
The
.spec.ttspec.prometheus
datum is specified in the TimesTen Classic object YAML manifest file. This causes the TimesTen Operator to automatically deploy the TimesTen exporter in a separate container within each Pod running TimesTen. -
The
certSecret
datum is specified in the.spec.ttspec.prometheus
clause of the TimesTenClassic object. The wallet contained in theprometheusecert
Kubernetes Secret is used for Transport Layer Security (mutual TLS)/https.The
port
datum is specified. This is the port on which the TimesTen exporter listens. The causes the TimesTen Operator to set up the http server on TCP port 7777 in each TimesTen Pod.
Here is a summary of the tasks you need to complete to create your own Oracle Wallet, certificates, and Kubernetes Secret. The summary also includes the tasks to include the appropriate Kubernetes Secret in a TimesTenClassic or TimesTenScaleout object YAML manifest file. There is a complete example in Create Your Own Oracle Wallet, Certificates, and Kubernetes Secrets.
-
Create a TimesTen instance. See Before You Begin.
- Use the TimesTen
ttExporter
utility to generate the certificates. One of the certificates that is created is the self-signed server certificate. This certificate is placed in an Oracle Wallet. See Create Certificates. - Place the Oracle Wallet into a Kubernetes Secret. See Create a Kubernetes Secret Containing an Oracle Wallet.
- Specify the name of the Secret in the
spec.ttspec.prometheus.certSecret
datum of a TimesTenClassic or TimesTenScaleout object YAML manifest file. See Define and Deploy a TimesTenClassic Object. -
Save the PEM formatted file containing the server certificate, the client certificate, and the client private key that were created when you ran the TimesTen
ttExporter
utility. You need these later to configure the Prometheus server. See Create Certificates.
-
For information about the
spec.ttspec.prometheus.certSecret
datum, see TimesTenClassicSpecSpecPrometheus and TimesTenScaleoutSpecSpecPrometheus. -
For information about the command line options for the
ttExporter
utility, see ttExporter in the Oracle TimesTen In-Memory Database Reference.