About Creating Your Own Oracle Wallet, Certificates, and Kubernetes Secrets

You have the option of creating your own Oracle Wallet, certificates, and Kubernetes Secrets to serve TimesTen metrics by https. If you choose this option, the TimesTen Operator cannot create a PodMonitor object with sufficient information to allow Prometheus to access TimesTen. You can create a PodMonitor object yourself or otherwise edit the Prometheus configuration files to cause Prometheus to scrape TimesTen metrics.

After you create a Kubernetes Secret containing an Oracle Wallet (that contains the necessary certificates), you must include this Secret in your TimesTenClassic or TimesTenClassic object YAML manifest file. You do this by specifying the .spec.ttspec.prometheus.certSecret datum in your object definition.

Here is a code snippet of a TimesTenClassic object YAML manifest file:

apiVersion: timesten.oracle.com/v1
kind: TimesTenClassic
metadata:
  name: samplecertsecret
spec:
  ttspec:
…
    prometheus:
      certSecret: prometheuscert
      port: 7777

Note the following:

• The .spec.ttspec.prometheus datum is specified in the TimesTen Classic object YAML manifest file. This causes the TimesTen Operator to automatically deploy the TimesTen exporter in a separate container within each Pod running TimesTen.

• The certSecret datum is specified in the .spec.ttspec.prometheus clause of the TimesTenClassic object. The wallet contained in the prometheusecert Kubernetes Secret is used for Transport Layer Security (mutual TLS)/https.

  The port datum is specified. This is the port on which the TimesTen exporter listens. The causes the TimesTen Operator to set up the http server on TCP port 7777 in each TimesTen Pod.

Here is a summary of the tasks you need to complete to create your own Oracle Wallet, certificates, and Kubernetes Secret. The summary also includes the tasks to include the appropriate Kubernetes Secret in a TimesTenClassic or TimesTenScaleout object YAML manifest file. There is a complete example in Create Your Own Oracle Wallet, Certificates, and Kubernetes Secrets.

• Create a TimesTen instance. See Before You Begin.

• Use the TimesTen ttExporter utility to generate the certificates. One of the certificates that is created is the self-signed server certificate. This certificate is placed in an Oracle Wallet. See Create Certificates.
• Place the Oracle Wallet into a Kubernetes Secret. See Create a Kubernetes Secret Containing an Oracle Wallet.
• Specify the name of the Secret in the spec.ttspec.prometheus.certSecret datum of a TimesTenClassic or TimesTenScaleout object YAML manifest file. See Define and Deploy a TimesTenClassic Object.

• Save the PEM formatted file containing the server certificate, the client certificate, and the client private key that were created when you ran the TimesTen ttExporter utility. You need these later to configure the Prometheus server. See Create Certificates.

Here are additional references:

• For information about the spec.ttspec.prometheus.certSecret datum, see TimesTenClassicSpecSpecPrometheus and TimesTenScaleoutSpecSpecPrometheus.

• For information about the command line options for the ttExporter utility, see ttExporter in the Oracle TimesTen In-Memory Database Reference.