About Transport Layer Security (mutual TLS) Certificates for TimesTen Metrics

When https is used, the TimesTen Operator automatically creates self-signed certificates. The TimesTen Operator also creates two Kubernetes Secrets to hold these certificates.

As an example, for a TimesTen object called sample, these Secrets are automatically created:

• sample-metrics: This Secret is automatically mounted in the TimesTen exporter containers of the TimesTen Pods. It contains an Oracle Wallet, which contains all certificates needed by the TimesTen exporter for https.

• sample-metrics-client: This Secret contains files that a Prometheus server (or other scraper) requires to scrape TimesTen metrics. This Secret contains the following three files:

  • ca.crt: The Certificate Authority certificate needed by the client to authenticate the self-signed certificate used by the TimesTen exporter.

  • client.crt: The client certificate that the TimesTen exporter uses to authenticate any clients that try to scrape metrics from it.

  • client.key: The private key that is associated with the client.crt client certificate.

Both Secrets are created with appropriate Kubernetes owner references. If you delete the associated TimesTenClassic or TimesTenScaleout object, these Secrets are automatically deleted.

Although not recommended, you have the option of creating your own certificates to serve TimesTen metrics using https. See Create Your Own Oracle Wallet, Certificates, and Secrets for Exposing TimesTen Metrics.

Note:

If TimesTen metrics are served by using either http or https whereby you create your own self-signed certificates, then the TimesTen Operator does not automatically create certificates, Oracle Wallets, or Kubernetes Secrets.