About Transport Layer Security (mutual TLS) Certificates for TimesTen Metrics
When https is used, the TimesTen Operator automatically creates self-signed certificates. The TimesTen Operator also creates two Kubernetes Secrets to hold these certificates.
sample
, these Secrets are automatically created:
-
sample-metrics
: This Secret is automatically mounted in the TimesTen exporter containers of the TimesTen Pods. It contains an Oracle Wallet, which contains all certificates needed by the TimesTen exporter for https. -
sample-metrics-client
: This Secret contains files that a Prometheus server (or other scraper) requires to scrape TimesTen metrics. This Secret contains the following three files:-
ca.crt
: The Certificate Authority certificate needed by the client to authenticate the self-signed certificate used by the TimesTen exporter. -
client.crt
: The client certificate that the TimesTen exporter uses to authenticate any clients that try to scrape metrics from it. -
client.key
: The private key that is associated with theclient.crt
client certificate.
-
Both Secrets are created with appropriate Kubernetes owner references. If you delete the associated TimesTenClassic or TimesTenScaleout object, these Secrets are automatically deleted.
Note:
If TimesTen metrics are served by using either http or https whereby you create your own self-signed certificates, then the TimesTen Operator does not automatically create certificates, Oracle Wallets, or Kubernetes Secrets.