1. Kubernetes Operator User's Guide
  2. Expose Metrics from the TimesTen Kubernetes Operator
  3. About Transport Layer Security (mutual TLS) Certificates

About Transport Layer Security (mutual TLS) Certificates

When https is used, the TimesTen Operator automatically creates self-signed certificates. The TimesTen Operator also creates two Kubernetes Secrets to hold these certificates:

  • timesten-operator-metrics: This Secret is used internally by the TimesTen Operator. It contains all the certificates needed by the TimesTen Kubernetes Operator for https/TLS. You do not need to use or examine this Secret.

  • timesten-operator-metrics-client: This Secret contains files that a Prometheus server (or other scraper) requires to scrape metrics from the TimesTen Operator. This Secret contains the following three files:

    • ca.crt: The Certificate Authority certificate needed by the client to authenticate the self-signed certificate used by the TimesTen Operator.

    • client.crt: The client certificate that the TimesTen Operator uses to authenticate any clients that try to scrape metrics from it.

    • client.key: The private key that is associated with the client.crt client certificate.

Both Secrets are created with appropriate Kubernetes owner references. If you delete the TimesTen Operator deployment, these Secrets are automatically deleted.

Note:

When http is used, these certificates, Wallets, and Secrets are not created.