Configure TLS for Replication
You can configure TLS for replication to ensure secure network communication between your replicated TimesTen databases. See Transport Layer Security for TimesTen Replication in the Oracle TimesTen In-Memory Database Security Guide for detailed information.
These sections describe how to configure and use TLS for replication:
Create Metadata Files and Kubernetes Facilities
The /ttconfig/replicationWallet
metadata file is required for TLS support for replication. (The /ttconfig
directory is located in the containers of your TimesTen databases.) This file must contain the cwallet.sso
file (the Oracle wallet) that was generated when you created the TLS certificates. Recall that this file was located in the /scratch/ttuser/instance_dir/instance1/conf/serverWallet
directory. See Create TLS Certificates for Replication and Client/Server for information on creating these certificates. This wallet contains the credentials that are used by TimesTen replication for configuring TLS encryption between your active standby pair of TimesTen databases.
In addition to the /ttconfig/replicationWallet
metadata file, you may use the other supported metadata files. See About Configuration Metadata Details for information on these supported metadata files.
You can include these metadata files in one or more Kubernetes facilities (for example, in a Kubernetes Secret, in a ConfigMap, or in an init container). This ensures the metadata files are populated in the /ttconfig
directory of the TimesTen containers. Note that there is no requirement as to how to get the metadata files into this /ttconfig
directory. See Populate the /ttconfig Directory for more information.
The example in the following sections illustrates how to include the replicationWallet
metadata file in a Kubernetes Secret. It also creates the db.ini
, the adminUser
, and the schema.sql
metadata files and includes these metadata files in a ConfigMap:
Create a Kubernetes Secret
This section creates the repl-tls
Kubernetes Secret. The repl-tls
Secret will contain the replicationWallet
metadata file.
On your Linux development host:
You have successfully created and deployed the repl-tls
Kubernetes Secret. The replicationWallet/cwallet.sso
file will later be available in the /ttconfig
directory of the TimesTen containers. In addition, the file will be available in the /tt/home/timesten/replicationWallet
directory of the TimesTen containers.
Create a ConfigMap
This section creates the repl-tls
ConfigMap. This ConfigMap contains the db.ini
, the adminUser
, and the schema.sql
metadata files.
These metadata files are not required for TLS, but are included as additional attributes for your TimesTen databases. See "Overview of Configuration Metadata and Kubernetes Facilities" for information on the metadata files and the ConfigMap facility.
On your Linux development host:
You have successfully created and deployed the repl-tls
ConfigMap.
Create a TimesTenClassic Object
This section creates the TimesTenClassic object. See "Define and Create a TimesTenClassic Object" and "About the TimesTenClassic Object Type" for detailed information on the TimesTenClassic object.
Perform these steps:
You have successfully created the TimesTenClassic object in the Kubernetes cluster. The process of deploying your TimesTen databases begins, but is not yet complete.
Monitor Deployment of a TimesTenClassic Object
Use the kubectl
get
and the kubectl
describe
commands to monitor the progress of the active standby pair as it is provisioned.
Your active standby pair of TimesTen databases are successfully deployed (as indicated by Normal
.) You are now ready to verify that TLS is being used for replication.