Create Your Own Oracle Wallet, Certificates, and Kubernetes Secrets
Note:
The steps are the same for a TimesTenScaleout object.Before You Begin
The TimesTen ttExporter
utility is located in the /bin
directory of a TimesTen instance. Since the ttExporter
utility is located in the TimesTen instance, you are required to create a TimesTen instance on your development host so that you have access to the ttExporter
utility. You create a TimesTen instance from a TimesTen installation. A TimesTen installation is created when you unzip the TimesTen distribution.
You must download the TimesTen distribution and unzip it to create a TimesTen installation before beginning these steps. You may have already completed this process if you chose to build the TimesTen container image. See Unpack the TimesTen and the TimesTen Operator Distributions.
ttExporter
utility to create the certificates.
Create Certificates
-
Server certificate: A self-signed certificate that is stored in an Oracle Wallet. This certificate is used by the TimesTen exporter. The name of the Oracle Wallet is
cwallet.sso
. -
Exported server certificate: The self-signed server certificate in PEM format. This certificate is required for your Prometheus configuration.
-
Client certificate and client private key: The client certificate and the client private key required for your Prometheus configuration.
The following steps show you how to create these certificates:
cwallet.sso
Oracle Wallet file when you create the Kubernetes Secret. See Create a Kubernetes Secret Containing an Oracle Wallet. In addition, you need to specify the server.crt
, the client.crt
, and the key.crt
files later when you configure Prometheus.
Note:
Configuring Prometheus is outside the scope of this book. For information on configuring Prometheus, see About configuring the TimesTen exporter and Prometheus with client certificate authentication in the Oracle TimesTen In-Memory Database Monitoring and Troubleshooting Guide.Create a Kubernetes Secret Containing an Oracle Wallet
The following steps show you how to create a Kubernetes Secret for an Oracle Wallet. This Oracle Wallet contains the self-signed server certificate. You created the Oracle Wallet in Create Certificates.
Define and Deploy a TimesTenClassic Object
Let's define a TimesTenClassic object with the appropriate information such that the TimesTen Operator automatically provisions the TimesTen exporter in a separate container within each Pod that is running TimesTen. Let's use the .spec.ttspec.prometheus.certSecret
datum to instruct the TimesTen Operator to use the Oracle Wallet located in the Kubernetes Secret that you previously created. (You created this Secert in Create a Kubernetes Secret Containing an Oracle Wallet).
Your next step is to edit the appropriate Prometheus configuration files to cause Prometheus to scrape TimesTen metrics. For more information about configuring Prometheus, see https://prometheus.io/docs/prometheus/latest/configuration/configuration/.