A Helm chart for deploying Cryostat on Kubernetes and OpenShift
Name | Description | Value |
---|---|---|
core |
Configuration for the core Cryostat application | |
core.image.repository |
Repository for the main Cryostat container image | quay.io/cryostat/cryostat |
core.image.pullPolicy |
Image pull policy for the main Cryostat container image | Always |
core.image.tag |
Tag for the main Cryostat container image | 4.0.0-snapshot |
core.service.type |
Type of Service to create for the Cryostat application | ClusterIP |
core.service.httpPort |
Port number to expose on the Service for Cryostat's HTTP server | 8181 |
core.sslProxied |
Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress | false |
core.ingress.enabled |
Whether to create an Ingress object for the Cryostat service | false |
core.ingress.className |
Ingress class name for the Cryostat application Ingress | "" |
core.ingress.annotations |
Annotations to apply to the Cryostat application Ingress | {} |
core.ingress.hosts |
Hosts to create rules for in the Cryostat application Ingress. See: IngressSpec | [] |
core.ingress.tls |
TLS configuration for the Cryostat application Ingress. See: IngressSpec | [] |
core.route.enabled |
Whether to create a Route object for the Cryostat service. Available only on OpenShift | false |
core.route.tls.enabled |
Whether to secure the Cryostat application Route with TLS. See: TLSConfig | true |
core.route.tls.termination |
Type of TLS termination to use for the Cryostat application Route. One of: edge , passthrough , reencrypt |
edge |
core.route.tls.insecureEdgeTerminationPolicy |
Specify how to handle insecure traffic for the Cryostat application Route. One of: Allow , Disable , Redirect |
Redirect |
core.route.tls.key |
Custom private key to use when securing the Cryostat application Route | "" |
core.route.tls.certificate |
Custom certificate to use when securing the Cryostat application Route | "" |
core.route.tls.caCertificate |
Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route | "" |
core.route.tls.destinationCACertificate |
Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route | "" |
core.resources |
Resource requests/limits for the Cryostat container. See: ResourceRequirements | {} |
core.securityContext |
Security Context for the Cryostat container. Defaults to meet "restricted" Pod Security Standard. See: SecurityContext | {} |
core.databaseSecretName |
Name of the secret containing database keys. This secret must contain a CONNECTION_KEY secret which is the database connection password, and an ENCRYPTION_KEY secret which is the key used to encrypt sensitive data stored within the database, such as the target credentials keyring. It must not be updated across chart upgrades. It is recommended that the secret should be marked as immutable to avoid accidental changes to secret's data. More details: https://kubernetes.io/docs/concepts/configuration/secret/#secret-immutable | "" |
core.discovery |
Configuration options to the Cryostat application's target discovery mechanisms | |
core.discovery.kubernetes.enabled |
Enables Kubernetes API discovery mechanism | true |
core.discovery.kubernetes.installNamespaceDisabled |
When false and namespaces is empty, the Cryostat application will default to discovery targets in the install namespace (i.e. {{ .Release.Namespace }} ) |
false |
core.discovery.kubernetes.namespaces |
List of namespaces whose workloads the Cryostat application should be permitted to access and profile | [] |
core.discovery.kubernetes.builtInPortNamesDisabled |
When false and portNames is empty, the Cryostat application will use the default port name jfr-jmx to look for JMX connectable targets. |
false |
core.discovery.kubernetes.portNames |
List of port names that the Cryostat application should look for in order to consider a target as JMX connectable | [] |
core.discovery.kubernetes.builtInPortNumbersDisabled |
When false and portNumbers is empty, the Cryostat application will use the default port number 9091 to look for JMX connectable targets. |
false |
core.discovery.kubernetes.portNumbers |
List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable | [] |
Name | Description | Value |
---|---|---|
db |
Configuration for Cryostat's database | |
db.image.repository |
Repository for the database container image |