Skip to content

cryostatio/cryostat-helm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

66 Commits
.github
.github
 
 
charts/cryostat
charts/cryostat
 
 
docs/images
docs/images
 
 
.mergify.yml
.mergify.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
chart_schema.yaml
chart_schema.yaml
 
 
ct.yaml
ct.yaml
 
 
lintconf.yaml
lintconf.yaml
 
 

Repository files navigation

Cryostat Helm Chart

A Helm chart for deploying Cryostat on Kubernetes and OpenShift

Parameters

Cryostat Container

Name Description Value
core Configuration for the core Cryostat application
core.image.repository Repository for the main Cryostat container image quay.io/cryostat/cryostat
core.image.pullPolicy Image pull policy for the main Cryostat container image Always
core.image.tag Tag for the main Cryostat container image 4.0.0-snapshot
core.service.type Type of Service to create for the Cryostat application ClusterIP
core.service.httpPort Port number to expose on the Service for Cryostat's HTTP server 8181
core.sslProxied Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress false
core.ingress.enabled Whether to create an Ingress object for the Cryostat service false
core.ingress.className Ingress class name for the Cryostat application Ingress ""
core.ingress.annotations Annotations to apply to the Cryostat application Ingress {}
core.ingress.hosts Hosts to create rules for in the Cryostat application Ingress. See: IngressSpec []
core.ingress.tls TLS configuration for the Cryostat application Ingress. See: IngressSpec []
core.route.enabled Whether to create a Route object for the Cryostat service. Available only on OpenShift false
core.route.tls.enabled Whether to secure the Cryostat application Route with TLS. See: TLSConfig true
core.route.tls.termination Type of TLS termination to use for the Cryostat application Route. One of: edge, passthrough, reencrypt edge
core.route.tls.insecureEdgeTerminationPolicy Specify how to handle insecure traffic for the Cryostat application Route. One of: Allow, Disable, Redirect Redirect
core.route.tls.key Custom private key to use when securing the Cryostat application Route ""
core.route.tls.certificate Custom certificate to use when securing the Cryostat application Route ""
core.route.tls.caCertificate Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route ""
core.route.tls.destinationCACertificate Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route ""
core.resources Resource requests/limits for the Cryostat container. See: ResourceRequirements {}
core.securityContext Security Context for the Cryostat container. Defaults to meet "restricted" Pod Security Standard. See: SecurityContext {}
core.databaseSecretName Name of the secret containing database keys. This secret must contain a CONNECTION_KEY secret which is the database connection password, and an ENCRYPTION_KEY secret which is the key used to encrypt sensitive data stored within the database, such as the target credentials keyring. It must not be updated across chart upgrades. It is recommended that the secret should be marked as immutable to avoid accidental changes to secret's data. More details: https://kubernetes.io/docs/concepts/configuration/secret/#secret-immutable ""
core.discovery Configuration options to the Cryostat application's target discovery mechanisms
core.discovery.kubernetes.enabled Enables Kubernetes API discovery mechanism true
core.discovery.kubernetes.installNamespaceDisabled When false and namespaces is empty, the Cryostat application will default to discovery targets in the install namespace (i.e. {{ .Release.Namespace }}) false
core.discovery.kubernetes.namespaces List of namespaces whose workloads the Cryostat application should be permitted to access and profile []
core.discovery.kubernetes.builtInPortNamesDisabled When false and portNames is empty, the Cryostat application will use the default port name jfr-jmx to look for JMX connectable targets. false
core.discovery.kubernetes.portNames List of port names that the Cryostat application should look for in order to consider a target as JMX connectable []
core.discovery.kubernetes.builtInPortNumbersDisabled When false and portNumbers is empty, the Cryostat application will use the default port number 9091 to look for JMX connectable targets. false
core.discovery.kubernetes.portNumbers List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable []

Database Container

Name Description Value
db Configuration for Cryostat's database
db.image.repository Repository for the database container image