Cryostat Helm Chart

A Helm chart for deploying Cryostat on Kubernetes and OpenShift

Parameters

Cryostat Container

Name	Description	Value
core	Configuration for the core Cryostat application
core.image.repository	Repository for the main Cryostat container image	quay.io/cryostat/cryostat
core.image.pullPolicy	Image pull policy for the main Cryostat container image	Always
core.image.tag	Tag for the main Cryostat container image	latest
core.service.type	Type of Service to create for the Cryostat application	ClusterIP
core.service.httpPort	Port number to expose on the Service for Cryostat's HTTP server	8181
core.service.jmxPort	Port number to expose on the Service for remote JMX connections to Cryostat	9091
core.sslProxied	Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress	false
core.ingress.enabled	Whether to create an Ingress object for the Cryostat service	false
core.ingress.className	Ingress class name for the Cryostat application Ingress	""
core.ingress.annotations	Annotations to apply to the Cryostat application Ingress	{}
core.ingress.hosts	Hosts to create rules for in the Cryostat application Ingress. See: IngressSpec	[]
core.ingress.tls	TLS configuration for the Cryostat application Ingress. See: IngressSpec	[]
core.route.enabled	Whether to create a Route object for the Cryostat service. Available only on OpenShift	false
core.route.tls.enabled	Whether to secure the Cryostat application Route with TLS. See: TLSConfig	true
core.route.tls.termination	Type of TLS termination to use for the Cryostat application Route. One of: edge, passthrough, reencrypt	edge
core.route.tls.insecureEdgeTerminationPolicy	Specify how to handle insecure traffic for the Cryostat application Route. One of: Allow, Disable, Redirect	Redirect
core.route.tls.key	Custom private key to use when securing the Cryostat application Route	""
core.route.tls.certificate	Custom certificate to use when securing the Cryostat application Route	""
core.route.tls.caCertificate	Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route	""
core.route.tls.destinationCACertificate	Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route	""
core.resources	Resource requests/limits for the Cryostat container. See: ResourceRequirements	{}
core.securityContext	Security Context for the Cryostat container. Defaults to meet "restricted" Pod Security Standard. See: SecurityContext	{}
core.databaseSecretName	Name of the secret to extract password for credentials database.	""

Grafana Container

Name	Description	Value
grafana	Configuration for the customized Grafana instance for Cryostat
grafana.image.repository	Repository for the Grafana container image	quay.io/cryostat/cryostat-grafana-dashboard
grafana.image.pullPolicy	Image pull policy for the Grafana container image	Always
grafana.image.tag	Tag for the Grafana container image	latest
grafana.service.type	Type of Service to create for Grafana	ClusterIP
grafana.service.port	Port number to expose on the Service for Grafana's HTTP server	3000
grafana.sslProxied	Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress	false
grafana.ingress.enabled	Whether to create an Ingress object for the Grafana service	false
grafana.ingress.className	Ingress class name for the Grafana Ingress	""
grafana.ingress.annotations	Annotations to apply to the Grafana Ingress	{}
grafana.ingress.hosts	Hosts to create rules for in the Grafana Ingress. See: IngressSpec	[]
grafana.ingress.tls	TLS configuration for the Grafana Ingress. See: IngressSpec	[]
grafana.route.enabled	Whether to create a Route object for the Grafana service. Available only on OpenShift	false
grafana.route.tls.enabled	Whether to secure the Grafana Route with TLS. See: TLSConfig	true
grafana.route.tls.termination	Type of TLS termination to use for the Grafana Route. One of: edge, passthrough, reencrypt	edge
grafana.route.tls.insecureEdgeTerminationPolicy	Specify how to handle insecure traffic for the Grafana Route. One of: Allow, Disable, Redirect	Redirect
grafana.route.tls.key	Custom private key to use when securing the Grafana Route	""
grafana.route.tls.certificate	Custom certificate to use when securing the Grafana Route	""
grafana.route.tls.caCertificate	Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route	""
grafana.route.tls.destinationCACertificate	Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route	""
grafana.resources	Resource requests/limits for the Grafana container. See: ResourceRequirements	{}
grafana.securityContext	Security Context for the Grafana container. Defaults to meet "restricted" Pod Security Standard. See: SecurityContext	{}

JFR Data Source Container

Name	Description	Value
datasource	Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana
datasource.image.repository	Repository for the JFR Data Source container image	quay.io/cryostat/jfr-datasource
datasource.image.pullPolicy	Image pull policy for the JFR Data Source container image	Always
datasource.image.tag	Tag for the JFR Data Source container image	latest
datasource.resources	Resource requests/limits for the JFR Data Source container. See: ResourceRequirements	{}
datasource.securityContext	Security Context for the JFR Data Source container. Defaults to meet "restricted" Pod Security Standard. See: SecurityContext	{}

Authentication

Name	Description	Value
authentication.basicAuth.enabled	Whether Cryostat should use basic authentication for users. When false, Cryostat will not perform any form of authentication	false
authentication.basicAuth.secretName	Name of the Secret that contains the credentials within Cryostat's namespace (Required if basicAuth is enabled)	""
authentication.basicAuth.filename	Key within Secret containing the properties file. The properties file should contain one user per line, with the syntax "user=passHex", where "user" is the username and "passHex" is the SHA-256 hash of the desired password (Required if basicAuth is enabled)	""

Other Parameters

Name	Description	Value
minimal	Specify whether to deploy a Cryostat instance with no Grafana Dashboard or JFR Data Source	false
imagePullSecrets	Image pull secrets to be used for the Cryostat deployment	[]
nameOverride	Overrides the name of this Chart	""
fullnameOverride	Overrides the fully qualified application name of [release name]-[chart name]	""
rbac.create	Specifies whether RBAC resources should be created	true
serviceAccount.create	Specifies whether a service account should be created	true
serviceAccount.annotations	Annotations to add to the service account	{}
serviceAccount.name	The name of the service account to use. If not set and create is true, a name is generated using the fullname template	""
podAnnotations	Annotations to be applied to the Cryostat Pod	{}
podSecurityContext	Security Context for the Cryostat Pod. Defaults to meet "restricted" Pod Security Standard. See: PodSecurityContext	{}
nodeSelector	Node Selector for the Cryostat Pod. See: NodeSelector	{}
tolerations	Tolerations for the Cryostat Pod. See: Tolerations	[]
affinity	Affinity for the Cryostat Pod. See: Affinity	{}
pvc.enabled	Specify whether to use persistentVolumeClaim or EmptyDir storage	false
pvc.annotations	Annotations to add to the persistentVolumeClaim	{}
pvc.storage	Storage size to request for the persistentVolumeClaim	500Mi
pvc.accessModes	Access mode for the persistentVolumeClaim. See: Access Modes	["ReadWriteOnce"]
pvc.selector	Selector for the persistentVolumeClaim. See: Selector	{}
pvc.storageClassName	The name of the StorageClass for the persistentVolumeClaim. See: Class	undefined