A Helm chart for deploying Cryostat on Kubernetes and OpenShift
Name | Description | Value |
---|---|---|
core |
Configuration for the core Cryostat application | |
core.image.repository |
Repository for the main Cryostat container image | quay.io/cryostat/cryostat |
core.image.pullPolicy |
Image pull policy for the main Cryostat container image | Always |
core.image.tag |
Tag for the main Cryostat container image | latest |
core.service.type |
Type of Service to create for the Cryostat application | ClusterIP |
core.service.httpPort |
Port number to expose on the Service for Cryostat's HTTP server | 8181 |
core.service.jmxPort |
Port number to expose on the Service for remote JMX connections to Cryostat | 9091 |
core.sslProxied |
Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress | false |
core.ingress.enabled |
Whether to create an Ingress object for the Cryostat service | false |
core.ingress.className |
Ingress class name for the Cryostat application Ingress | "" |
core.ingress.annotations |
Annotations to apply to the Cryostat application Ingress | {} |
core.ingress.hosts |
Hosts to create rules for in the Cryostat application Ingress. See: IngressSpec | [] |
core.ingress.tls |
TLS configuration for the Cryostat application Ingress. See: IngressSpec | [] |
core.route.enabled |
Whether to create a Route object for the Cryostat service. Available only on OpenShift | false |
core.route.tls.enabled |
Whether to secure the Cryostat application Route with TLS. See: TLSConfig | true |
core.route.tls.termination |
Type of TLS termination to use for the Cryostat application Route. One of: edge , passthrough , reencrypt |
edge |
core.route.tls.insecureEdgeTerminationPolicy |
Specify how to handle insecure traffic for the Cryostat application Route. One of: Allow , Disable , Redirect |
Redirect |
core.route.tls.key |
Custom private key to use when securing the Cryostat application Route | "" |
core.route.tls.certificate |
Custom certificate to use when securing the Cryostat application Route | "" |
core.route.tls.caCertificate |
Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route | "" |
core.route.tls.destinationCACertificate |
Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route | "" |
core.resources |
Resource requests/limits for the Cryostat container. See: ResourceRequirements | {} |
core.securityContext |
Security Context for the Cryostat container. Defaults to meet "restricted" Pod Security Standard. See: SecurityContext | {} |
core.databaseSecretName |
Name of the secret to extract password for credentials database. | "" |
Name | Description | Value |
---|---|---|
grafana |
Configuration for the customized Grafana instance for Cryostat | |
grafana.image.repository |
Repository for the Grafana container image | quay.io/cryostat/cryostat-grafana-dashboard |
grafana.image.pullPolicy |
Image pull policy for the Grafana container image | Always |
grafana.image.tag |
Tag for the Grafana container image | latest |
grafana.service.type |
Type of Service to create for Grafana | ClusterIP |
grafana.service.port |
Port number to expose on the Service for Grafana's HTTP server | 3000 |
grafana.sslProxied |
Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress | false |
grafana.ingress.enabled |
Whether to create an Ingress object for the Grafana service | false |
grafana.ingress.className |
Ingress class name for the Grafana Ingress | "" |
grafana.ingress.annotations |
Annotations to apply to the Grafana Ingress | {} |
grafana.ingress.hosts |
Hosts to create rules for in the Grafana Ingress. See: IngressSpec | [] |
grafana.ingress.tls |
TLS configuration for the Grafana Ingress. See: IngressSpec | [] |
grafana.route.enabled |
Whether to create a Route object for the Grafana service. Available only on OpenShift | false |
grafana.route.tls.enabled |
Whether to secure the Grafana Route with TLS. See: TLSConfig | true |
grafana.route.tls.termination |
Type of TLS termination to use for the Grafana Route. One of: edge , passthrough , reencrypt |
edge |
grafana.route.tls.insecureEdgeTerminationPolicy |
Specify how to handle insecure traffic for the Grafana Route. One of: Allow , Disable , Redirect |
Redirect |
grafana.route.tls.key |
Custom private key to use when securing the Grafana Route | "" |
grafana.route.tls.certificate |
Custom certificate to use when securing the Grafana Route | "" |
grafana.route.tls.caCertificate |
Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route | "" |
grafana.route.tls.destinationCACertificate |
Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route | "" |
grafana.resources |
Resource requests/limits for the Grafana container. See: ResourceRequirements | {} |
grafana.securityContext |
Security Context for the Grafana container. Defaults to meet "restricted" Pod Security Standard. See: SecurityContext | {} |
Name | Description | Value |
---|---|---|
datasource |
Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana | |
datasource.image.repository |
Repository for the JFR Data Source container image | quay.io/cryostat/jfr-datasource |
datasource.image.pullPolicy |
Image pull policy for the JFR Data Source container image | Always |
datasource.image.tag |
Tag for the JFR Data Source container image | latest |
datasource.resources |
Resource requests/limits for the JFR Data Source container. See: ResourceRequirements | {} |
datasource.securityContext |
Security Context for the JFR Data Source container. Defaults to meet "restricted" Pod Security Standard. See: SecurityContext | {} |
Name | Description | Value |
---|---|---|
authentication.basicAuth.enabled |
Whether Cryostat should use basic authentication for users. When false, Cryostat will not perform any form of authentication | false |
authentication.basicAuth.secretName |
Name of the Secret that contains the credentials within Cryostat's namespace (Required if basicAuth is enabled) | "" |
authentication.basicAuth.filename |
Key within Secret containing the properties file. The properties file should contain one user per line, with the syntax "user=passHex", where "user" is the username and "passHex" is the SHA-256 hash of the desired password (Required if basicAuth is enabled) | "" |
Name | Description | Value |
---|---|---|
minimal |
Specify whether to deploy a Cryostat instance with no Grafana Dashboard or JFR Data Source | false |
imagePullSecrets |
Image pull secrets to be used for the Cryostat deployment | [] |
nameOverride |
Overrides the name of this Chart | "" |
fullnameOverride |
Overrides the fully qualified application name of [release name]-[chart name] |
"" |
rbac.create |
Specifies whether RBAC resources should be created | true |
serviceAccount.create |
Specifies whether a service account should be created | true |
serviceAccount.annotations |
Annotations to add to the service account | {} |
serviceAccount.name |
The name of the service account to use. If not set and create is true, a name is generated using the fullname template | "" |
podAnnotations |
Annotations to be applied to the Cryostat Pod | {} |
podSecurityContext |
Security Context for the Cryostat Pod. Defaults to meet "restricted" Pod Security Standard. See: PodSecurityContext | {} |
nodeSelector |
Node Selector for the Cryostat Pod. See: NodeSelector | {} |
tolerations |
Tolerations for the Cryostat Pod. See: Tolerations | [] |
affinity |
Affinity for the Cryostat Pod. See: Affinity | {} |
pvc.enabled |
Specify whether to use persistentVolumeClaim or EmptyDir storage | false |
pvc.annotations |
Annotations to add to the persistentVolumeClaim | {} |
pvc.storage |
Storage size to request for the persistentVolumeClaim | 500Mi |
pvc.accessModes |
Access mode for the persistentVolumeClaim. See: Access Modes | ["ReadWriteOnce"] |
pvc.selector |
Selector for the persistentVolumeClaim. See: Selector | {} |
pvc.storageClassName |
The name of the StorageClass for the persistentVolumeClaim. See: Class | undefined |