diff --git a/charts/cryostat/Chart.yaml b/charts/cryostat/Chart.yaml index 6bbdbaab..fc5058f7 100644 --- a/charts/cryostat/Chart.yaml +++ b/charts/cryostat/Chart.yaml @@ -8,7 +8,7 @@ version: "1.0.1" kubeVersion: ">= 1.25.0-0" -appVersion: "3.0.1-dev" +appVersion: "3.0.1" home: "https://cryostat.io" diff --git a/charts/cryostat/README.md b/charts/cryostat/README.md index 21a720bb..4af5671e 100644 --- a/charts/cryostat/README.md +++ b/charts/cryostat/README.md @@ -9,8 +9,8 @@ A Helm chart for deploying [Cryostat](https://cryostat.io/) on Kubernetes and Op | ------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- | | `core` | Configuration for the core Cryostat application | | | `core.image.repository` | Repository for the main Cryostat container image | `quay.io/cryostat/cryostat` | -| `core.image.pullPolicy` | Image pull policy for the main Cryostat container image | `Always` | -| `core.image.tag` | Tag for the main Cryostat container image | `3.0.1-snapshot` | +| `core.image.pullPolicy` | Image pull policy for the main Cryostat container image | `IfNotPresent` | +| `core.image.tag` | Tag for the main Cryostat container image | `3.0.1` | | `core.service.type` | Type of Service to create for the Cryostat application | `ClusterIP` | | `core.service.httpPort` | Port number to expose on the Service for Cryostat's HTTP server | `8181` | | `core.sslProxied` | Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress | `false` | @@ -39,57 +39,52 @@ A Helm chart for deploying [Cryostat](https://cryostat.io/) on Kubernetes and Op | `core.discovery.kubernetes.builtInPortNumbersDisabled` | When false and `portNumbers` is empty, the Cryostat application will use the default port number `9091` to look for JMX connectable targets. | `false` | | `core.discovery.kubernetes.portNumbers` | List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable | `[]` | - ### Database Container | Name | Description | Value | | --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | | `db` | Configuration for Cryostat's database | | | `db.image.repository` | Repository for the database container image | `quay.io/cryostat/cryostat-db` | -| `db.image.pullPolicy` | Image pull policy for the database container image | `Always` | -| `db.image.tag` | Tag for the database container image | `cryostat-v3.0` | +| `db.image.pullPolicy` | Image pull policy for the database container image | `IfNotPresent` | +| `db.image.tag` | Tag for the database container image | `3.0.1` | | `db.resources` | Resource requests/limits for the database container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | | `db.securityContext` | Security Context for the database container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - ### Storage Container | Name | Description | Value | | -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | | `storage` | Configuration for Cryostat's object storage provider | | | `storage.image.repository` | Repository for the storage container image | `quay.io/cryostat/cryostat-storage` | -| `storage.image.pullPolicy` | Image pull policy for the storage container image | `Always` | -| `storage.image.tag` | Tag for the storage container image | `cryostat-v3.0` | +| `storage.image.pullPolicy` | Image pull policy for the storage container image | `IfNotPresent` | +| `storage.image.tag` | Tag for the storage container image | `3.0.1` | | `storage.resources` | Resource requests/limits for the storage container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | | `storage.securityContext` | Security Context for the storage container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - ### Grafana Container | Name | Description | Value | | -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------- | | `grafana` | Configuration for the customized Grafana instance for Cryostat | | | `grafana.image.repository` | Repository for the Grafana container image | `quay.io/cryostat/cryostat-grafana-dashboard` | -| `grafana.image.pullPolicy` | Image pull policy for the Grafana container image | `Always` | -| `grafana.image.tag` | Tag for the Grafana container image | `3.0-dev` | +| `grafana.image.pullPolicy` | Image pull policy for the Grafana container image | `IfNotPresent` | +| `grafana.image.tag` | Tag for the Grafana container image | `3.0.1` | | `grafana.service.type` | Type of Service to create for Grafana | `ClusterIP` | | `grafana.service.port` | Port number to expose on the Service for Grafana's HTTP server | `3000` | | `grafana.resources` | Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | | `grafana.securityContext` | Security Context for the Grafana container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - ### JFR Data Source Container | Name | Description | Value | | ----------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | | `datasource` | Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana | | | `datasource.image.repository` | Repository for the JFR Data Source container image | `quay.io/cryostat/jfr-datasource` | -| `datasource.image.pullPolicy` | Image pull policy for the JFR Data Source container image | `Always` | -| `datasource.image.tag` | Tag for the JFR Data Source container image | `3.0.1-snapshot` | +| `datasource.image.pullPolicy` | Image pull policy for the JFR Data Source container image | `IfNotPresent` | +| `datasource.image.tag` | Tag for the JFR Data Source container image | `3.0.1` | | `datasource.resources` | Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | | `datasource.securityContext` | Security Context for the JFR Data Source container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - ### Authentication | Name | Description | Value | @@ -100,7 +95,6 @@ A Helm chart for deploying [Cryostat](https://cryostat.io/) on Kubernetes and Op | `authentication.basicAuth.secretName` | Name of the Secret that contains the credentials within Cryostat's namespace **(Required if basicAuth is enabled)** | `""` | | `authentication.basicAuth.filename` | Key within Secret containing the `htpasswd` file. The file should contain one user definition entry per line, with the syntax "user:passHash", where "user" is the username and "passHash" is the `bcrypt` hash of the desired password. Such an entry can be generated with ex. `htpasswd -nbB username password` **(Required if basicAuth is enabled)** | `""` | - ### OAuth2 Proxy | Name | Description | Value | @@ -110,14 +104,13 @@ A Helm chart for deploying [Cryostat](https://cryostat.io/) on Kubernetes and Op | `oauth2Proxy.image.tag` | Tag for the OAuth2 Proxy container image | `latest` | | `oauth2Proxy.securityContext` | Security Context for the OAuth2 Proxy container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1). If the chart is installed in default namespaces (e.g. default), `securityContext.runAsUser` must be set if the proxy image does not specify a numeric non-root user. This is due to OpenShift Security Context Constraints are not applied in default namespaces. See [Understanding and Managing Pod Security Admission](https://docs.openshift.com/container-platform/4.15/authentication/understanding-and-managing-pod-security-admission.html#psa-privileged-namespaces_understanding-and-managing-pod-security-admission). | `{}` | - ### OpenShift OAuth Proxy | Name | Description | Value | | ---------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------- | | `openshiftOauthProxy.image.repository` | Repository for the OpenShift OAuth Proxy container image | `quay.io/cryostat/openshift-oauth-proxy` | -| `openshiftOauthProxy.image.pullPolicy` | Image pull policy for the OpenShift OAuth Proxy container image | `Always` | -| `openshiftOauthProxy.image.tag` | Tag for the OpenShift OAuth Proxy container image | `cryostat-v3.0` | +| `openshiftOauthProxy.image.pullPolicy` | Image pull policy for the OpenShift OAuth Proxy container image | `IfNotPresent` | +| `openshiftOauthProxy.image.tag` | Tag for the OpenShift OAuth Proxy container image | `3.0.1` | | `openshiftOauthProxy.accessReview.enabled` | Whether the SubjectAccessReview/TokenAccessReview role checks for users and clients are enabled. If this is disabled then the proxy will only check that the user has valid credentials or holds a valid token. | `true` | | `openshiftOauthProxy.accessReview.group` | The OpenShift resource group that the SubjectAccessReview/TokenAccessReview will be performed for. See https://github.com/openshift/oauth-proxy/?tab=readme-ov-file#delegate-authentication-and-authorization-to-openshift-for-infrastructure | `""` | | `openshiftOauthProxy.accessReview.resource` | The OpenShift resource that the SubjectAccessReview/TokenAccessReview will be performed for. | `pods` | @@ -128,7 +121,6 @@ A Helm chart for deploying [Cryostat](https://cryostat.io/) on Kubernetes and Op | `openshiftOauthProxy.accessReview.version` | The OpenShift resource version that the SubjectAccessReview/TokenAccessReview will be performed for. | `""` | | `openshiftOauthProxy.securityContext` | Security Context for the OpenShift OAuth Proxy container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - ### Other Parameters | Name | Description | Value | diff --git a/charts/cryostat/values.schema.json b/charts/cryostat/values.schema.json index f797f8fc..e522f818 100644 --- a/charts/cryostat/values.schema.json +++ b/charts/cryostat/values.schema.json @@ -16,12 +16,12 @@ "pullPolicy": { "type": "string", "description": "Image pull policy for the main Cryostat container image", - "default": "Always" + "default": "IfNotPresent" }, "tag": { "type": "string", "description": "Tag for the main Cryostat container image", - "default": "3.0.1-snapshot" + "default": "3.0.1" } } }, @@ -270,12 +270,12 @@ "pullPolicy": { "type": "string", "description": "Image pull policy for the database container image", - "default": "Always" + "default": "IfNotPresent" }, "tag": { "type": "string", "description": "Tag for the database container image", - "default": "cryostat-v3.0" + "default": "3.0.1" } } }, @@ -325,12 +325,12 @@ "pullPolicy": { "type": "string", "description": "Image pull policy for the storage container image", - "default": "Always" + "default": "IfNotPresent" }, "tag": { "type": "string", "description": "Tag for the storage container image", - "default": "cryostat-v3.0" + "default": "3.0.1" } } }, @@ -380,12 +380,12 @@ "pullPolicy": { "type": "string", "description": "Image pull policy for the Grafana container image", - "default": "Always" + "default": "IfNotPresent" }, "tag": { "type": "string", "description": "Tag for the Grafana container image", - "default": "3.0-dev" + "default": "3.0.1" } } }, @@ -450,12 +450,12 @@ "pullPolicy": { "type": "string", "description": "Image pull policy for the JFR Data Source container image", - "default": "Always" + "default": "IfNotPresent" }, "tag": { "type": "string", "description": "Tag for the JFR Data Source container image", - "default": "3.0.1-snapshot" + "default": "3.0.1" } } }, @@ -600,12 +600,12 @@ "pullPolicy": { "type": "string", "description": "Image pull policy for the OpenShift OAuth Proxy container image", - "default": "Always" + "default": "IfNotPresent" }, "tag": { "type": "string", "description": "Tag for the OpenShift OAuth Proxy container image", - "default": "cryostat-v3.0" + "default": "3.0.1" } } }, diff --git a/charts/cryostat/values.yaml b/charts/cryostat/values.yaml index 300168db..390b60b4 100644 --- a/charts/cryostat/values.yaml +++ b/charts/cryostat/values.yaml @@ -5,9 +5,9 @@ core: ## @param core.image.repository Repository for the main Cryostat container image repository: "quay.io/cryostat/cryostat" ## @param core.image.pullPolicy Image pull policy for the main Cryostat container image - pullPolicy: Always + pullPolicy: IfNotPresent ## @param core.image.tag Tag for the main Cryostat container image - tag: "3.0.1-snapshot" + tag: "3.0.1" service: ## @param core.service.type Type of Service to create for the Cryostat application type: ClusterIP @@ -85,9 +85,9 @@ db: ## @param db.image.repository Repository for the database container image repository: "quay.io/cryostat/cryostat-db" ## @param db.image.pullPolicy Image pull policy for the database container image - pullPolicy: Always + pullPolicy: IfNotPresent ## @param db.image.tag Tag for the database container image - tag: "cryostat-v3.0" + tag: "3.0.1" ## @param db.resources Resource requests/limits for the database container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) resources: {} ## @param db.securityContext [object] Security Context for the database container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) @@ -106,9 +106,9 @@ storage: ## @param storage.image.repository Repository for the storage container image repository: "quay.io/cryostat/cryostat-storage" ## @param storage.image.pullPolicy Image pull policy for the storage container image - pullPolicy: Always + pullPolicy: IfNotPresent ## @param storage.image.tag Tag for the storage container image - tag: "cryostat-v3.0" + tag: "3.0.1" ## @param storage.resources Resource requests/limits for the storage container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) resources: {} ## @param storage.securityContext [object] Security Context for the storage container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) @@ -127,9 +127,9 @@ grafana: ## @param grafana.image.repository Repository for the Grafana container image repository: "quay.io/cryostat/cryostat-grafana-dashboard" ## @param grafana.image.pullPolicy Image pull policy for the Grafana container image - pullPolicy: Always + pullPolicy: IfNotPresent ## @param grafana.image.tag Tag for the Grafana container image - tag: "3.0-dev" + tag: "3.0.1" service: ## @param grafana.service.type Type of Service to create for Grafana type: ClusterIP @@ -153,9 +153,9 @@ datasource: ## @param datasource.image.repository Repository for the JFR Data Source container image repository: "quay.io/cryostat/jfr-datasource" ## @param datasource.image.pullPolicy Image pull policy for the JFR Data Source container image - pullPolicy: Always + pullPolicy: IfNotPresent ## @param datasource.image.tag Tag for the JFR Data Source container image - tag: "3.0.1-snapshot" + tag: "3.0.1" ## @param datasource.resources Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) resources: {} ## @param datasource.securityContext [object] Security Context for the JFR Data Source container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) @@ -210,9 +210,9 @@ openshiftOauthProxy: ## @param openshiftOauthProxy.image.repository Repository for the OpenShift OAuth Proxy container image repository: "quay.io/cryostat/openshift-oauth-proxy" ## @param openshiftOauthProxy.image.pullPolicy Image pull policy for the OpenShift OAuth Proxy container image - pullPolicy: Always + pullPolicy: IfNotPresent ## @param openshiftOauthProxy.image.tag Tag for the OpenShift OAuth Proxy container image - tag: "cryostat-v3.0" + tag: "3.0.1" accessReview: ## @param openshiftOauthProxy.accessReview.enabled Whether the SubjectAccessReview/TokenAccessReview role checks for users and clients are enabled. If this is disabled then the proxy will only check that the user has valid credentials or holds a valid token. enabled: true