A Helm chart for deploying Cryostat on Kubernetes and OpenShift
| Name | Description | Value |
|---|---|---|
core |
Configuration for the core Cryostat application | |
core.image.repository |
Repository for the main Cryostat container image | quay.io/cryostat/cryostat |
core.image.pullPolicy |
Image pull policy for the main Cryostat container image | IfNotPresent |
core.image.tag |
Tag for the main Cryostat container image | 2.2.1 |
core.service.type |
Type of Service to create for the Cryostat application | ClusterIP |
core.service.httpPort |
Port number to expose on the Service for Cryostat's HTTP server | 8181 |
core.service.jmxPort |
Port number to expose on the Service for remote JMX connections to Cryostat | 9091 |
core.sslProxied |
Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress | false |
core.ingress.enabled |
Whether to create an Ingress object for the Cryostat service | false |
core.ingress.className |
Ingress class name for the Cryostat application Ingress | "" |
core.ingress.annotations |
Annotations to apply to the Cryostat application Ingress | {} |
core.ingress.hosts |
Hosts to create rules for in the Cryostat application Ingress. See: IngressSpec | [] |
core.ingress.tls |
TLS configuration for the Cryostat application Ingress. See: IngressSpec | [] |
core.route.enabled |
Whether to create a Route object for the Cryostat service. Available only on OpenShift | false |
core.route.tls.enabled |
Whether to secure the Cryostat application Route with TLS. See: TLSConfig | true |
core.route.tls.termination |
Type of TLS termination to use for the Cryostat application Route. One of: edge, passthrough, reencrypt |
edge |
core.route.tls.insecureEdgeTerminationPolicy |
Specify how to handle insecure traffic for the Cryostat application Route. One of: Allow, Disable, Redirect |
Redirect |
core.route.tls.key |
Custom private key to use when securing the Cryostat application Route | "" |
core.route.tls.certificate |
Custom certificate to use when securing the Cryostat application Route | "" |
core.route.tls.caCertificate |
Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route | "" |
core.route.tls.destinationCACertificate |
Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route | "" |
core.resources |
Resource requests/limits for the Cryostat container. See: ResourceRequirements | {} |
core.securityContext |
Security Context for the Cryostat container. Defaults to meet "restricted" Pod Security Standard. See: SecurityContext | {} |
core.databaseSecretName |
Name of the secret to extract password for credentials database. | "" |
| Name | Description | Value |
|---|---|---|
grafana |
Configuration for the customized Grafana instance for Cryostat | |
grafana.image.repository |
Repository for the Grafana container image | quay.io/cryostat/cryostat-grafana-dashboard |
grafana.image.pullPolicy |
Image pull policy for the Grafana container image | IfNotPresent |
grafana.image.tag |
Tag for the Grafana container image | 2.2.0 |
grafana.service.type |
Type of Service to create for Grafana | ClusterIP |
grafana.service.port |
Port number to expose on the Service for Grafana's HTTP server | 3000 |
grafana.sslProxied |
Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress | false |
grafana.ingress.enabled |
Whether to create an Ingress object for the Grafana service | false |
grafana.ingress.className |
Ingress class name for the Grafana Ingress | "" |
grafana.ingress.annotations |
Annotations to apply to the Grafana Ingress | {} |
grafana.ingress.hosts |
Hosts to create rules for in the Grafana Ingress. See: IngressSpec | [] |
grafana.ingress.tls |
TLS configuration for the Grafana Ingress. See: IngressSpec | [] |
grafana.route.enabled |
Whether to create a Route object for the Grafana service. Available only on OpenShift | false |
grafana.route.tls.enabled |
Whether to secure the Grafana Route with TLS. See: TLSConfig | true |
grafana.route.tls.termination |
Type of TLS termination to use for the Grafana Route. One of: edge, passthrough, reencrypt |
edge |
grafana.route.tls.insecureEdgeTerminationPolicy |
Specify how to handle insecure traffic for the Grafana Route. One of: Allow, Disable, Redirect |
Redirect |
grafana.route.tls.key |
Custom private key to use when securing the Grafana Route | "" |
grafana.route.tls.certificate |
Custom certificate to use when securing the Grafana Route | "" |
grafana.route.tls.caCertificate |
Custom CA certificate to use, if needed to complete the certificate chain, when securing the Grafana Route | "" |
grafana.route.tls.destinationCACertificate |
Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Grafana Route | "" |
grafana.resources |
Resource requests/limits for the Grafana container. See: ResourceRequirements | {} |
grafana.securityContext |
Security Context for the Grafana container. Defaults to meet "restricted" Pod Security Standard. See: SecurityContext | {} |
| Name | Description | Value |
|---|---|---|
datasource |
Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana | |
datasource.image.repository |
Repository for the JFR Data Source container image | quay.io/cryostat/jfr-datasource |
datasource.image.pullPolicy |
Image pull policy for the JFR Data Source container image | IfNotPresent |
datasource.image.tag |
Tag for the JFR Data Source container image | 2.2.0 |
datasource.resources |
Resource requests/limits for the JFR Data Source container. See: ResourceRequirements | {} |
datasource.securityContext |
Security Context for the JFR Data Source container. Defaults to meet "restricted" Pod Security Standard. See: SecurityContext | {} |
| Name | Description | Value |
|---|---|---|
imagePullSecrets |
Image pull secrets to be used for the Cryostat deployment | [] |
nameOverride |
Overrides the name of this Chart | "" |
fullnameOverride |
Overrides the fully qualified application name of [release name]-[chart name] |
"" |
rbac.create |
Specifies whether RBAC resources should be created | true |
serviceAccount.create |
Specifies whether a service account should be created | true |
serviceAccount.annotations |
Annotations to add to the service account | {} |
serviceAccount.name |
The name of the service account to use. If not set and create is true, a name is generated using the fullname template | "" |
podAnnotations |
Annotations to be applied to the Cryostat Pod | {} |
podSecurityContext |
Security Context for the Cryostat Pod. Defaults to meet "restricted" Pod Security Standard. See: PodSecurityContext | {} |
nodeSelector |
Node Selector for the Cryostat Pod. See: NodeSelector | {} |
tolerations |
Tolerations for the Cryostat Pod. See: Tolerations | [] |
affinity |
Affinity for the Cryostat Pod. See: Affinity | {} |