From 8696b4bebb0ee0dc7ab905a39e71d00cf66d191f Mon Sep 17 00:00:00 2001 From: Ming Wang Date: Tue, 16 Jul 2024 16:02:38 -0400 Subject: [PATCH] gh-pages --- .github/ISSUE_TEMPLATE/bug_report.yml | 53 -- .github/ISSUE_TEMPLATE/config.yml | 5 - .github/ISSUE_TEMPLATE/feature_request.yml | 18 - .github/helm-release-config.yml | 2 - .github/release.yml | 21 - .github/workflows/ci.yml | 83 -- .github/workflows/helm-release.yml | 56 -- .github/workflows/push-oci.yml | 73 -- .github/workflows/submodule.yml | 44 - .mergify.yml | 24 - LICENSE | 1 - README.md | 1 - chart_schema.yaml | 17 - charts/cryostat/.helmignore | 23 - charts/cryostat/Chart.yaml | 41 - charts/cryostat/LICENSE | 202 ----- charts/cryostat/README.md | 145 ---- charts/cryostat/release-notes.md | 1 - charts/cryostat/templates/NOTES.txt | 63 -- charts/cryostat/templates/_helpers.tpl | 148 ---- charts/cryostat/templates/_oauth2Proxy.tpl | 43 - .../templates/_openshiftOauthProxy.tpl | 48 -- charts/cryostat/templates/alpha_config.yaml | 29 - .../templates/clusterrolebinding.yaml | 16 - charts/cryostat/templates/db_secret.yaml | 11 - charts/cryostat/templates/deployment.yaml | 281 ------- charts/cryostat/templates/ingress.yaml | 70 -- charts/cryostat/templates/pvc.yaml | 27 - charts/cryostat/templates/role.yaml | 61 -- charts/cryostat/templates/rolebinding.yaml | 31 - charts/cryostat/templates/route.yaml | 50 -- charts/cryostat/templates/service.yaml | 27 - charts/cryostat/templates/serviceaccount.yaml | 17 - .../templates/storage_access_secret.yaml | 7 - .../templates/tests/test-core-connection.yaml | 26 - .../tests/test-grafana-connection.yaml | 17 - .../tests/test-storage-connection.yaml | 17 - charts/cryostat/values.schema.json | 752 ------------------ charts/cryostat/values.yaml | 296 ------- ct.yaml | 6 - docs/images/cryostat-icon-reverse.svg | 1 - docs/images/cryostat-icon.svg | 1 - lintconf.yaml | 44 - 43 files changed, 2899 deletions(-) delete mode 100644 .github/ISSUE_TEMPLATE/bug_report.yml delete mode 100644 .github/ISSUE_TEMPLATE/config.yml delete mode 100644 .github/ISSUE_TEMPLATE/feature_request.yml delete mode 100644 .github/helm-release-config.yml delete mode 100644 .github/release.yml delete mode 100644 .github/workflows/ci.yml delete mode 100644 .github/workflows/helm-release.yml delete mode 100644 .github/workflows/push-oci.yml delete mode 100644 .github/workflows/submodule.yml delete mode 100644 .mergify.yml delete mode 120000 LICENSE delete mode 120000 README.md delete mode 100644 chart_schema.yaml delete mode 100644 charts/cryostat/.helmignore delete mode 100644 charts/cryostat/Chart.yaml delete mode 100644 charts/cryostat/LICENSE delete mode 100644 charts/cryostat/README.md delete mode 100644 charts/cryostat/release-notes.md delete mode 100644 charts/cryostat/templates/NOTES.txt delete mode 100644 charts/cryostat/templates/_helpers.tpl delete mode 100644 charts/cryostat/templates/_oauth2Proxy.tpl delete mode 100644 charts/cryostat/templates/_openshiftOauthProxy.tpl delete mode 100644 charts/cryostat/templates/alpha_config.yaml delete mode 100644 charts/cryostat/templates/clusterrolebinding.yaml delete mode 100644 charts/cryostat/templates/db_secret.yaml delete mode 100644 charts/cryostat/templates/deployment.yaml delete mode 100644 charts/cryostat/templates/ingress.yaml delete mode 100644 charts/cryostat/templates/pvc.yaml delete mode 100644 charts/cryostat/templates/role.yaml delete mode 100644 charts/cryostat/templates/rolebinding.yaml delete mode 100644 charts/cryostat/templates/route.yaml delete mode 100644 charts/cryostat/templates/service.yaml delete mode 100644 charts/cryostat/templates/serviceaccount.yaml delete mode 100644 charts/cryostat/templates/storage_access_secret.yaml delete mode 100644 charts/cryostat/templates/tests/test-core-connection.yaml delete mode 100644 charts/cryostat/templates/tests/test-grafana-connection.yaml delete mode 100644 charts/cryostat/templates/tests/test-storage-connection.yaml delete mode 100644 charts/cryostat/values.schema.json delete mode 100644 charts/cryostat/values.yaml delete mode 100644 ct.yaml delete mode 100644 docs/images/cryostat-icon-reverse.svg delete mode 100644 docs/images/cryostat-icon.svg delete mode 100644 lintconf.yaml diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml deleted file mode 100644 index b680b668..00000000 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: 🐞 Bug report -description: File a report to help us improve Cryostat. -title: '[Bug] ' -labels: [bug, needs-triage] - -body: - - type: textarea - attributes: - label: Current Behavior - description: A concise description of what you're experiencing. - placeholder: Tell us what you see! - validations: - required: true - - type: textarea - attributes: - label: Expected Behavior - description: A concise description of what you expected to happen. - placeholder: Tell us what you expected to see! - validations: - required: false - - type: textarea - attributes: - label: Steps To Reproduce - description: Steps to reproduce the behavior. - placeholder: | - 1. In this environment... - 2. With this config... - 3. Run '...' - 4. See error... - validations: - required: false - - type: textarea - attributes: - label: Environment - description: | - examples: - - **OS**: Ubuntu 20.04 - - **Environment**: OpenShift 4.11 - - **Version**: Cryostat 2.2.0 - value: | - - OS: - - Environment: - - Version: - render: Markdown - validations: - required: false - - type: textarea - attributes: - label: Anything else? - description: | - Screenshots? Links? References? Anything that will give us more context about the issue you are encountering! - validations: - required: false diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml deleted file mode 100644 index c7c2844a..00000000 --- a/.github/ISSUE_TEMPLATE/config.yml +++ /dev/null @@ -1,5 +0,0 @@ -blank_issues_enabled: enabled -contact_links: - - name: Cryostat Community Support - url: https://github.com/cryostatio/cryostat/discussions - about: Ask general questions about Cryostat here! diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml deleted file mode 100644 index c226da61..00000000 --- a/.github/ISSUE_TEMPLATE/feature_request.yml +++ /dev/null @@ -1,18 +0,0 @@ -name: ✨ Feature request -description: Improve an existing feature or add a new one. -title: '[Request] <title>' -labels: [feat, needs-triage] - -body: - - type: textarea - attributes: - label: Describe the feature - description: A clear and concise description of what the feature is. - placeholder: A nice feature that I'd like to suggest... - validations: - required: true - - type: textarea - attributes: - label: Anything other information? - validations: - required: false diff --git a/.github/helm-release-config.yml b/.github/helm-release-config.yml deleted file mode 100644 index 064ba412..00000000 --- a/.github/helm-release-config.yml +++ /dev/null @@ -1,2 +0,0 @@ -release-name-template: "v{{ .Version }}" -release-notes-file: release-notes.md diff --git a/.github/release.yml b/.github/release.yml deleted file mode 100644 index eae144f4..00000000 --- a/.github/release.yml +++ /dev/null @@ -1,21 +0,0 @@ -changelog: - categories: - - title: '🚀 Features' - labels: - - 'feat' - - title: '🔧 Fixes' - labels: - - 'fix' - - title: '📄 Documentation' - labels: - - 'docs' - - title: '⚙️ Maintenance' - labels: - - 'chore' - - 'ci' - - 'perf' - - 'test' - - 'build' - - title: 'Others' - labels: - - "*" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index 2986688d..00000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,83 +0,0 @@ -name: CI - -concurrency: - group: ci-${{ github.run_id }} - cancel-in-progress: true - -on: - push: - branches: - - main - - v[0-9]+ - - v[0-9]+.[0-9]+ - - cryostat-v[0-9]+.[0-9]+ - - pull_request: - types: - - opened - - reopened - - synchronize - - labeled - - unlabeled - branches: - - main - - v[0-9]+ - - v[0-9]+.[0-9]+ - - cryostat-v[0-9]+.[0-9]+ - -env: - TARGET_BRANCH: ${{ github.event.pull_request.base.ref || github.ref_name }} - TEST_NAMESPACE: helm-test - -jobs: - lint-chart: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Set up Helm - uses: azure/setup-helm@v4 - with: - version: v3.14.4 - - uses: actions/setup-python@v5 - with: - python-version: '3.x' - check-latest: true - - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 - - name: Lint chart - run: ct lint --target-branch ${TARGET_BRANCH} --lint-conf lintconf.yaml --config ct.yaml --chart-yaml-schema chart_schema.yaml - test-chart: - runs-on: ubuntu-latest - steps: - - name: Fail if safe-to-test label NOT applied - if: ${{ github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'safe-to-test') }} - run: exit 1 - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Set up Helm - uses: azure/setup-helm@v4 - with: - version: v3.14.4 - - uses: actions/setup-python@v5 - with: - python-version: '3.x' - check-latest: true - - uses: helm/chart-testing-action@v2.6.1 - - name: Set up Kind cluster - uses: helm/kind-action@v1 - with: - cluster_name: ci-${{ github.run_id }} - - name: Install and test chart - run: | - # FIXME: Remove when chart-testing fixes the issue https://github.com/helm/chart-testing/issues/525 - - HELM_LOCATION="$(which helm)" - sudo mv $HELM_LOCATION "$(dirname $HELM_LOCATION)/.helm" - cat <(echo '#!/usr/bin/env bash') <(echo 'exec .helm "${@//--reuse-values/--reset-then-reuse-values}"') | sudo tee $HELM_LOCATION - sudo chmod +x $HELM_LOCATION - - kubectl create ns $TEST_NAMESPACE - ct install --target-branch ${TARGET_BRANCH} --upgrade --namespace=$TEST_NAMESPACE --config ct.yaml --debug diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml deleted file mode 100644 index ef348ef3..00000000 --- a/.github/workflows/helm-release.yml +++ /dev/null @@ -1,56 +0,0 @@ -name: Release Helm Chart - -on: - workflow_dispatch: - -jobs: - helm-release: - permissions: - contents: write - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - name: Get release version - id: release-version - run: | - echo "tag=v$(yq .version charts/cryostat/Chart.yaml)" >> $GITHUB_OUTPUT - - name: Get previous version - id: previous-version - run: | - # Filter tags by regex, combine with the Chart version, sort by version number, and output the preceeding version. - chart_version="${{ steps.release-version.outputs.tag }}" - previous_version="$({ echo v${chart_version}; git tag -l | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$'; } | sort -V | grep -B1 "${chart_version}" | head -n1)" - echo "tag=${previous_version}" >> $GITHUB_OUTPUT - - name: Generate release notes - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - gh api --method POST \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/${GITHUB_REPOSITORY}/releases/generate-notes \ - -f tag_name="${{ steps.release-version.outputs.tag }}" \ - -f target_commitish="${GITHUB_REF_NAME}" \ - -f previous_tag_name="${{ steps.previous-version.outputs.tag }}" | jq -r .body > charts/cryostat/release-notes.md - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.6.0 - env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - with: - charts_dir: charts - config: .github/helm-release-config.yml - - update-helm-repo: - uses: ./.github/workflows/submodule.yml - needs: helm-release - if: github.repository_owner == 'cryostatio' - secrets: - SUBMODULE_TOKEN: ${{ secrets.SUBMODULE_TOKEN }} - GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} diff --git a/.github/workflows/push-oci.yml b/.github/workflows/push-oci.yml deleted file mode 100644 index 383a1bd5..00000000 --- a/.github/workflows/push-oci.yml +++ /dev/null @@ -1,73 +0,0 @@ -name: Push Helm Chart to OCI Registry - -on: - push: - branches: - - main - - v[0-9]+ - - v[0-9]+.[0-9]+ - - cryostat-v[0-9]+.[0-9]+ - workflow_dispatch: - -jobs: - helm-push-to-OCI: - permissions: - packages: write - contents: write - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Configure Git - run: | - git config user.name ${{ github.actor }} - git config user.email ${{ github.actor }}@users.noreply.github.com - - name: Get release version - id: release-version - run: | - echo "tag=v$(yq .version charts/cryostat/Chart.yaml)" >> $GITHUB_OUTPUT - - name: Get previous version - id: previous-version - run: | - # Filter tags by regex, combine with the Chart version, sort by version number, and output the preceeding version. - chart_version="${{ steps.release-version.outputs.tag }}" - previous_version="$({ echo v${chart_version}; git tag -l | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$'; } | sort -V | grep -B1 "${chart_version}" | head -n1)" - echo "tag=${previous_version}" >> $GITHUB_OUTPUT - - name: Generate release notes - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - gh api --method POST \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/${GITHUB_REPOSITORY}/releases/generate-notes \ - -f tag_name="${{ steps.release-version.outputs.tag }}" \ - -f target_commitish="${GITHUB_REF_NAME}" \ - -f previous_tag_name="${{ steps.previous-version.outputs.tag }}" | jq -r .body > charts/cryostat/release-notes.md - - name: Set up Helm - uses: azure/setup-helm@v4 - with: - version: v3.14.4 - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.6.0 - env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - CR_SKIP_EXISTING: "true" - with: - charts_dir: charts - config: .github/helm-release-config.yml - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Push charts to GHCR - run: | - for pkg in .cr-release-packages/*.tgz; do - if [ -z "${pkg:-}" ]; then - break - fi - helm push "${pkg}" oci://ghcr.io/${{ github.repository_owner }} - done diff --git a/.github/workflows/submodule.yml b/.github/workflows/submodule.yml deleted file mode 100644 index 64a45dbd..00000000 --- a/.github/workflows/submodule.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: submodule - -on: - workflow_call: - secrets: - SUBMODULE_TOKEN: - required: true - GPG_PRIVATE_KEY: - required: true - GPG_PASSPHRASE: - required: true - -defaults: - run: - shell: bash - -jobs: - update-submodule: - if: ${{ github.repository_owner == 'cryostatio' }} - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - repository: cryostatio/cryostatio.github.io - token: "${{ secrets.SUBMODULE_TOKEN }}" - - name: Import GPG key - uses: crazy-max/ghaction-import-gpg@v6 - with: - gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} - passphrase: ${{ secrets.GPG_PASSPHRASE }} - git_user_signingkey: true - git_commit_gpgsign: true - - name: Update submodule to latest commit - run: | - git submodule update --init - git submodule update --remote - - name: Commit and push submodule - run: | - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - git config user.name "github-actions[bot]" - git add --all - git_hash="$(git rev-parse --short :helm-charts)" - git commit -S -m "build(helm-charts): update submodule to $git_hash" || echo "No changes to commit" - git push diff --git a/.mergify.yml b/.mergify.yml deleted file mode 100644 index 90dfb5d5..00000000 --- a/.mergify.yml +++ /dev/null @@ -1,24 +0,0 @@ -pull_request_rules: - - name: backport patches to cryostat-v3.0 branch - conditions: - - base=main - - label=backport - actions: - backport: - branches: - - cryostat-v3.0 - assignees: - - "{{ author }}" - - - name: auto label PRs from reviewers - conditions: - - author=@reviewers - actions: - label: - add: - - safe-to-test - -commands_restrictions: - backport: - conditions: - - sender=@cryostatio/reviewers diff --git a/LICENSE b/LICENSE deleted file mode 120000 index 426f78aa..00000000 --- a/LICENSE +++ /dev/null @@ -1 +0,0 @@ -charts/cryostat/LICENSE \ No newline at end of file diff --git a/README.md b/README.md deleted file mode 120000 index ce5d3efa..00000000 --- a/README.md +++ /dev/null @@ -1 +0,0 @@ -charts/cryostat/README.md \ No newline at end of file diff --git a/chart_schema.yaml b/chart_schema.yaml deleted file mode 100644 index 00c2d87a..00000000 --- a/chart_schema.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Chart.yaml schema -apiVersion: str(required=True) -name: str() -description: str(required=True) -type: str() -version: str() -kubeVersion: str(required=True) -appVersion: str(required=True) -home: str(required=True) -icon: str(required=True) -keywords: list(str(), required=True) -sources: list(str(), required=True) -maintainers: list(include('maintainer'), required=True) ---- -maintainer: - name: str(required=True) - url: str(required=True) diff --git a/charts/cryostat/.helmignore b/charts/cryostat/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/charts/cryostat/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/cryostat/Chart.yaml b/charts/cryostat/Chart.yaml deleted file mode 100644 index 792c1131..00000000 --- a/charts/cryostat/Chart.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v2 -name: cryostat -description: Securely manage JFR recordings for your containerized Java workloads - -type: application - -version: "2.0.0-dev" - -kubeVersion: ">= 1.25.0-0" - -appVersion: "4.0.0-dev" - -home: "https://cryostat.io" - -icon: "https://raw.githubusercontent.com/cryostatio/cryostat-helm/main/docs/images/cryostat-icon.svg" - -keywords: -- flightrecorder -- java -- jdk -- jfr -- jmc -- missioncontrol -- monitoring -- profiling -- diagnostic - -sources: -- https://github.com/cryostatio/cryostat3 -- https://github.com/cryostatio/cryostat-core -- https://github.com/cryostatio/cryostat-web -- https://github.com/cryostatio/jfr-datasource -- https://github.com/cryostatio/cryostat-grafana-dashboard -- https://github.com/cryostatio/cryostat-db -- https://github.com/cryostatio/cryostat-storage -- https://github.com/cryostatio/openshift-oauth-proxy -- https://github.com/oauth2-proxy/oauth2-proxy - -maintainers: -- name: The Cryostat Community - url: https://groups.google.com/g/cryostat-development diff --git a/charts/cryostat/LICENSE b/charts/cryostat/LICENSE deleted file mode 100644 index 57bc88a1..00000000 --- a/charts/cryostat/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - diff --git a/charts/cryostat/README.md b/charts/cryostat/README.md deleted file mode 100644 index 3e88b052..00000000 --- a/charts/cryostat/README.md +++ /dev/null @@ -1,145 +0,0 @@ -# Cryostat Helm Chart -A Helm chart for deploying [Cryostat](https://cryostat.io/) on Kubernetes and OpenShift - -## Parameters - -### Cryostat Container - -| Name | Description | Value | -| ------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- | -| `core` | Configuration for the core Cryostat application | | -| `core.image.repository` | Repository for the main Cryostat container image | `quay.io/cryostat/cryostat` | -| `core.image.pullPolicy` | Image pull policy for the main Cryostat container image | `Always` | -| `core.image.tag` | Tag for the main Cryostat container image | `4.0.0-snapshot` | -| `core.service.type` | Type of Service to create for the Cryostat application | `ClusterIP` | -| `core.service.httpPort` | Port number to expose on the Service for Cryostat's HTTP server | `8181` | -| `core.sslProxied` | Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress | `false` | -| `core.ingress.enabled` | Whether to create an Ingress object for the Cryostat service | `false` | -| `core.ingress.className` | Ingress class name for the Cryostat application Ingress | `""` | -| `core.ingress.annotations` | Annotations to apply to the Cryostat application Ingress | `{}` | -| `core.ingress.hosts` | Hosts to create rules for in the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `core.ingress.tls` | TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) | `[]` | -| `core.route.enabled` | Whether to create a Route object for the Cryostat service. Available only on OpenShift | `false` | -| `core.route.tls.enabled` | Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) | `true` | -| `core.route.tls.termination` | Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt` | `edge` | -| `core.route.tls.insecureEdgeTerminationPolicy` | Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect` | `Redirect` | -| `core.route.tls.key` | Custom private key to use when securing the Cryostat application Route | `""` | -| `core.route.tls.certificate` | Custom certificate to use when securing the Cryostat application Route | `""` | -| `core.route.tls.caCertificate` | Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route | `""` | -| `core.route.tls.destinationCACertificate` | Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route | `""` | -| `core.resources` | Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `core.securityContext` | Security Context for the Cryostat container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | -| `core.databaseSecretName` | Name of the secret containing database keys. This secret must contain a CONNECTION_KEY secret which is the database connection password, and an ENCRYPTION_KEY secret which is the key used to encrypt sensitive data stored within the database, such as the target credentials keyring. It must not be updated across chart upgrades. It is recommended that the secret should be marked as immutable to avoid accidental changes to secret's data. More details: https://kubernetes.io/docs/concepts/configuration/secret/#secret-immutable | `""` | -| `core.discovery` | Configuration options to the Cryostat application's target discovery mechanisms | | -| `core.discovery.kubernetes.enabled` | Enables Kubernetes API discovery mechanism | `true` | -| `core.discovery.kubernetes.installNamespaceDisabled` | When false and `namespaces` is empty, the Cryostat application will default to discovery targets in the install namespace (i.e. `{{ .Release.Namespace }}`) | `false` | -| `core.discovery.kubernetes.namespaces` | List of namespaces whose workloads the Cryostat application should be permitted to access and profile | `[]` | -| `core.discovery.kubernetes.builtInPortNamesDisabled` | When false and `portNames` is empty, the Cryostat application will use the default port name `jfr-jmx` to look for JMX connectable targets. | `false` | -| `core.discovery.kubernetes.portNames` | List of port names that the Cryostat application should look for in order to consider a target as JMX connectable | `[]` | -| `core.discovery.kubernetes.builtInPortNumbersDisabled` | When false and `portNumbers` is empty, the Cryostat application will use the default port number `9091` to look for JMX connectable targets. | `false` | -| `core.discovery.kubernetes.portNumbers` | List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable | `[]` | - -### Database Container - -| Name | Description | Value | -| --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | -| `db` | Configuration for Cryostat's database | | -| `db.image.repository` | Repository for the database container image | `quay.io/cryostat/cryostat-db` | -| `db.image.pullPolicy` | Image pull policy for the database container image | `Always` | -| `db.image.tag` | Tag for the database container image | `latest` | -| `db.resources` | Resource requests/limits for the database container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `db.securityContext` | Security Context for the database container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - -### Storage Container - -| Name | Description | Value | -| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | -| `storage` | Configuration for Cryostat's object storage provider | | -| `storage.image.repository` | Repository for the storage container image | `quay.io/cryostat/cryostat-storage` | -| `storage.image.pullPolicy` | Image pull policy for the storage container image | `Always` | -| `storage.image.tag` | Tag for the storage container image | `latest` | -| `storage.resources` | Resource requests/limits for the storage container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `storage.securityContext` | Security Context for the storage container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - -### Grafana Container - -| Name | Description | Value | -| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------- | -| `grafana` | Configuration for the customized Grafana instance for Cryostat | | -| `grafana.image.repository` | Repository for the Grafana container image | `quay.io/cryostat/cryostat-grafana-dashboard` | -| `grafana.image.pullPolicy` | Image pull policy for the Grafana container image | `Always` | -| `grafana.image.tag` | Tag for the Grafana container image | `latest` | -| `grafana.service.type` | Type of Service to create for Grafana | `ClusterIP` | -| `grafana.service.port` | Port number to expose on the Service for Grafana's HTTP server | `3000` | -| `grafana.resources` | Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `grafana.securityContext` | Security Context for the Grafana container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - -### JFR Data Source Container - -| Name | Description | Value | -| ----------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | -| `datasource` | Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana | | -| `datasource.image.repository` | Repository for the JFR Data Source container image | `quay.io/cryostat/jfr-datasource` | -| `datasource.image.pullPolicy` | Image pull policy for the JFR Data Source container image | `Always` | -| `datasource.image.tag` | Tag for the JFR Data Source container image | `latest` | -| `datasource.resources` | Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `{}` | -| `datasource.securityContext` | Security Context for the JFR Data Source container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - -### Authentication - -| Name | Description | Value | -| ------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `authentication.openshift.enabled` | Whether the OAuth Proxy deployed for securing Cryostat's Pods should be one that integrates with OpenShift-specific features, or a generic one. | `false` | -| `authentication.openshift.clusterRole.name` | The name of the ClusterRole to bind for the OpenShift OAuth Proxy | `system:auth-delegator` | -| `authentication.basicAuth.enabled` | Whether Cryostat should use basic authentication for users. When false, Cryostat will not perform any form of authentication | `false` | -| `authentication.basicAuth.secretName` | Name of the Secret that contains the credentials within Cryostat's namespace **(Required if basicAuth is enabled)** | `""` | -| `authentication.basicAuth.filename` | Key within Secret containing the `htpasswd` file. The file should contain one user definition entry per line, with the syntax "user:passHash", where "user" is the username and "passHash" is the `bcrypt` hash of the desired password. Such an entry can be generated with ex. `htpasswd -nbB username password` **(Required if basicAuth is enabled)** | `""` | - -### OAuth2 Proxy - -| Name | Description | Value | -| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | -| `oauth2Proxy.image.repository` | Repository for the OAuth2 Proxy container image | `quay.io/oauth2-proxy/oauth2-proxy` | -| `oauth2Proxy.image.pullPolicy` | Image pull policy for the OAuth2 Proxy container image | `Always` | -| `oauth2Proxy.image.tag` | Tag for the OAuth2 Proxy container image | `latest` | -| `oauth2Proxy.securityContext` | Security Context for the OAuth2 Proxy container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1). If the chart is installed in default namespaces (e.g. default), `securityContext.runAsUser` must be set if the proxy image does not specify a numeric non-root user. This is due to OpenShift Security Context Constraints are not applied in default namespaces. See [Understanding and Managing Pod Security Admission](https://docs.openshift.com/container-platform/4.15/authentication/understanding-and-managing-pod-security-admission.html#psa-privileged-namespaces_understanding-and-managing-pod-security-admission). | `{}` | - -### OpenShift OAuth Proxy - -| Name | Description | Value | -| ---------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------- | -| `openshiftOauthProxy.image.repository` | Repository for the OpenShift OAuth Proxy container image | `quay.io/cryostat/openshift-oauth-proxy` | -| `openshiftOauthProxy.image.pullPolicy` | Image pull policy for the OpenShift OAuth Proxy container image | `Always` | -| `openshiftOauthProxy.image.tag` | Tag for the OpenShift OAuth Proxy container image | `cryostat-v3.0` | -| `openshiftOauthProxy.accessReview.enabled` | Whether the SubjectAccessReview/TokenAccessReview role checks for users and clients are enabled. If this is disabled then the proxy will only check that the user has valid credentials or holds a valid token. | `true` | -| `openshiftOauthProxy.accessReview.group` | The OpenShift resource group that the SubjectAccessReview/TokenAccessReview will be performed for. See https://github.com/openshift/oauth-proxy/?tab=readme-ov-file#delegate-authentication-and-authorization-to-openshift-for-infrastructure | `""` | -| `openshiftOauthProxy.accessReview.resource` | The OpenShift resource that the SubjectAccessReview/TokenAccessReview will be performed for. | `pods` | -| `openshiftOauthProxy.accessReview.subresource` | The OpenShift resource that the SubjectAccessReview/TokenAccessReview will be performed for. | `exec` | -| `openshiftOauthProxy.accessReview.name` | The OpenShift resource name that the SubjectAccessReview/TokenAccessReview will be performed for. | `""` | -| `openshiftOauthProxy.accessReview.namespace` | The OpenShift namespace that the SubjectAccessReview/TokenAccessReview will be performed for. | `{{ .Release.Namespace }}` | -| `openshiftOauthProxy.accessReview.verb` | The OpenShift resource name that the SubjectAccessReview/TokenAccessReview will be performed for. | `create` | -| `openshiftOauthProxy.accessReview.version` | The OpenShift resource version that the SubjectAccessReview/TokenAccessReview will be performed for. | `""` | -| `openshiftOauthProxy.securityContext` | Security Context for the OpenShift OAuth Proxy container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | - -### Other Parameters - -| Name | Description | Value | -| ---------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `imagePullSecrets` | Image pull secrets to be used for the Cryostat deployment | `[]` | -| `nameOverride` | Overrides the name of this Chart | `""` | -| `fullnameOverride` | Overrides the fully qualified application name of `[release name]-[chart name]` | `""` | -| `rbac.create` | Specifies whether RBAC resources should be created | `true` | -| `serviceAccount.create` | Specifies whether a service account should be created | `true` | -| `serviceAccount.annotations` | Annotations to add to the service account | `{}` | -| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `""` | -| `podAnnotations` | Annotations to be applied to the Cryostat Pod | `{}` | -| `podSecurityContext` | Security Context for the Cryostat Pod. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) | `{}` | -| `nodeSelector` | Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | -| `tolerations` | Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | -| `affinity` | Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | -| `pvc.enabled` | Specify whether to use persistentVolumeClaim or EmptyDir storage | `false` | -| `pvc.annotations` | Annotations to add to the persistentVolumeClaim | `{}` | -| `pvc.storage` | Storage size to request for the persistentVolumeClaim | `500Mi` | -| `pvc.accessModes` | Access mode for the persistentVolumeClaim. See: [Access Modes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims) | `["ReadWriteOnce"]` | -| `pvc.selector` | Selector for the persistentVolumeClaim. See: [Selector](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims) | `{}` | -| `pvc.storageClassName` | The name of the StorageClass for the persistentVolumeClaim. See: [Class](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims) | `undefined` | diff --git a/charts/cryostat/release-notes.md b/charts/cryostat/release-notes.md deleted file mode 100644 index 99ccb509..00000000 --- a/charts/cryostat/release-notes.md +++ /dev/null @@ -1 +0,0 @@ -<!-- Release notes generated using configuration in .github/release.yml --> diff --git a/charts/cryostat/templates/NOTES.txt b/charts/cryostat/templates/NOTES.txt deleted file mode 100644 index 3f1eeb77..00000000 --- a/charts/cryostat/templates/NOTES.txt +++ /dev/null @@ -1,63 +0,0 @@ -{{- $envVars := list }} -{{- $portForwards := list }} -{{- $listNum := 1 }} -{{- if not .Values.core.ingress.enabled }} -{{ $listNum }}. Tell Cryostat how to serve external traffic: -{{- $listNum = add1 $listNum }} - ``` -{{- if .Values.core.route.enabled }} -{{- /* Do nothing */}} - No actions required with this configuration. -{{- else if .Values.core.ingress.enabled }} -{{- /* Do nothing */}} - No actions required with this configuration. -{{- else if contains "NodePort" .Values.core.service.type }} - export NODE_IP=$(kubectl get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }}) -{{- $envVars = list "QUARKUS_HTTP_HOST=$NODE_IP" }} -{{- else if contains "LoadBalancer" .Values.core.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status by running 'kubectl get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }}' - export SERVICE_IP=$(kubectl get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $envVars = list "QUARKUS_HTTP_HOST=$SERVICE_IP" }} -{{- else if contains "ClusterIP" .Values.core.service.type }} - export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") -{{- $portForwards = prepend $portForwards "8080:$CONTAINER_PORT" }} -{{- end }} - -{{- if not (empty $envVars) }} - kubectl -n {{ .Release.Namespace }} set env deploy --containers={{ .Chart.Name }} {{ include "cryostat.fullname" . }} {{ join " " $envVars }} -{{- end }} - ``` -{{- end }} - -{{- if not (empty $portForwards) }} - -{{ $listNum }}. Forward local ports to the application's pod: - ``` - export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") - kubectl -n {{ .Release.Namespace }} wait --for=condition=available --timeout=60s deploy/{{ include "cryostat.fullname" . }} - kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME {{ join " " $portForwards }} - ``` - {{- $listNum = add1 $listNum }} -{{- end }} - -{{ $listNum }}. {{ "Visit the " }}{{ .Chart.Name | camelcase }}{{ " application at: " }} - ``` -{{- if .Values.core.route.enabled }} - echo {{ ternary "https" "http" .Values.core.route.tls.enabled }}://$(oc get route -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} -o jsonpath="{.status.ingress[0].host}") -{{- else if .Values.core.ingress.enabled }} -{{- range $host := .Values.core.ingress.hosts -}} - {{- range .paths }} - {{ ternary "http" "https" (empty $.Values.core.ingress.tls) }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.core.service.type }} - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.core.service.type }} - echo http://$SERVICE_IP:{{ .Values.core.service.httpPort }} -{{- else if contains "ClusterIP" .Values.core.service.type }} - http://localhost:8080 -{{- end }} - ``` diff --git a/charts/cryostat/templates/_helpers.tpl b/charts/cryostat/templates/_helpers.tpl deleted file mode 100644 index a9c302bf..00000000 --- a/charts/cryostat/templates/_helpers.tpl +++ /dev/null @@ -1,148 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "cryostat.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cryostat.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cryostat.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels. -*/}} -{{- define "cryostat.labels" -}} -helm.sh/chart: {{ include "cryostat.chart" . }} -{{ include "cryostat.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels. -*/}} -{{- define "cryostat.selectorLabels" -}} -app.kubernetes.io/name: {{ include "cryostat.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use. -*/}} -{{- define "cryostat.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "cryostat.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Get or generate a default connection key for database. -*/}} -{{- define "cryostat.databaseConnectionKey" -}} -{{- $secret := (lookup "v1" "Secret" .Release.Namespace (printf "%s-db" .Release.Name)) -}} -{{- if $secret -}} -{{/* - Use current key. Do not regenerate. -*/}} -{{- $secret.data.CONNECTION_KEY -}} -{{- else -}} -{{/* - Generate new key. -*/}} -{{- (randAlphaNum 32) | b64enc | quote -}} -{{- end -}} -{{- end -}} - -{{/* -Get or generate a default encryption key for database. -*/}} -{{- define "cryostat.databaseEncryptionKey" -}} -{{- $secret := (lookup "v1" "Secret" .Release.Namespace (printf "%s-db" .Release.Name)) -}} -{{- if $secret -}} -{{/* - Use current key. Do not regenerate. -*/}} -{{- $secret.data.ENCRYPTION_KEY -}} -{{- else -}} -{{/* - Generate new key -*/}} -{{- (randAlphaNum 32) | b64enc | quote -}} -{{- end -}} -{{- end -}} - -{{/* -Get or generate a default secret key for object storage. -*/}} -{{- define "cryostat.objectStorageSecretKey" -}} -{{- $secret := (lookup "v1" "Secret" .Release.Namespace (printf "%s-storage" .Release.Name)) -}} -{{- if $secret -}} -{{/* - Use current secret. Do not regenerate. -*/}} -{{- $secret.data.SECRET_KEY -}} -{{- else -}} -{{/* - Generate new secret -*/}} -{{- (randAlphaNum 32) | b64enc | quote -}} -{{- end -}} -{{- end -}} - -{{/* -Generate or retrieve a default value for cookieSecret. -*/}} -{{- define "cryostat.cookieSecret" -}} -{{- $secret := (lookup "v1" "Secret" .Release.Namespace (printf "%s-cookie-secret" .Release.Name)) -}} -{{- if $secret -}} -{{/* - Use the current secret. Do not regenerate. -*/}} -{{- $secret.data.COOKIE_SECRET | b64dec | quote -}} -{{- else -}} -{{/* - Generate a new secret. -*/}} -{{- $newSecret := randAlphaNum 24 | b64enc -}} -{{- $newSecret | quote -}} -{{- end }} -{{- end }} - -{{/* - Get sanitized list or defaults (if not disabled) as comma-separated list. -*/}} -{{- define "cryostat.commaSepList" -}} -{{- $l := index . 0 -}} -{{- $default := index . 1 -}} -{{- $disableDefaults := index . 2 -}} -{{- if and (not $l) (not $disableDefaults) -}} -{{- $l = list $default -}} -{{- end -}} -{{- join "," (default list $l | compact | uniq) | quote -}} -{{- end -}} diff --git a/charts/cryostat/templates/_oauth2Proxy.tpl b/charts/cryostat/templates/_oauth2Proxy.tpl deleted file mode 100644 index 8e8a9671..00000000 --- a/charts/cryostat/templates/_oauth2Proxy.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -Create OAuth2 Proxy container. Configurations defined in alpha_config.yaml -*/}} -{{- define "cryostat.oauth2Proxy" -}} -- name: {{ printf "%s-%s" .Chart.Name "authproxy" }} - securityContext: - {{- toYaml (.Values.oauth2Proxy).securityContext | nindent 4 }} - image: "{{ (.Values.oauth2Proxy).image.repository }}:{{ (.Values.oauth2Proxy).image.tag }}" - args: - - "--alpha-config=/etc/oauth2_proxy/alpha_config/alpha_config.yaml" - imagePullPolicy: {{ (.Values.oauth2Proxy).image.pullPolicy }} - env: - - name: OAUTH2_PROXY_REDIRECT_URL - value: "http://localhost:4180/oauth2/callback" - - name: OAUTH2_PROXY_COOKIE_SECRET - value: {{ include "cryostat.cookieSecret" . }} - - name: OAUTH2_PROXY_EMAIL_DOMAINS - value: "*" - {{- if .Values.authentication.basicAuth.enabled }} - - name: OAUTH2_PROXY_HTPASSWD_USER_GROUP - value: write - - name: OAUTH2_PROXY_HTPASSWD_FILE - value: /etc/oauth2_proxy/basicauth/{{ .Values.authentication.basicAuth.filename }} - {{- end }} - {{- if not .Values.authentication.basicAuth.enabled }} - - name: OAUTH2_PROXY_SKIP_AUTH_ROUTES - value: ".*" - {{- else }} - - name: OAUTH2_PROXY_SKIP_AUTH_ROUTES - value: "^/health(/liveness)?$" - {{- end }} - ports: - - containerPort: 4180 - protocol: TCP - volumeMounts: - - name: alpha-config - mountPath: /etc/oauth2_proxy/alpha_config - {{- if .Values.authentication.basicAuth.enabled }} - - name: {{ .Release.Name }}-htpasswd - mountPath: /etc/oauth2_proxy/basicauth - readOnly: true - {{- end }} -{{- end}} diff --git a/charts/cryostat/templates/_openshiftOauthProxy.tpl b/charts/cryostat/templates/_openshiftOauthProxy.tpl deleted file mode 100644 index 1b01b59c..00000000 --- a/charts/cryostat/templates/_openshiftOauthProxy.tpl +++ /dev/null @@ -1,48 +0,0 @@ -{{/* -Create OpenShift OAuth Proxy container. -*/}} -{{- define "cryostat.openshiftOauthProxy" -}} -- name: {{ printf "%s-%s" .Chart.Name "authproxy" }} - securityContext: - {{- toYaml .Values.openshiftOauthProxy.securityContext | nindent 4 }} - image: "{{ .Values.openshiftOauthProxy.image.repository }}:{{ .Values.openshiftOauthProxy.image.tag }}" - args: - - --skip-provider-button={{ not .Values.authentication.basicAuth.enabled }} - - --pass-access-token=false - - --pass-user-bearer-token=false - - --pass-basic-auth=false - - --upstream=http://localhost:8181/ - - --upstream=http://localhost:3000/grafana/ - - --upstream=http://localhost:8333/storage/ - - --cookie-secret={{ include "cryostat.cookieSecret" . }} - - --openshift-service-account={{ include "cryostat.serviceAccountName" . }} - - --proxy-websockets=true - - --http-address=0.0.0.0:4180 - - --https-address=:8443 - - --tls-cert=/etc/tls/private/tls.crt - - --tls-key=/etc/tls/private/tls.key - - --proxy-prefix=/oauth2 - {{- if .Values.openshiftOauthProxy.accessReview.enabled }} - - --openshift-sar=[{{ tpl ( omit .Values.openshiftOauthProxy.accessReview "enabled" | toJson ) . }}] - - --openshift-delegate-urls={"/":{{ tpl ( omit .Values.openshiftOauthProxy.accessReview "enabled" | toJson ) . }}} - {{- end }} - - --bypass-auth-for=^/health(/liveness)?$ - {{- if .Values.authentication.basicAuth.enabled }} - - --htpasswd-file=/etc/openshift_oauth_proxy/basicauth/{{ .Values.authentication.basicAuth.filename }} - {{- end }} - imagePullPolicy: {{ .Values.openshiftOauthProxy.image.pullPolicy }} - ports: - - containerPort: 4180 - protocol: TCP - volumeMounts: - {{- if .Values.authentication.basicAuth.enabled }} - - name: {{ .Release.Name }}-htpasswd - mountPath: /etc/openshift_oauth_proxy/basicauth - readOnly: true - {{- end }} - - name: {{ .Release.Name }}-proxy-tls - mountPath: /etc/tls/private - resources: {} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File -{{- end}} diff --git a/charts/cryostat/templates/alpha_config.yaml b/charts/cryostat/templates/alpha_config.yaml deleted file mode 100644 index e86013b8..00000000 --- a/charts/cryostat/templates/alpha_config.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-alpha-config -data: - alpha_config.yaml: |- - server: - BindAddress: http://0.0.0.0:4180 - upstreamConfig: - proxyRawPath: true - upstreams: - - id: cryostat - path: / - uri: http://localhost:8181 - - id: grafana - path: /grafana/ - uri: http://localhost:3000 - - id: storage - path: ^/storage/(.*)$ - rewriteTarget: /$1 - uri: http://localhost:8333 - passHostHeader: false - proxyWebSockets: false - providers: - - id: dummy - name: Unused - Sign In Below - clientId: CLIENT_ID - clientSecret: CLIENT_SECRET - provider: google diff --git a/charts/cryostat/templates/clusterrolebinding.yaml b/charts/cryostat/templates/clusterrolebinding.yaml deleted file mode 100644 index 4721c7c3..00000000 --- a/charts/cryostat/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and (.Values.rbac.create) (.Values.authentication.openshift.enabled) -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Values.authentication.openshift.clusterRole.name }} -subjects: -- kind: ServiceAccount - name: {{ include "cryostat.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/cryostat/templates/db_secret.yaml b/charts/cryostat/templates/db_secret.yaml deleted file mode 100644 index 26df5339..00000000 --- a/charts/cryostat/templates/db_secret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if empty .Values.core.databaseSecretName -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-db -type: Opaque -immutable: true -data: - ENCRYPTION_KEY: {{ include "cryostat.databaseEncryptionKey" . }} - CONNECTION_KEY: {{ include "cryostat.databaseConnectionKey" . }} -{{- end -}} diff --git a/charts/cryostat/templates/deployment.yaml b/charts/cryostat/templates/deployment.yaml deleted file mode 100644 index 1307ebcf..00000000 --- a/charts/cryostat/templates/deployment.yaml +++ /dev/null @@ -1,281 +0,0 @@ -{{- $fullName := include "cryostat.fullname" . -}} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "cryostat.fullname" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - {{- include "cryostat.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "cryostat.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "cryostat.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - {{- if (.Values.authentication.openshift).enabled }} - {{- include "cryostat.openshiftOauthProxy" . | nindent 8 }} - {{- else }} - {{- include "cryostat.oauth2Proxy" . | nindent 8 }} - {{- end }} - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.core.securityContext | nindent 12 }} - image: "{{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}" - imagePullPolicy: {{ .Values.core.image.pullPolicy }} - env: - - name: QUARKUS_HTTP_HOST - value: localhost - - name: QUARKUS_HTTP_PORT - value: "8181" - - name: QUARKUS_HTTP_PROXY_PROXY_ADDRESS_FORWARDING - value: 'true' - - name: QUARKUS_HTTP_PROXY_ALLOW_X_FORWARDED - value: 'true' - - name: QUARKUS_HTTP_PROXY_ENABLE_FORWARDED_HOST - value: 'true' - - name: QUARKUS_HTTP_PROXY_ENABLE_FORWARDED_PREFIX - value: 'true' - - name: QUARKUS_HIBERNATE_ORM_DATABASE_GENERATION - value: drop-and-create - - name: QUARKUS_DATASOURCE_USERNAME - value: cryostat3 - - name: QUARKUS_DATASOURCE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default (printf "%s-db" .Release.Name) .Values.core.databaseSecretName }} - key: CONNECTION_KEY - optional: false - - name: QUARKUS_DATASOURCE_JDBC_URL - value: jdbc:postgresql://localhost:5432/cryostat3 - - name: STORAGE_BUCKETS_ARCHIVES_NAME - value: archivedrecordings - - name: QUARKUS_S3_ENDPOINT_OVERRIDE - value: http://localhost:8333 - - name: QUARKUS_S3_PATH_STYLE_ACCESS - value: "true" - - name: QUARKUS_S3_AWS_REGION - value: us-east-1 - - name: QUARKUS_S3_AWS_CREDENTIALS_TYPE - value: static - - name: QUARKUS_S3_AWS_CREDENTIALS_STATIC_PROVIDER_ACCESS_KEY_ID - value: cryostat - - name: AWS_ACCESS_KEY_ID - value: $(QUARKUS_S3_AWS_CREDENTIALS_STATIC_PROVIDER_ACCESS_KEY_ID) - - name: QUARKUS_S3_AWS_CREDENTIALS_STATIC_PROVIDER_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ printf "%s-storage" .Release.Name }} - key: SECRET_KEY - optional: false - - name: AWS_SECRET_ACCESS_KEY - value: $(QUARKUS_S3_AWS_CREDENTIALS_STATIC_PROVIDER_SECRET_ACCESS_KEY) - - name: GRAFANA_DATASOURCE_URL - value: http://localhost:8800 - - name: GRAFANA_DASHBOARD_URL - value: http://localhost:3000 - - name: GRAFANA_DASHBOARD_EXT_URL - value: /grafana/ - {{- if .Values.core.discovery.kubernetes.enabled }} - - name: CRYOSTAT_DISCOVERY_KUBERNETES_ENABLED - value: "true" - {{- with .Values.core.discovery.kubernetes }} - - name: CRYOSTAT_DISCOVERY_KUBERNETES_NAMESPACES - value: {{ include "cryostat.commaSepList" (list .namespaces $.Release.Namespace .installNamespaceDisabled) }} - - name: CRYOSTAT_DISCOVERY_KUBERNETES_PORT_NAMES - value: {{ include "cryostat.commaSepList" (list .portNames "jfr-jmx" .builtInPortNamesDisabled) }} - - name: CRYOSTAT_DISCOVERY_KUBERNETES_PORT_NUMBERS - value: {{ include "cryostat.commaSepList" (list .portNumbers 9091 .builtInPortNumbersDisabled) }} - {{- end }} - {{- end }} - ports: - - containerPort: 8181 - protocol: TCP - livenessProbe: - httpGet: - path: "/health/liveness" - port: 8181 - startupProbe: - httpGet: - path: "/health/liveness" - port: 8181 - failureThreshold: 18 - resources: - {{- toYaml .Values.core.resources | nindent 12 }} - - name: {{ printf "%s-%s" .Chart.Name "db" }} - securityContext: - {{- toYaml (.Values.db).securityContext | nindent 12 }} - image: "{{ (.Values.db).image.repository }}:{{ (.Values.db).image.tag }}" - imagePullPolicy: {{ (.Values.db).image.pullPolicy }} - env: - - name: POSTGRESQL_USER - value: cryostat3 - - name: POSTGRESQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default (printf "%s-db" .Release.Name) .Values.core.databaseSecretName }} - key: CONNECTION_KEY - optional: false - - name: POSTGRESQL_DATABASE - value: cryostat3 - - name: PG_ENCRYPT_KEY - valueFrom: - secretKeyRef: - name: {{ default (printf "%s-db" .Release.Name) .Values.core.databaseSecretName }} - key: ENCRYPTION_KEY - optional: false - ports: - - containerPort: 5432 - protocol: TCP - volumeMounts: - - mountPath: /var/lib/pgsql/data - name: {{ .Chart.Name }} - subPath: postgres - readinessProbe: - exec: - command: - - pg_isready - - -U - - cryostat3 - - -d - - cryostat3 - - name: {{ printf "%s-%s" .Chart.Name "storage" }} - securityContext: - {{- toYaml (.Values.storage).securityContext | nindent 12 }} - image: "{{ (.Values.storage).image.repository }}:{{ (.Values.storage).image.tag }}" - imagePullPolicy: {{ (.Values.storage).image.pullPolicy }} - env: - - name: CRYOSTAT_BUCKETS - value: archivedrecordings,archivedreports,eventtemplates,probes - - name: CRYOSTAT_ACCESS_KEY - value: cryostat - - name: CRYOSTAT_SECRET_KEY - valueFrom: - secretKeyRef: - name: {{ printf "%s-storage" .Release.Name }} - key: SECRET_KEY - optional: false - - name: DATA_DIR - value: /data - - name: IP_BIND - value: 0.0.0.0 - ports: - - containerPort: 8333 - protocol: TCP - volumeMounts: - - mountPath: /data - name: {{ .Chart.Name }} - subPath: seaweed - livenessProbe: - httpGet: - path: "/status" - port: 8333 - periodSeconds: 10 - failureThreshold: 2 - startupProbe: - httpGet: - path: "/status" - port: 8333 - periodSeconds: 10 - failureThreshold: 9 - resources: - {{- toYaml (.Values.storage).resources | nindent 12 }} - - name: {{ printf "%s-%s" .Chart.Name "grafana" }} - securityContext: - {{- toYaml .Values.grafana.securityContext | nindent 12 }} - image: "{{ .Values.grafana.image.repository }}:{{ .Values.grafana.image.tag }}" - imagePullPolicy: {{ .Values.grafana.image.pullPolicy }} - env: - - name: GF_AUTH_ANONYMOUS_ENABLED - value: "true" - - name: GF_SERVER_DOMAIN - value: localhost - - name: GF_SERVER_ROOT_URL - value: http://localhost:4180/grafana/ - - name: GF_SERVER_SERVE_FROM_SUB_PATH - value: "true" - - name: JFR_DATASOURCE_URL - value: http://localhost:8800 - ports: - - containerPort: 3000 - protocol: TCP - livenessProbe: - httpGet: - path: /api/health - port: 3000 - resources: - {{- toYaml .Values.grafana.resources | nindent 12 }} - - name: {{ printf "%s-%s" .Chart.Name "jfr-datasource" }} - securityContext: - {{- toYaml .Values.datasource.securityContext | nindent 12 }} - image: "{{ .Values.datasource.image.repository }}:{{ .Values.datasource.image.tag }}" - imagePullPolicy: {{ .Values.datasource.image.pullPolicy }} - env: - - name: LISTEN_HOST - value: localhost - - name: QUARKUS_HTTP_PORT - value: "8800" - ports: - - containerPort: 8800 - protocol: TCP - livenessProbe: - exec: - command: - - curl - - --fail - - http://localhost:8800 - resources: - {{- toYaml .Values.datasource.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - {{- if ((.Values.pvc).enabled) }} - - name: {{ .Chart.Name }} - persistentVolumeClaim: - claimName: {{ .Release.Name }} - {{- end }} - {{- if not ((.Values.pvc).enabled) }} - - name: {{ .Chart.Name }} - emptyDir: {} - {{- end }} - - name: alpha-config - configMap: - name: {{ .Release.Name }}-alpha-config - {{- if .Values.authentication.basicAuth.enabled }} - - name: {{ .Release.Name }}-htpasswd - secret: - defaultMode: 0440 - secretName: {{ .Values.authentication.basicAuth.secretName }} - {{- end }} - {{- if (.Values.authentication.openshift).enabled }} - - name: {{ .Release.Name }}-proxy-tls - secret: - secretName: {{ .Release.Name }}-proxy-tls - {{- end }} diff --git a/charts/cryostat/templates/ingress.yaml b/charts/cryostat/templates/ingress.yaml deleted file mode 100644 index 4a051f66..00000000 --- a/charts/cryostat/templates/ingress.yaml +++ /dev/null @@ -1,70 +0,0 @@ -{{- define "cryostat.createIngress" }} -{{- $svcName := index . 0 }} -{{- $svcPort := index . 1 }} -{{- $ := index . 2 }} -{{- with index . 3 }} -{{- if and .ingress.className (not (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .ingress.annotations "kubernetes.io/ingress.class" .ingress.className}} - {{- end }} -{{- end }} ---- -{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $svcName }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .ingress.className (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .ingress.className }} - {{- end }} - {{- if .ingress.tls }} - tls: - {{- range .ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $svcName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $svcName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} - -{{- $fullName := include "cryostat.fullname" . -}} -{{- if .Values.core.ingress.enabled }} -{{- include "cryostat.createIngress" (list $fullName .Values.core.service.httpPort $ .Values.core)}} -{{- end }} diff --git a/charts/cryostat/templates/pvc.yaml b/charts/cryostat/templates/pvc.yaml deleted file mode 100644 index 9e453623..00000000 --- a/charts/cryostat/templates/pvc.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if ((.Values.pvc).enabled) }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ include "cryostat.fullname" . }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .Values.pvc.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- with .Values.pvc.accessModes }} - accessModes: - {{- toYaml . | nindent 4 }} - {{- end }} - resources: - requests: - storage: {{ .Values.pvc.storage }} - {{- if kindIs "string" .Values.pvc.storageClassName }} - storageClassName: {{ .Values.pvc.storageClassName | quote }} - {{- end }} - {{- with .Values.pvc.selector }} - selector: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/cryostat/templates/role.yaml b/charts/cryostat/templates/role.yaml deleted file mode 100644 index 98f96c60..00000000 --- a/charts/cryostat/templates/role.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- define "cryostat.createRole" -}} -{{- $ns := index . 0 -}} -{{- with index . 1 -}} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "cryostat.fullname" . }} - namespace: {{ $ns }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - - replicationcontrollers - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - get -- apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - verbs: - - get -- apiGroups: - - route.openshift.io - resources: - - routes - verbs: - - get - - list -{{- end -}} -{{- end -}} - -{{- if and .Values.rbac.create .Values.core.discovery.kubernetes.enabled -}} -{{- $watchNs := compact (default list .Values.core.discovery.kubernetes.namespaces) | uniq -}} -{{- if and (not $watchNs) (not .Values.core.discovery.kubernetes.installNamespaceDisabled) -}} -{{- $watchNs = list .Release.Namespace -}} -{{- end -}} -{{- range $ns := $watchNs }} -{{ include "cryostat.createRole" (list $ns $) }} -{{- end -}} -{{- end -}} diff --git a/charts/cryostat/templates/rolebinding.yaml b/charts/cryostat/templates/rolebinding.yaml deleted file mode 100644 index b2404966..00000000 --- a/charts/cryostat/templates/rolebinding.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- define "cryostat.createRolebinding" -}} -{{- $ns := index . 0 -}} -{{- with index . 1 -}} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "cryostat.fullname" . }} - namespace: {{ $ns }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "cryostat.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "cryostat.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} -{{- end -}} - -{{- if and .Values.rbac.create .Values.core.discovery.kubernetes.enabled -}} -{{- $watchNs := compact (default list .Values.core.discovery.kubernetes.namespaces) | uniq -}} -{{- if and (not $watchNs) (not .Values.core.discovery.kubernetes.installNamespaceDisabled) -}} -{{- $watchNs = list .Release.Namespace -}} -{{- end -}} -{{- range $ns := $watchNs }} -{{ include "cryostat.createRolebinding" (list $ns $) }} -{{- end -}} -{{- end -}} diff --git a/charts/cryostat/templates/route.yaml b/charts/cryostat/templates/route.yaml deleted file mode 100644 index 608269c1..00000000 --- a/charts/cryostat/templates/route.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- define "cryostat.createRoute" }} -{{- $svcName := index . 0 }} -{{- $targetPort := index . 1 }} -{{- $ := index . 2 }} -{{- with index . 3 }} ---- -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ $svcName }} - {{- $labels := include "cryostat.labels" $ | nindent 4 }} - labels: {{ $labels }} - {{- with .route.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - to: - kind: Service - name: {{ $svcName }} - port: - targetPort: {{ $targetPort }} -{{- if .route.tls.enabled }} - tls: - termination: {{ .route.tls.termination }} - insecureEdgeTerminationPolicy: {{ .route.tls.insecureEdgeTerminationPolicy }} - {{- if .route.tls.key }} - key: |- - {{- .route.tls.key | nindent 6 }} - {{- end }} - {{- if .route.tls.destinationCACertificate }} - destinationCACertificate: |- - {{- .route.tls.destinationCACertificate | nindent 6 }} - {{- end }} - {{- if .route.tls.caCertificate }} - caCertificate: |- - {{- .route.tls.caCertificate | nindent 6 }} - {{- end }} - {{- if .route.tls.certificate }} - certificate: |- - {{- .route.tls.certificate | nindent 6 }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} - -{{- $fullName := include "cryostat.fullname" . -}} -{{- if .Values.core.route.enabled }} -{{- include "cryostat.createRoute" (list $fullName 4180 $ .Values.core)}} -{{- end }} diff --git a/charts/cryostat/templates/service.yaml b/charts/cryostat/templates/service.yaml deleted file mode 100644 index d491ca65..00000000 --- a/charts/cryostat/templates/service.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- $fullName := include "cryostat.fullname" . -}} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ $fullName }} - labels: - {{- include "cryostat.labels" $ | nindent 4 }} - {{- if (.Values.authentication.openshift).enabled }} - annotations: - service.alpha.openshift.io/serving-cert-secret-name: {{ .Release.Name }}-proxy-tls - {{- end }} -spec: - type: {{ .Values.core.service.type }} - ports: - - port: {{ .Values.core.service.httpPort }} - targetPort: 4180 - protocol: TCP - name: cryostat-http - {{- if (.Values.authentication.openshift).enabled }} - - port: 443 - targetPort: 8443 - protocol: TCP - name: cryostat-https - {{- end }} - selector: - {{- include "cryostat.selectorLabels" $ | nindent 4 }} diff --git a/charts/cryostat/templates/serviceaccount.yaml b/charts/cryostat/templates/serviceaccount.yaml deleted file mode 100644 index e6da50e6..00000000 --- a/charts/cryostat/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if (.Values.authentication.openshift).enabled -}} -{{- $fullName := include "cryostat.fullname" . -}} -{{- $redirectAnnotations := dict "serviceaccounts.openshift.io/oauth-redirectreference.primary" (printf "{\"kind\":\"OAuthRedirectReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"Route\",\"name\":\"%s\"}}" $fullName) -}} -{{- $_ := merge .Values.serviceAccount.annotations $redirectAnnotations -}} -{{- end -}} -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "cryostat.serviceAccountName" . }} - labels: - {{- include "cryostat.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/cryostat/templates/storage_access_secret.yaml b/charts/cryostat/templates/storage_access_secret.yaml deleted file mode 100644 index b17a18e3..00000000 --- a/charts/cryostat/templates/storage_access_secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-storage -type: Opaque -data: - SECRET_KEY: {{ include "cryostat.objectStorageSecretKey" . }} diff --git a/charts/cryostat/templates/tests/test-core-connection.yaml b/charts/cryostat/templates/tests/test-core-connection.yaml deleted file mode 100644 index cfb91744..00000000 --- a/charts/cryostat/templates/tests/test-core-connection.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "cryostat.fullname" . }}-test-core-connection" - labels: - {{- include "cryostat.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: curl - image: registry.access.redhat.com/ubi8/ubi:latest - command: - - '/bin/bash' - - '-exc' - - > - dnf install --disableplugin=subscription-manager -yq jq; - curl -sSf --retry 10 --retry-connrefused -o /tmp/out.json http://{{ include "cryostat.fullname" . }}:{{ .Values.core.service.httpPort }}/health; - cat /tmp/out.json; - {{- if hasSuffix "-dev" .Chart.AppVersion }} - jq -e '{{ printf "(.cryostatVersion | test(\"^v%s-snapshot$\"))" (.Chart.AppVersion | trimSuffix "-dev" | squote) }}' /tmp/out.json; - {{- else }} - jq -e '{{ printf "(.cryostatVersion | test(\"^v%s\"))" (.Chart.AppVersion | squote) }}' /tmp/out.json; - {{- end }} - jq -e '.datasourceAvailable' /tmp/out.json - restartPolicy: Never diff --git a/charts/cryostat/templates/tests/test-grafana-connection.yaml b/charts/cryostat/templates/tests/test-grafana-connection.yaml deleted file mode 100644 index d68c007e..00000000 --- a/charts/cryostat/templates/tests/test-grafana-connection.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "cryostat.fullname" . }}-test-grafana-connection" - labels: - {{- include "cryostat.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: curl - image: registry.access.redhat.com/ubi8/ubi:latest - command: - - '/bin/bash' - - '-exc' - - curl -sSf --retry 10 --retry-connrefused http://{{ include "cryostat.fullname" . }}:{{ .Values.core.service.httpPort }}/grafana/api/health - restartPolicy: Never diff --git a/charts/cryostat/templates/tests/test-storage-connection.yaml b/charts/cryostat/templates/tests/test-storage-connection.yaml deleted file mode 100644 index d7435975..00000000 --- a/charts/cryostat/templates/tests/test-storage-connection.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "cryostat.fullname" . }}-test-storage-connection" - labels: - {{- include "cryostat.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: curl - image: registry.access.redhat.com/ubi8/ubi:latest - command: - - '/bin/bash' - - '-exc' - - curl -sSf --retry 10 --retry-connrefused http://{{ include "cryostat.fullname" . }}:{{ .Values.core.service.httpPort }}/storage/ - restartPolicy: Never diff --git a/charts/cryostat/values.schema.json b/charts/cryostat/values.schema.json deleted file mode 100644 index 548914a9..00000000 --- a/charts/cryostat/values.schema.json +++ /dev/null @@ -1,752 +0,0 @@ -{ - "title": "Chart Values", - "type": "object", - "properties": { - "core": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the main Cryostat container image", - "default": "quay.io/cryostat/cryostat" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the main Cryostat container image", - "default": "Always" - }, - "tag": { - "type": "string", - "description": "Tag for the main Cryostat container image", - "default": "4.0.0-snapshot" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for the Cryostat application", - "default": "ClusterIP" - }, - "httpPort": { - "type": "number", - "description": "Port number to expose on the Service for Cryostat's HTTP server", - "default": 8181 - } - } - }, - "sslProxied": { - "type": "boolean", - "description": "Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress", - "default": false - }, - "ingress": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create an Ingress object for the Cryostat service", - "default": false - }, - "className": { - "type": "string", - "description": "Ingress class name for the Cryostat application Ingress", - "default": "" - }, - "hosts": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "host": { - "type": "string", - "description": "" - }, - "paths": { - "type": "array", - "description": "", - "items": { - "type": "object", - "properties": { - "path": { - "type": "string", - "description": "" - }, - "pathType": { - "type": "string", - "description": "" - } - } - } - } - } - } - }, - "tls": { - "type": "array", - "description": "TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec)", - "default": [], - "items": {} - } - } - }, - "route": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to create a Route object for the Cryostat service. Available only on OpenShift", - "default": false - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)", - "default": true - }, - "termination": { - "type": "string", - "description": "Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt`", - "default": "edge" - }, - "insecureEdgeTerminationPolicy": { - "type": "string", - "description": "Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect`", - "default": "Redirect" - }, - "key": { - "type": "string", - "description": "Custom private key to use when securing the Cryostat application Route", - "default": "" - }, - "certificate": { - "type": "string", - "description": "Custom certificate to use when securing the Cryostat application Route", - "default": "" - }, - "caCertificate": { - "type": "string", - "description": "Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route", - "default": "" - }, - "destinationCACertificate": { - "type": "string", - "description": "Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route", - "default": "" - } - } - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - }, - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "databaseSecretName": { - "type": "string", - "description": "Name of the secret containing database keys. This secret must contain a CONNECTION_KEY secret which is the database connection password, and an ENCRYPTION_KEY secret which is the key used to encrypt sensitive data stored within the database, such as the target credentials keyring. It must not be updated across chart upgrades. It is recommended that the secret should be marked as immutable to avoid accidental changes to secret's data. More details: https://kubernetes.io/docs/concepts/configuration/secret/#secret-immutable", - "default": "" - }, - "discovery": { - "type": "object", - "properties": { - "kubernetes": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enables Kubernetes API discovery mechanism", - "default": true - }, - "installNamespaceDisabled": { - "type": "boolean", - "description": "When false and `namespaces` is empty, the Cryostat application will default to discovery targets in the install namespace (i.e. `{{ .Release.Namespace }}`)", - "default": false - }, - "namespaces": { - "type": "array", - "description": "List of namespaces whose workloads the Cryostat application should be permitted to access and profile", - "default": [], - "items": {} - }, - "builtInPortNamesDisabled": { - "type": "boolean", - "description": "When false and `portNames` is empty, the Cryostat application will use the default port name `jfr-jmx` to look for JMX connectable targets.", - "default": false - }, - "portNames": { - "type": "array", - "description": "List of port names that the Cryostat application should look for in order to consider a target as JMX connectable", - "default": [], - "items": {} - }, - "builtInPortNumbersDisabled": { - "type": "boolean", - "description": "When false and `portNumbers` is empty, the Cryostat application will use the default port number `9091` to look for JMX connectable targets.", - "default": false - }, - "portNumbers": { - "type": "array", - "description": "List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable", - "default": [], - "items": {} - } - } - } - } - } - } - }, - "db": { - "type": "object", - "properties": { - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the database container image", - "default": "quay.io/cryostat/cryostat-db" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the database container image", - "default": "Always" - }, - "tag": { - "type": "string", - "description": "Tag for the database container image", - "default": "latest" - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the database container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - } - } - }, - "storage": { - "type": "object", - "properties": { - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the storage container image", - "default": "quay.io/cryostat/cryostat-storage" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the storage container image", - "default": "Always" - }, - "tag": { - "type": "string", - "description": "Tag for the storage container image", - "default": "latest" - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the storage container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - } - } - }, - "grafana": { - "type": "object", - "properties": { - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the Grafana container image", - "default": "quay.io/cryostat/cryostat-grafana-dashboard" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the Grafana container image", - "default": "Always" - }, - "tag": { - "type": "string", - "description": "Tag for the Grafana container image", - "default": "latest" - } - } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for Grafana", - "default": "ClusterIP" - }, - "port": { - "type": "number", - "description": "Port number to expose on the Service for Grafana's HTTP server", - "default": 3000 - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - } - } - }, - "datasource": { - "type": "object", - "properties": { - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the JFR Data Source container image", - "default": "quay.io/cryostat/jfr-datasource" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the JFR Data Source container image", - "default": "Always" - }, - "tag": { - "type": "string", - "description": "Tag for the JFR Data Source container image", - "default": "latest" - } - } - }, - "resources": { - "type": "object", - "description": "Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)", - "default": {} - } - } - }, - "oauth2Proxy": { - "type": "object", - "properties": { - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the OAuth2 Proxy container image", - "default": "quay.io/oauth2-proxy/oauth2-proxy" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the OAuth2 Proxy container image", - "default": "Always" - }, - "tag": { - "type": "string", - "description": "Tag for the OAuth2 Proxy container image", - "default": "latest" - } - } - } - } - }, - "authentication": { - "type": "object", - "properties": { - "openshift": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether the OAuth Proxy deployed for securing Cryostat's Pods should be one that integrates with OpenShift-specific features, or a generic one.", - "default": false - }, - "clusterRole": { - "type": "object", - "properties": { - "name": { - "type": "string", - "description": "The name of the ClusterRole to bind for the OpenShift OAuth Proxy", - "default": "system:auth-delegator" - } - } - } - } - }, - "basicAuth": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether Cryostat should use basic authentication for users. When false, Cryostat will not perform any form of authentication", - "default": false - }, - "secretName": { - "type": "string", - "description": "Name of the Secret that contains the credentials within Cryostat's namespace **(Required if basicAuth is enabled)**", - "default": "" - }, - "filename": { - "type": "string", - "description": "Key within Secret containing the `htpasswd` file. The file should contain one user definition entry per line, with the syntax \"user:passHash\", where \"user\" is the username and \"passHash\" is the `bcrypt` hash of the desired password. Such an entry can be generated with ex. `htpasswd -nbB username password` **(Required if basicAuth is enabled)**", - "default": "" - } - } - } - } - }, - "openshiftOauthProxy": { - "type": "object", - "properties": { - "securityContext": { - "type": "object", - "properties": { - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "description": "", - "default": [ - "ALL" - ], - "items": { - "type": "string" - } - } - } - }, - "allowPrivilegeEscalation": { - "type": "boolean", - "description": "", - "default": false - } - } - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the OpenShift OAuth Proxy container image", - "default": "quay.io/cryostat/openshift-oauth-proxy" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the OpenShift OAuth Proxy container image", - "default": "Always" - }, - "tag": { - "type": "string", - "description": "Tag for the OpenShift OAuth Proxy container image", - "default": "cryostat-v3.0" - } - } - }, - "accessReview": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Whether the SubjectAccessReview/TokenAccessReview role checks for users and clients are enabled. If this is disabled then the proxy will only check that the user has valid credentials or holds a valid token.", - "default": true - }, - "group": { - "type": "string", - "description": "The OpenShift resource group that the SubjectAccessReview/TokenAccessReview will be performed for. See https://github.com/openshift/oauth-proxy/?tab=readme-ov-file#delegate-authentication-and-authorization-to-openshift-for-infrastructure", - "default": "" - }, - "resource": { - "type": "string", - "description": "The OpenShift resource that the SubjectAccessReview/TokenAccessReview will be performed for.", - "default": "pods" - }, - "subresource": { - "type": "string", - "description": "The OpenShift resource that the SubjectAccessReview/TokenAccessReview will be performed for.", - "default": "exec" - }, - "name": { - "type": "string", - "description": "The OpenShift resource name that the SubjectAccessReview/TokenAccessReview will be performed for.", - "default": "" - }, - "namespace": { - "type": "string", - "description": "The OpenShift namespace that the SubjectAccessReview/TokenAccessReview will be performed for.", - "default": "{{ .Release.Namespace }}" - }, - "verb": { - "type": "string", - "description": "The OpenShift resource name that the SubjectAccessReview/TokenAccessReview will be performed for.", - "default": "create" - }, - "version": { - "type": "string", - "description": "The OpenShift resource version that the SubjectAccessReview/TokenAccessReview will be performed for.", - "default": "" - } - } - } - } - }, - "podSecurityContext": { - "type": "object", - "properties": { - "seccompProfile": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "", - "default": "RuntimeDefault" - } - } - }, - "runAsNonRoot": { - "type": "boolean", - "description": "", - "default": true - } - } - }, - "imagePullSecrets": { - "type": "array", - "description": "Image pull secrets to be used for the Cryostat deployment", - "default": [], - "items": {} - }, - "nameOverride": { - "type": "string", - "description": "Overrides the name of this Chart", - "default": "" - }, - "fullnameOverride": { - "type": "string", - "description": "Overrides the fully qualified application name of `[release name]-[chart name]`", - "default": "" - }, - "rbac": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether RBAC resources should be created", - "default": true - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "create": { - "type": "boolean", - "description": "Specifies whether a service account should be created", - "default": true - }, - "name": { - "type": "string", - "description": "The name of the service account to use. If not set and create is true, a name is generated using the fullname template", - "default": "" - } - } - }, - "tolerations": { - "type": "array", - "description": "Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling)", - "default": [], - "items": {} - }, - "pvc": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "Specify whether to use persistentVolumeClaim or EmptyDir storage", - "default": false - }, - "storage": { - "type": "string", - "description": "Storage size to request for the persistentVolumeClaim", - "default": "500Mi" - }, - "accessModes": { - "type": "array", - "description": "Access mode for the persistentVolumeClaim. See: [Access Modes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims)", - "default": [ - "ReadWriteOnce" - ], - "items": { - "type": "string" - } - } - } - } - } -} \ No newline at end of file diff --git a/charts/cryostat/values.yaml b/charts/cryostat/values.yaml deleted file mode 100644 index 75cb9f6e..00000000 --- a/charts/cryostat/values.yaml +++ /dev/null @@ -1,296 +0,0 @@ -## @section Cryostat Container -## @extra core Configuration for the core Cryostat application -core: - image: - ## @param core.image.repository Repository for the main Cryostat container image - repository: "quay.io/cryostat/cryostat" - ## @param core.image.pullPolicy Image pull policy for the main Cryostat container image - pullPolicy: Always - ## @param core.image.tag Tag for the main Cryostat container image - tag: "4.0.0-snapshot" - service: - ## @param core.service.type Type of Service to create for the Cryostat application - type: ClusterIP - ## @param core.service.httpPort Port number to expose on the Service for Cryostat's HTTP server - httpPort: 8181 - ## @param core.sslProxied Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress - sslProxied: false - ingress: - ## @param core.ingress.enabled Whether to create an Ingress object for the Cryostat service - enabled: false - ## @param core.ingress.className Ingress class name for the Cryostat application Ingress - className: "" - ## @param core.ingress.annotations [object] Annotations to apply to the Cryostat application Ingress - annotations: {} - ## @param core.ingress.hosts [array] Hosts to create rules for in the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - hosts: - - host: cryostat.local - paths: - - path: / - pathType: ImplementationSpecific - ## @param core.ingress.tls [array] TLS configuration for the Cryostat application Ingress. See: [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec) - tls: [] - route: - ## @param core.route.enabled Whether to create a Route object for the Cryostat service. Available only on OpenShift - enabled: false - tls: - ## @param core.route.tls.enabled Whether to secure the Cryostat application Route with TLS. See: [TLSConfig](https://docs.openshift.com/container-platform/4.10/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls) - enabled: true - ## @param core.route.tls.termination Type of TLS termination to use for the Cryostat application Route. One of: `edge`, `passthrough`, `reencrypt` - termination: edge - ## @param core.route.tls.insecureEdgeTerminationPolicy Specify how to handle insecure traffic for the Cryostat application Route. One of: `Allow`, `Disable`, `Redirect` - insecureEdgeTerminationPolicy: Redirect - ## @param core.route.tls.key Custom private key to use when securing the Cryostat application Route - key: "" - ## @param core.route.tls.certificate Custom certificate to use when securing the Cryostat application Route - certificate: "" - ## @param core.route.tls.caCertificate Custom CA certificate to use, if needed to complete the certificate chain, when securing the Cryostat application Route - caCertificate: "" - ## @param core.route.tls.destinationCACertificate Provides the contents of the CA certificate of the final destination when using reencrypt termination for the Cryostat application Route - destinationCACertificate: "" - ## @param core.resources Resource requests/limits for the Cryostat container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param core.securityContext [object] Security Context for the Cryostat container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: - ## @skip core.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip core.securityContext.capabilities - capabilities: - drop: - - ALL - ## @param core.databaseSecretName Name of the secret containing database keys. This secret must contain a CONNECTION_KEY secret which is the database connection password, and an ENCRYPTION_KEY secret which is the key used to encrypt sensitive data stored within the database, such as the target credentials keyring. It must not be updated across chart upgrades. It is recommended that the secret should be marked as immutable to avoid accidental changes to secret's data. More details: https://kubernetes.io/docs/concepts/configuration/secret/#secret-immutable - databaseSecretName: "" - ## @extra core.discovery Configuration options to the Cryostat application's target discovery mechanisms - discovery: - kubernetes: - ## @param core.discovery.kubernetes.enabled Enables Kubernetes API discovery mechanism - enabled: true - ## @param core.discovery.kubernetes.installNamespaceDisabled When false and `namespaces` is empty, the Cryostat application will default to discovery targets in the install namespace (i.e. `{{ .Release.Namespace }}`) - installNamespaceDisabled: false - ## @param core.discovery.kubernetes.namespaces [array] List of namespaces whose workloads the Cryostat application should be permitted to access and profile - namespaces: [] - ## @param core.discovery.kubernetes.builtInPortNamesDisabled When false and `portNames` is empty, the Cryostat application will use the default port name `jfr-jmx` to look for JMX connectable targets. - builtInPortNamesDisabled: false - ## @param core.discovery.kubernetes.portNames [array] List of port names that the Cryostat application should look for in order to consider a target as JMX connectable - portNames: [] - ## @param core.discovery.kubernetes.builtInPortNumbersDisabled When false and `portNumbers` is empty, the Cryostat application will use the default port number `9091` to look for JMX connectable targets. - builtInPortNumbersDisabled: false - ## @param core.discovery.kubernetes.portNumbers [array] List of port numbers that the Cryostat application should look for in order to consider a target as JMX connectable - portNumbers: [] - -## @section Database Container -## @extra db Configuration for Cryostat's database -db: - image: - ## @param db.image.repository Repository for the database container image - repository: "quay.io/cryostat/cryostat-db" - ## @param db.image.pullPolicy Image pull policy for the database container image - pullPolicy: Always - ## @param db.image.tag Tag for the database container image - tag: "latest" - ## @param db.resources Resource requests/limits for the database container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param db.securityContext [object] Security Context for the database container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: - ## @skip db.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip db.securityContext.capabilities - capabilities: - drop: - - ALL - -## @section Storage Container -## @extra storage Configuration for Cryostat's object storage provider -storage: - image: - ## @param storage.image.repository Repository for the storage container image - repository: "quay.io/cryostat/cryostat-storage" - ## @param storage.image.pullPolicy Image pull policy for the storage container image - pullPolicy: Always - ## @param storage.image.tag Tag for the storage container image - tag: "latest" - ## @param storage.resources Resource requests/limits for the storage container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param storage.securityContext [object] Security Context for the storage container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: - ## @skip storage.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip storage.securityContext.capabilities - capabilities: - drop: - - ALL - -## @section Grafana Container -## @extra grafana Configuration for the customized Grafana instance for Cryostat -grafana: - image: - ## @param grafana.image.repository Repository for the Grafana container image - repository: "quay.io/cryostat/cryostat-grafana-dashboard" - ## @param grafana.image.pullPolicy Image pull policy for the Grafana container image - pullPolicy: Always - ## @param grafana.image.tag Tag for the Grafana container image - tag: "latest" - service: - ## @param grafana.service.type Type of Service to create for Grafana - type: ClusterIP - ## @param grafana.service.port Port number to expose on the Service for Grafana's HTTP server - port: 3000 - ## @param grafana.resources Resource requests/limits for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param grafana.securityContext [object] Security Context for the Grafana container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: - ## @skip grafana.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip grafana.securityContext.capabilities - capabilities: - drop: - - ALL - -## @section JFR Data Source Container -## @extra datasource Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana -datasource: - image: - ## @param datasource.image.repository Repository for the JFR Data Source container image - repository: "quay.io/cryostat/jfr-datasource" - ## @param datasource.image.pullPolicy Image pull policy for the JFR Data Source container image - pullPolicy: Always - ## @param datasource.image.tag Tag for the JFR Data Source container image - tag: "latest" - ## @param datasource.resources Resource requests/limits for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) - resources: {} - ## @param datasource.securityContext [object] Security Context for the JFR Data Source container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: - ## @skip datasource.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip datasource.securityContext.capabilities - capabilities: - drop: - - ALL - -## @section Authentication - -authentication: - openshift: - ## @param authentication.openshift.enabled Whether the OAuth Proxy deployed for securing Cryostat's Pods should be one that integrates with OpenShift-specific features, or a generic one. - enabled: false - clusterRole: - ## @param authentication.openshift.clusterRole.name The name of the ClusterRole to bind for the OpenShift OAuth Proxy - name: system:auth-delegator - basicAuth: - ## @param authentication.basicAuth.enabled Whether Cryostat should use basic authentication for users. When false, Cryostat will not perform any form of authentication - enabled: false - ## @param authentication.basicAuth.secretName Name of the Secret that contains the credentials within Cryostat's namespace **(Required if basicAuth is enabled)** - secretName: "" - ## @param authentication.basicAuth.filename Key within Secret containing the `htpasswd` file. The file should contain one user definition entry per line, with the syntax "user:passHash", where "user" is the username and "passHash" is the `bcrypt` hash of the desired password. Such an entry can be generated with ex. `htpasswd -nbB username password` **(Required if basicAuth is enabled)** - filename: "" - -## @section OAuth2 Proxy - -oauth2Proxy: - image: - ## @param oauth2Proxy.image.repository Repository for the OAuth2 Proxy container image - repository: "quay.io/oauth2-proxy/oauth2-proxy" - ## @param oauth2Proxy.image.pullPolicy Image pull policy for the OAuth2 Proxy container image - pullPolicy: Always - ## @param oauth2Proxy.image.tag Tag for the OAuth2 Proxy container image - tag: "latest" - ## @param oauth2Proxy.securityContext [object] Security Context for the OAuth2 Proxy container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1). If the chart is installed in default namespaces (e.g. default), `securityContext.runAsUser` must be set if the proxy image does not specify a numeric non-root user. This is due to OpenShift Security Context Constraints are not applied in default namespaces. See [Understanding and Managing Pod Security Admission](https://docs.openshift.com/container-platform/4.15/authentication/understanding-and-managing-pod-security-admission.html#psa-privileged-namespaces_understanding-and-managing-pod-security-admission). - securityContext: - ## @skip oauth2Proxy.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip oauth2Proxy.securityContext.capabilities - capabilities: - drop: - - ALL - -## @section OpenShift OAuth Proxy - -openshiftOauthProxy: - image: - ## @param openshiftOauthProxy.image.repository Repository for the OpenShift OAuth Proxy container image - repository: "quay.io/cryostat/openshift-oauth-proxy" - ## @param openshiftOauthProxy.image.pullPolicy Image pull policy for the OpenShift OAuth Proxy container image - pullPolicy: Always - ## @param openshiftOauthProxy.image.tag Tag for the OpenShift OAuth Proxy container image - tag: "cryostat-v3.0" - accessReview: - ## @param openshiftOauthProxy.accessReview.enabled Whether the SubjectAccessReview/TokenAccessReview role checks for users and clients are enabled. If this is disabled then the proxy will only check that the user has valid credentials or holds a valid token. - enabled: true - ## @param openshiftOauthProxy.accessReview.group The OpenShift resource group that the SubjectAccessReview/TokenAccessReview will be performed for. See https://github.com/openshift/oauth-proxy/?tab=readme-ov-file#delegate-authentication-and-authorization-to-openshift-for-infrastructure - group: "" - ## @param openshiftOauthProxy.accessReview.resource The OpenShift resource that the SubjectAccessReview/TokenAccessReview will be performed for. - resource: "pods" - ## @param openshiftOauthProxy.accessReview.subresource The OpenShift resource that the SubjectAccessReview/TokenAccessReview will be performed for. - subresource: "exec" - ## @param openshiftOauthProxy.accessReview.name The OpenShift resource name that the SubjectAccessReview/TokenAccessReview will be performed for. - name: "" - ## @param openshiftOauthProxy.accessReview.namespace The OpenShift namespace that the SubjectAccessReview/TokenAccessReview will be performed for. - namespace: "{{ .Release.Namespace }}" - ## @param openshiftOauthProxy.accessReview.verb The OpenShift resource name that the SubjectAccessReview/TokenAccessReview will be performed for. - verb: "create" - ## @param openshiftOauthProxy.accessReview.version The OpenShift resource version that the SubjectAccessReview/TokenAccessReview will be performed for. - version: "" - ## @param openshiftOauthProxy.securityContext [object] Security Context for the OpenShift OAuth Proxy container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) - securityContext: - ## @skip openshiftOauthProxy.securityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - ## @skip openshiftOauthProxy.securityContext.capabilities - capabilities: - drop: - - ALL - -## @section Other Parameters - -## @param imagePullSecrets [array] Image pull secrets to be used for the Cryostat deployment -imagePullSecrets: [] -## @param nameOverride Overrides the name of this Chart -nameOverride: "" -## @param fullnameOverride Overrides the fully qualified application name of `[release name]-[chart name]` -fullnameOverride: "" - -rbac: - ## @param rbac.create Specifies whether RBAC resources should be created - create: true - -serviceAccount: - ## @param serviceAccount.create Specifies whether a service account should be created - create: true - ## @param serviceAccount.annotations [object] Annotations to add to the service account - annotations: {} - ## @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template - name: "" - -## @param podAnnotations [object] Annotations to be applied to the Cryostat Pod -podAnnotations: {} - -## @param podSecurityContext [object] Security Context for the Cryostat Pod. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) -podSecurityContext: - ## @skip podSecurityContext.runAsNonRoot - runAsNonRoot: true - ## @skip podSecurityContext.seccompProfile - seccompProfile: - type: RuntimeDefault - -## @param nodeSelector [object] Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -nodeSelector: {} - -## @param tolerations [array] Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -tolerations: [] - -## @param affinity [object] Affinity for the Cryostat Pod. See: [Affinity](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) -affinity: {} - -pvc: - ## @param pvc.enabled Specify whether to use persistentVolumeClaim or EmptyDir storage - enabled: false - ## @param pvc.annotations [object] Annotations to add to the persistentVolumeClaim - annotations: {} - ## @param pvc.storage Storage size to request for the persistentVolumeClaim - storage: 500Mi - ## @param pvc.accessModes Access mode for the persistentVolumeClaim. See: [Access Modes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims) - accessModes: - - ReadWriteOnce - ## @param pvc.selector [object] Selector for the persistentVolumeClaim. See: [Selector](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims) - selector: {} - ## @param pvc.storageClassName [string, nullable] The name of the StorageClass for the persistentVolumeClaim. See: [Class](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims) - # storageClassName: diff --git a/ct.yaml b/ct.yaml deleted file mode 100644 index 7ab74497..00000000 --- a/ct.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# ct configuration -chart-dirs: - - charts -check-version-increment: false -validate-maintainers: false -helm-extra-args: --timeout=600s diff --git a/docs/images/cryostat-icon-reverse.svg b/docs/images/cryostat-icon-reverse.svg deleted file mode 100644 index 0f05fa18..00000000 --- a/docs/images/cryostat-icon-reverse.svg +++ /dev/null @@ -1 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?><svg id="Layer_1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1024 1024"><defs><style>.cls-1{fill:#fff;}.cls-2{fill:#cae9ff;}.cls-3{fill:#95c9e9;}.cls-4{fill:#5fa8d3;}</style></defs><polygon class="cls-4" points="597.34 659.82 698.92 687.04 677.64 607.63 757.04 586.35 682.69 512 757.04 437.65 677.64 416.37 698.91 336.96 597.34 364.18 570.13 262.61 512 320.74 453.87 262.61 426.66 364.18 325.09 336.96 346.36 416.37 266.96 437.65 341.31 512 266.96 586.35 346.36 607.63 325.09 687.04 426.66 659.82 453.87 761.39 512 703.26 570.13 761.39 597.34 659.82"/><g><polygon class="cls-2" points="246.23 452.1 217.39 480.94 248.74 512.29 217.39 543.64 246.23 572.48 306.42 512.29 246.23 452.1"/><polygon class="cls-2" points="777.77 451.52 806.61 480.36 775.26 511.71 806.61 543.06 777.77 571.9 717.58 511.71 777.77 451.52"/><polygon class="cls-2" points="431.49 772.4 392.09 782.96 380.62 740.14 337.8 751.61 327.24 712.22 409.46 690.19 431.49 772.4"/><polygon class="cls-2" points="697.26 711.93 686.71 751.32 643.88 739.85 632.41 782.67 593.01 772.11 615.04 689.9 697.26 711.93"/><polygon class="cls-2" points="592.51 251.6 631.91 241.04 643.38 283.86 686.2 272.39 696.76 311.78 614.54 333.81 592.51 251.6"/><polygon class="cls-2" points="326.74 312.07 337.29 272.68 380.12 284.15 391.59 241.33 430.99 251.89 408.96 334.1 326.74 312.07"/></g><g><polygon class="cls-3" points="661.76 139.49 607.38 85.11 550.45 142.04 550.45 0 473.55 0 473.55 142.04 416.62 85.11 362.24 139.49 512 289.26 661.76 139.49"/><polygon class="cls-3" points="264.28 196.05 190 215.95 210.83 293.72 87.82 222.7 49.37 289.3 172.38 360.32 94.61 381.16 114.52 455.45 319.1 400.63 264.28 196.05"/><polygon class="cls-3" points="114.52 568.56 94.61 642.84 172.38 663.68 49.37 734.7 87.82 801.3 210.83 730.28 190 808.05 264.28 827.95 319.1 623.37 114.52 568.56"/><polygon class="cls-3" points="362.24 884.51 416.62 938.89 473.55 881.96 473.55 1024 550.45 1024 550.45 881.96 607.38 938.89 661.76 884.51 512 734.74 362.24 884.51"/><polygon class="cls-3" points="759.72 827.95 834 808.05 813.17 730.28 936.18 801.3 974.63 734.7 851.62 663.68 929.39 642.84 909.48 568.55 704.9 623.37 759.72 827.95"/><polygon class="cls-3" points="909.48 455.44 929.39 381.16 851.62 360.32 974.63 289.3 936.18 222.7 813.17 293.72 834 215.95 759.72 196.05 704.9 400.63 909.48 455.44"/></g><path class="cls-1" d="M512.54,579.47c-37.47,0-67.96-30.49-67.96-67.96s30.49-67.96,67.96-67.96c25.11,0,47.06,13.69,58.82,34l69.17-39.76-128.53-74.21-128.53,74.21v148.42l128.53,74.21,128.53-74.21-69.17-40.73c-11.77,20.3-33.72,33.99-58.82,33.99Z"/></svg> \ No newline at end of file diff --git a/docs/images/cryostat-icon.svg b/docs/images/cryostat-icon.svg deleted file mode 100644 index 9509dfc4..00000000 --- a/docs/images/cryostat-icon.svg +++ /dev/null @@ -1 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?><svg id="Layer_1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1024 1024"><defs><style>.cls-1{fill:#fff;}.cls-2{fill:#1b4965;}.cls-3{fill:#95c9e9;}.cls-4{fill:#5fa8d3;}</style></defs><polygon class="cls-4" points="661.76 139.49 607.38 85.11 550.45 142.04 550.45 0 473.55 0 473.55 142.04 416.62 85.11 362.24 139.49 512 289.26 661.76 139.49"/><polygon class="cls-2" points="597.34 659.82 698.92 687.04 677.64 607.63 757.04 586.35 682.69 512 757.04 437.65 677.64 416.37 698.91 336.96 597.34 364.18 570.13 262.61 512 320.74 453.87 262.61 426.66 364.18 325.09 336.96 346.36 416.37 266.96 437.65 341.31 512 266.96 586.35 346.36 607.63 325.09 687.04 426.66 659.82 453.87 761.39 512 703.26 570.13 761.39 597.34 659.82"/><polygon class="cls-3" points="246.23 452.1 217.39 480.94 248.74 512.29 217.39 543.64 246.23 572.48 306.42 512.29 246.23 452.1"/><polygon class="cls-3" points="777.77 451.52 806.61 480.36 775.26 511.71 806.61 543.06 777.77 571.9 717.58 511.71 777.77 451.52"/><polygon class="cls-3" points="431.49 772.4 392.09 782.96 380.62 740.14 337.8 751.61 327.24 712.22 409.46 690.19 431.49 772.4"/><polygon class="cls-3" points="697.26 711.93 686.71 751.32 643.88 739.85 632.41 782.67 593.01 772.11 615.04 689.9 697.26 711.93"/><polygon class="cls-3" points="592.51 251.6 631.91 241.04 643.38 283.86 686.2 272.39 696.76 311.78 614.54 333.81 592.51 251.6"/><polygon class="cls-3" points="326.74 312.07 337.29 272.68 380.12 284.15 391.59 241.33 430.99 251.89 408.96 334.1 326.74 312.07"/><polygon class="cls-4" points="264.28 196.05 190 215.95 210.83 293.72 87.82 222.7 49.37 289.3 172.38 360.32 94.61 381.16 114.52 455.45 319.1 400.63 264.28 196.05"/><polygon class="cls-4" points="114.52 568.56 94.61 642.84 172.38 663.68 49.37 734.7 87.82 801.3 210.83 730.28 190 808.05 264.28 827.95 319.1 623.37 114.52 568.56"/><polygon class="cls-4" points="362.24 884.51 416.62 938.89 473.55 881.96 473.55 1024 550.45 1024 550.45 881.96 607.38 938.89 661.76 884.51 512 734.74 362.24 884.51"/><polygon class="cls-4" points="759.72 827.95 834 808.05 813.17 730.28 936.18 801.3 974.63 734.7 851.62 663.68 929.39 642.84 909.48 568.55 704.9 623.37 759.72 827.95"/><polygon class="cls-4" points="909.48 455.44 929.39 381.16 851.62 360.32 974.63 289.3 936.18 222.7 813.17 293.72 834 215.95 759.72 196.05 704.9 400.63 909.48 455.44"/><path class="cls-1" d="M512.54,579.47c-37.47,0-67.96-30.49-67.96-67.96s30.49-67.96,67.96-67.96c25.11,0,47.06,13.69,58.82,34l69.17-39.76-128.53-74.21-128.53,74.21v148.42l128.53,74.21,128.53-74.21-69.17-40.73c-11.77,20.3-33.72,33.99-58.82,33.99Z"/></svg> \ No newline at end of file diff --git a/lintconf.yaml b/lintconf.yaml deleted file mode 100644 index dfc45a38..00000000 --- a/lintconf.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# Style standards for linting the values.yaml and Chart.yaml -# References: https://yamllint.readthedocs.io/en/stable/rules.html ---- -rules: - braces: - min-spaces-inside: 0 - max-spaces-inside: 0 - min-spaces-inside-empty: -1 - max-spaces-inside-empty: -1 - brackets: - min-spaces-inside: 0 - max-spaces-inside: 0 - min-spaces-inside-empty: -1 - max-spaces-inside-empty: -1 - colons: - max-spaces-before: 0 - max-spaces-after: 1 - commas: - max-spaces-before: 0 - min-spaces-after: 1 - max-spaces-after: 1 - comments: - require-starting-space: true - min-spaces-from-content: 2 # Inline comments - document-end: disable # # No ... to end a file - document-start: disable # No --- to start a file - empty-lines: - max: 2 - max-start: 0 - max-end: 1 - hyphens: - max-spaces-after: 1 - indentation: - spaces: consistent - indent-sequences: whatever # - list indentation will handle both indentation and without - check-multi-line-strings: false - key-duplicates: enable - line-length: disable # Lines can be any length - new-line-at-end-of-file: enable - new-lines: - type: unix - trailing-spaces: enable - truthy: - level: warning