cryostatio / cryostat-helm Goto Github PK
View Code? Open in Web Editor NEWHelm Chart for Cryostat
License: Other
Helm Chart for Cryostat
License: Other
The current test is a boilerplate one, we should modify this test to check health endpoints where possible.
When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. For example, if a workflow run pushes code using the repository's GITHUB_TOKEN, a new workflow will not run even when the repository contains a workflow configured to run when push events occur.
Like with the operator, it would be useful to allow persistence of recordings/templates/credentials with a Persistent Volume Claim.
Ah make sense to me! There is also another service case, related to service configurations.
With service type LoadBalancer
:
helm install cryostat-with-svc ./charts/cryostat/ \
--set core.service.type=LoadBalancer \
--set grafana.service.type=LoadBalancer
Since its relying cloud providers, likely there are additional annotations required on the Service. For example, with AWS, I have been manually patching the Services after installing the chart:
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-type: external
Do you think it would be good to allow setting those on chart values? Currently, we can only set Service's port and type.
Maybe, not this PR scope though.
Originally posted by @tthvo in #122 (comment)
Helm chart equivalent to cryostatio/cryostat-operator#399 (comment)
Would be good to be able to edit CRYOSTAT_K8S_NAMESPACES to watch multiple namespaces.
Probabily also Role and RoleBinding needs fixes to support that
No response
The tests are failing because the cryostat-v2.4
branch is still using latest
for various image tags. So this is actually deploying Cryostat 2.5.0-snapshot and not 2.4.0-snapshot.
https://github.com/helm/chart-releaser-action/releases/tag/v1.6.0
No response
For example, in the OpenShift Console, NOTES.txt is interpreted as Markdown. This can cause some variable names to be incorrect.
It would be useful to set this by default to not require the user to specify it themselves.
The operator generates credentials for Grafana and places them in a secret, we should explore options for how to enable Grafana authentication here.
See: #4
Start with minimal functionality:
We should have something here similar to our workflow for updating the web-client module. When a new commit is made to the gh-pages
branch, CI should push an update to the submodule reference on https://github.com/cryostatio/cryostatio.github.io.
We should have some CI jobs to lint/validate and run tests against helm chart releases.
After cryostatio/cryostat#1083, Cryostat needs a CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD
environment variable set for its JMX credentials database. At minimum, this can be generated using randAlphaNum
.
Look into way we can publish releases to coincide with Cryostat project releases, and also snapshot releases of the latest development branch.
Relevant GH action:
https://helm.sh/docs/howto/chart_releaser_action/
Once added, this can be referenced in the Chart.yaml.
This should be set to ">=1.19.0".
Yeh exactly! https://docs.mergify.com/commands/restrictions/#command-restriction-format
Perhaps we want something along these lines instead:
commands_restrictions:
backport:
conditions:
- sender=@team
Originally posted by @ebaron in #90 (comment)
Pull requests from reviewers should automatically labelled safe-to-test
.
References: https://github.com/cryostatio/cryostat/blob/main/.mergify.yml
As done in the operator, we should change image versions to latest
in our main branch.
References:
This either depends on #116 , or else --skip-auth-route
can be used initially so that the proxy can be deployed on its own acting as a passthrough gateway and requiring no authentication on any requests.
Related: cryostatio/cryostat#1269
Simliar to cryostatio/cryostat#1268
Hello!
Thanks for your project - it's awesome!
I'm trying to apply it in my K8S installation and it would be cool to have a few more options to configure:
Thanks in advance!
The credentials secret should use {{ .Release.Name }}
instead of cryostat
to avoid conflicting with other releases in the same namespace.
We should include a values.schema.json
file to validate chart values:
https://helm.sh/docs/topics/charts/#schema-files
This can be generated by readme-generator-for-helm.
Similar to the operator, the Helm chart should offer configuration to deploy Cryostat without Grafana integration.
After #114 (and #116), https://github.com/openshift/oauth-proxy/ can be deployed instead of oauth2-proxy. This should also respect the Basic auth configuration from #116 and its htpasswd
file, if the user provides this configuration. The container should be dropped in in place of oauth2-proxy in all instances and should be configured to pass requests to the same containers in the same manners. The only effective difference to the user should be that the login screen looks different and the credentials are OpenShift account credentials rather than htpasswd Basic credentials.
I am using EKS with crossplane helm provider to deploy helm charts. Trying to deploy this chart I got:
create failed: failed to install release: chart requires kubeVersion: >=1.19.0 which is incompatible with Kubernetes v1.24.8-eks-ffeb93d
Removing line from Chart.yaml helped to run smoothly.
The Release Drafter action creates draft releases, which will probably conflict with the releases that the Chart Releaser Action tries to make. I think it should actually be possible to substitute GitHub's built-in release notes generator for this action. We add a file to customize the format of the release notes, using labels as we do currently:
https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes#configuring-automatically-generated-release-notes
The Chart Releaser Action uses the GitHub Release API to generate release notes if they're not provided. Unfortunately this API doesn't provide a way to specify the previous tag to compare against. It does have a separate API to do this and return the release notes as JSON: https://docs.github.com/en/rest/releases/releases?apiVersion=2022-11-28#generate-release-notes-content-for-a-release
We can call this API inside the workflow which should already have the GitHub CLI installed:
# GitHub CLI api
# https://cli.github.com/manual/gh_api
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/OWNER/REPO/releases/generate-notes \
-f tag_name='v1.0.0' \
-f target_commitish='main' \
-f previous_tag_name='v0.9.2' \
-f configuration_file_path='.github/custom_release_config.yml'
We can use jq to grab the body from the response and output it to a file. Then create a config.yaml with release-notes-file: /path/to/release-notes
[1]. Then pass the config file to the Chart Releaser Action like this: https://github.com/helm/chart-releaser-action#example-using-custom-config
We might be able to use this action to quickly compute the previous semver tag. If not it should be easy to do ourselves.
Originally posted by @ebaron in #71 (comment)
References:
htpasswd
)We use readme-generator-for-helm to generate this section of the README by marking up our comments in values.yaml
Cryostat installed with the Helm Chart no longer sees any applications due to not setting CRYOSTAT_K8S_NAMESPACES
.
Applications in Cryostat's namespace should be discovered.
No response
See also cryostatio/cryostat3#266
?f=b25nb2luZy5qZnI failed, error id: 77f79b02-233e-44f9-b36d-fa359db7d470-3: software.amazon.awssdk.core.exception.SdkClientException: Unable to load credentials from any of the providers in the chain AwsCredentialsProviderChain(credentialsProviders=[SystemPropertyCredentialsProvider(), EnvironmentVariableCredentialsProvider(), WebIdentityTokenCredentialsProvider(), ProfileCredentialsProvider(profileName=default, profileFile=ProfileFile(profilesAndSectionsMap=[])), ContainerCredentialsProvider(), InstanceProfileCredentialsProvider()]) : [SystemPropertyCredentialsProvider(): Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId)., EnvironmentVariableCredentialsProvider(): Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId)., WebIdentityTokenCredentialsProvider(): Either the environment variable AWS_WEB_IDENTITY_TOKEN_FILE or the javaproperty aws.webIdentityTokenFile must be set., ProfileCredentialsProvider(profileName=default, profileFile=ProfileFile(profilesAndSectionsMap=[])): Profile file contained no credentials for profile 'default': ProfileFile(profilesAndSectionsMap=[]), ContainerCredentialsProvider(): Cannot fetch credentials from container - neither AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variables are set., InstanceProfileCredentialsProvider(): Failed to load credentials from IMDS.]
at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:111)
at software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain.resolveCredentials(AwsCredentialsProviderChain.java:117)
at software.amazon.awssdk.auth.credentials.internal.LazyAwsCredentialsProvider.resolveCredentials(LazyAwsCredentialsProvider.java:45)
at software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider.resolveCredentials(DefaultCredentialsProvider.java:128)
at software.amazon.awssdk.core.internal.util.MetricUtils.measureDuration(MetricUtils.java:54)
at software.amazon.awssdk.awscore.internal.authcontext.AwsCredentialsAuthorizationStrategy.resolveCredentials(AwsCredentialsAuthorizationStrategy.java:100)
at software.amazon.awssdk.awscore.internal.authcontext.AwsCredentialsAuthorizationStrategy.addCredentialsToExecutionAttributes(AwsCredentialsAuthorizationStrategy.java:77)
at software.amazon.awssdk.services.s3.internal.signing.DefaultS3Presigner.invokeInterceptorsAndCreateExecutionContext(DefaultS3Presigner.java:366)
at software.amazon.awssdk.services.s3.internal.signing.DefaultS3Presigner.presign(DefaultS3Presigner.java:308)
at software.amazon.awssdk.services.s3.internal.signing.DefaultS3Presigner.presignGetObject(DefaultS3Presigner.java:230)
at software.amazon.awssdk.services.s3.presigner.Producers_ProducerMethod_produceS3Presigner_439b267c3ef704c1a556181cdfd1b3e0d8559840_ClientProxy.presignGetObject(Unknown Source)
at io.cryostat.recordings.Recordings.redirectPresignedDownload(Recordings.java:1009)
at io.cryostat.recordings.Recordings$quarkusrestinvoker$redirectPresignedDownload_67828a00204dd3db027761f338e40a95b09257e0.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:145)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:840)
No response
No response
No response
No response
Set images to released versions and release chart
It would be useful to support some form of authentication when accessing Cryostat.
See also: cryostatio/cryostat-operator#206
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.