feat(chart): initial chart files

cryostat/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

cryostat/Chart.yaml

@@ -0,0 +1,51 @@
+apiVersion: v2
+name: cryostat
+description: Securely manage JFR recordings for your containerized Java workloads
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: "0.1.0"
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "2.1.0-dev"
+
+home: "https://cryostat.io"
+
+# TODO Copy to this repo
+icon: "https://raw.githubusercontent.com/cryostatio/cryostat-operator/main/docs/images/cryostat-icon.svg"
+
+keywords:
+- flightrecorder
+- java
+- jdk
+- jfr
+- jmc
+- missioncontrol
+- monitoring
+- profiling
+- diagnostic
+
+sources:
+- https://github.com/cryostatio/cryostat
+- https://github.com/cryostatio/cryostat-core
+- https://github.com/cryostatio/cryostat-web
+- https://github.com/cryostatio/jfr-datasource
+- https://github.com/cryostatio/cryostat-grafana-dashboard
+
+maintainers:
+- name: The Cryostat Community
+  url: https://groups.google.com/g/cryostat-development

cryostat/LICENSE

@@ -0,0 +1 @@
+../LICENSE

cryostat/README.md

@@ -0,0 +1 @@
+../README.md

cryostat/templates/NOTES.txt

@@ -0,0 +1,76 @@
+{{- $envVars := list }}
+{{- $portForwards := list }}
+{{- $listNum := 1 }}
+{{- if not (and .Values.core.ingress.enabled .Values.grafana.ingress.enabled) }}
+{{ $listNum }}. Tell Cryostat how to serve external traffic:
+{{- $listNum = add1 $listNum }}
+{{- end }}
+
+{{- if .Values.core.ingress.enabled }}
+{{- /* Do nothing */}}
+{{- else if contains "NodePort" .Values.core.service.type }}
+  export NODE_IP=$(kubectl get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  export NODE_PORT=$(kubectl get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }})
+{{- $envVars = list "CRYOSTAT_WEB_HOST=$NODE_IP" "CRYOSTAT_EXT_WEB_PORT=$NODE_PORT" }}
+{{- else if contains "LoadBalancer" .Values.core.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }} svc/{{ include "cryostat.fullname" . }}-grafana'
+  export SERVICE_IP=$(kubectl get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+{{- $envVars = list "CRYOSTAT_WEB_HOST=$SERVICE_IP" (printf "CRYOSTAT_EXT_WEB_PORT=%v" .Values.core.service.httpPort) }}
+{{- else if contains "ClusterIP" .Values.core.service.type }}
+  export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}"  --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+{{- $envVars = list "CRYOSTAT_WEB_HOST=127.0.0.1" "CRYOSTAT_EXT_WEB_PORT=8080" }}
+{{- $portForwards = prepend $portForwards "8080:$CONTAINER_PORT" }}
+{{- end }}
+
+{{- if .Values.grafana.ingress.enabled }}
+{{- /* Do nothing */}}
+{{- else if contains "NodePort" .Values.grafana.service.type }}
+{{- if not (contains "NodePort" .Values.core.service.type) }}
+  export NODE_IP=$(kubectl get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+{{- end }}
+  export GRAFANA_NODE_PORT=$(kubectl get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cryostat.fullname" . }}-grafana)
+{{- $envVars = append $envVars "GRAFANA_DASHBOARD_URL=http://$NODE_IP:$GRAFANA_NODE_PORT"}}
+{{- else if contains "LoadBalancer" .Values.grafana.service.type }}
+{{- if not (contains "LoadBalancer" .Values.core.service.type) }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get -n {{ .Release.Namespace }} -w svc/{{ include "cryostat.fullname" . }} svc/{{ include "cryostat.fullname" . }}-grafana'
+{{- end }}
+  export GRAFANA_SERVICE_IP=$(kubectl get svc -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }}-grafana --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+{{- $envVars = append $envVars (printf "GRAFANA_DASHBOARD_URL=http://$GRAFANA_SERVICE_IP:%v" .Values.grafana.service.port) }}
+{{- else if contains "ClusterIP" .Values.grafana.service.type }}
+{{- if not (contains "ClusterIP" .Values.core.service.type) }}
+  export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}"  --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}")
+{{- end }}
+  export GRAFANA_CONTAINER_PORT=$(kubectl get pod -n {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[1].ports[0].containerPort}")
+{{- $envVars = append $envVars "GRAFANA_DASHBOARD_URL=http://127.0.0.1:$GRAFANA_CONTAINER_PORT"}}
+{{- $portForwards = append $portForwards "$GRAFANA_CONTAINER_PORT:$GRAFANA_CONTAINER_PORT" }}
+{{- end }}
+
+{{- if not (empty $envVars) }}
+  kubectl -n {{ .Release.Namespace }} set env deploy --containers={{ .Chart.Name }} {{ include "cryostat.fullname" . }} {{ join " " $envVars }}
+{{- end }}
+
+{{- if not (empty $portForwards) }}
+
+{{ $listNum }}. Forward local ports to the application's pod:
+  export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }}"  --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}")
+  kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME {{ join " " $portForwards }}
+  {{- $listNum = add1 $listNum }}
+{{- end }}
+
+{{ $listNum }}. {{ "Visit the " }}{{ .Chart.Name | camelcase }}{{ " application at: " -}}
+{{- if .Values.core.ingress.enabled -}}
+{{- range $host := .Values.core.ingress.hosts -}}
+  {{- range .paths -}}
+  http{{ if $.Values.core.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.core.service.type }}
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.core.service.type }}
+  echo http://$SERVICE_IP:{{ .Values.core.service.port }}
+{{- else if contains "ClusterIP" .Values.core.service.type -}}
+  http://127.0.0.1:8080
+{{- end }}

cryostat/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cryostat.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cryostat.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cryostat.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cryostat.labels" -}}
+helm.sh/chart: {{ include "cryostat.chart" . }}
+{{ include "cryostat.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cryostat.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cryostat.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cryostat.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "cryostat.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

cryostat/templates/deployment.yaml

@@ -0,0 +1,157 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "cryostat.fullname" . }}
+  labels:
+    {{- include "cryostat.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "cryostat.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "cryostat.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "cryostat.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.core.securityContext | nindent 12 }}
+          image: "{{ .Values.core.image.repository }}:{{ .Values.core.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.core.image.pullPolicy }}
+          env:
+          - name: CRYOSTAT_WEB_PORT
+            value: "8181"
+          - name: CRYOSTAT_CONFIG_PATH
+            value: /opt/cryostat.d/conf.d
+          - name: CRYOSTAT_ARCHIVE_PATH
+            value: /opt/cryostat.d/recordings.d
+          - name: CRYOSTAT_TEMPLATE_PATH
+            value: /opt/cryostat.d/templates.d
+          - name: CRYOSTAT_CLIENTLIB_PATH
+            value: /opt/cryostat.d/clientlib.d
+          - name: CRYOSTAT_PROBE_TEMPLATE_PATH
+            value: /opt/cryostat.d/probes.d
+          - name: CRYOSTAT_EXT_WEB_PORT
+            value: "{{ if (and .Values.core.ingress.enabled .Values.core.ingress.tls) }}443{{ else }}80{{ end }}"
+          - name: CRYOSTAT_WEB_HOST
+            value: "{{ if .Values.core.ingress.enabled }}{{ with index .Values.core.ingress.hosts 0 }}{{ .host }}{{ end }}{{ end }}"
+          - name: CRYOSTAT_PLATFORM
+            value: io.cryostat.platform.internal.KubeApiPlatformStrategy
+          - name: CRYOSTAT_AUTH_MANAGER
+            value: io.cryostat.net.NoopAuthManager
+          - name: GRAFANA_DATASOURCE_URL
+            value: http://127.0.0.1:8080
+          - name: GRAFANA_DASHBOARD_URL
+            value: "{{ if .Values.grafana.ingress.enabled }}http{{ if .Values.grafana.ingress.tls }}s{{ end }}://{{ with index .Values.grafana.ingress.hosts 0 }}{{ .host }}{{ end }}{{ end }}"
+          - name: CRYOSTAT_DISABLE_SSL
+            value: "true"
+          - name: CRYOSTAT_DISABLE_JMX_AUTH
+            value: "true"
+          - name: CRYOSTAT_ALLOW_UNTRUSTED_SSL
+            value: "true"
+          {{- if (and .Values.core.ingress.enabled .Values.core.ingress.tls) }}
+          - name: CRYOSTAT_SSL_PROXIED
+            value: "true"
+          {{- end }}
+          ports:
+            - containerPort: 8181
+              protocol: TCP
+            - containerPort: 9090
+              protocol: TCP
+            - containerPort: 9091
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: "/health"
+              port: 8181
+          startupProbe:
+            httpGet:
+              path: "/health"
+              port: 8181
+            failureThreshold: 18
+          resources:
+            {{- toYaml .Values.core.resources | nindent 12 }}
+          volumeMounts:
+          - mountPath: /opt/cryostat.d/conf.d
+            name: {{ .Chart.Name }}
+            subPath: config
+          - mountPath: /opt/cryostat.d/recordings.d
+            name: {{ .Chart.Name }}
+            subPath: flightrecordings
+          - mountPath: /opt/cryostat.d/templates.d
+            name: {{ .Chart.Name }}
+            subPath: templates
+          - mountPath: /opt/cryostat.d/clientlib.d
+            name: {{ .Chart.Name }}
+            subPath: clientlib
+          - mountPath: /opt/cryostat.d/probes.d
+            name: {{ .Chart.Name }}
+            subPath: probes
+        - name: {{ printf "%s-%s" .Chart.Name "grafana" }}
+          securityContext:
+            {{- toYaml .Values.grafana.securityContext | nindent 12 }}
+          image: "{{ .Values.grafana.image.repository }}:{{ .Values.grafana.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.grafana.image.pullPolicy }}
+          env:
+          - name: JFR_DATASOURCE_URL
+            value: http://127.0.0.1:8080
+          - name: GF_AUTH_ANONYMOUS_ENABLED
+            value: "true"
+          ports:
+          - containerPort: 3000
+            protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /api/health
+              port: 3000
+          resources:
+            {{- toYaml .Values.grafana.resources | nindent 12 }}
+        - name: {{ printf "%s-%s" .Chart.Name "jfr-datasource" }}
+          securityContext:
+            {{- toYaml .Values.datasource.securityContext | nindent 12 }}
+          image: "{{ .Values.datasource.image.repository }}:{{ .Values.datasource.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.datasource.image.pullPolicy }}
+          env:
+          - name: LISTEN_HOST
+            value: 127.0.0.1
+          ports:
+          - containerPort: 8080
+            protocol: TCP
+          livenessProbe:
+            exec:
+              command:
+              - curl
+              - --fail
+              - http://127.0.0.1:8080
+          resources:
+            {{- toYaml .Values.datasource.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+      - name: {{ .Chart.Name }}
+        emptyDir: {}