Open tthvo opened 2 months ago
The docker-compose manifests should be good references:
https://github.com/cryostatio/cryostat/tree/main/compose/sample_apps
They might even be automatically convertible into k8s manifests using kompose
and smoketest.bash
:
$ cd cryostat
$ ./smoketest.bash -n | kompose convert -f -
Currently this fails:
FATA Unable to load files: 1 error(s) decoding:
* 'deploy.resources.limits.cpus' expected type 'string', got unconvertible type 'float64', value: '0.1'
but I imagine that some scripting can be done (ex. piping through yq
to remove the resource limits object) to automate this.
https://stackoverflow.com/questions/63854901/how-to-remove-an-attribute-in-yaml-file-using-yq
Actually, just upgrading from kompose
1.31
or whatever I had to the latest 1.34
fixed that:
$ ./smoketest.bash -tn | kompose convert --out kompose/ -f -
>>>> Executing external compose provider "/usr/bin/docker-compose". Please refer to the documentation for details. <<<<
WARN -: `version` is obsolete
WARN Restart policy 'unless-stopped' in service auth is not supported, convert it to 'always'
WARN Restart policy 'unless-stopped' in service cryostat is not supported, convert it to 'always'
WARN Restart policy 'unless-stopped' in service grafana is not supported, convert it to 'always'
WARN Restart policy 'unless-stopped' in service jfr-datasource is not supported, convert it to 'always'
WARN File don't exist or failed to check if the directory is empty: stat :/certs: no such file or directory
WARN File don't exist or failed to check if the directory is empty: stat :/tmp: no such file or directory
WARN File don't exist or failed to check if the directory is empty: stat :/opt/cryostat.d/templates.d: no such file or directory
WARN Skip file in path /run/user/1001/podman/podman.sock
WARN File don't exist or failed to check if the directory is empty: stat :/truststore: no such file or directory
WARN File don't exist or failed to check if the directory is empty: stat :/var/lib/pgsql/data: no such file or directory
WARN File don't exist or failed to check if the directory is empty: stat :/usr/share/opensearch/data: no such file or directory
WARN File don't exist or failed to check if the directory is empty: stat :/data: no such file or directory
INFO Kubernetes file "kompose/auth-service.yaml" created
INFO Kubernetes file "kompose/cryostat-service.yaml" created
INFO Kubernetes file "kompose/db-service.yaml" created
INFO Kubernetes file "kompose/gameserver-jdk11-service.yaml" created
INFO Kubernetes file "kompose/gameserver-jdk17-service.yaml" created
INFO Kubernetes file "kompose/gameserver-jdk21-service.yaml" created
INFO Kubernetes file "kompose/grafana-service.yaml" created
INFO Kubernetes file "kompose/jfr-datasource-service.yaml" created
INFO Kubernetes file "kompose/opensearch-dashboards-service.yaml" created
INFO Kubernetes file "kompose/opensearch-node-service.yaml" created
INFO Kubernetes file "kompose/quarkus-cryostat-agent-service.yaml" created
INFO Kubernetes file "kompose/s3-service.yaml" created
INFO Kubernetes file "kompose/vertx-agent-1-service.yaml" created
INFO Kubernetes file "kompose/vertx-agent-2-service.yaml" created
INFO Kubernetes file "kompose/vertx-agent-3-service.yaml" created
INFO Kubernetes file "kompose/vertx-agent-4-service.yaml" created
INFO Kubernetes file "kompose/auth-deployment.yaml" created
INFO Kubernetes file "kompose/auth-proxy-certs-persistentvolumeclaim.yaml" created
INFO Kubernetes file "kompose/auth-proxy-cfg-persistentvolumeclaim.yaml" created
INFO Kubernetes file "kompose/cryostat-deployment.yaml" created
INFO Kubernetes file "kompose/templates-persistentvolumeclaim.yaml" created
INFO Kubernetes file "kompose/jmxtls-cfg-persistentvolumeclaim.yaml" created
INFO Kubernetes file "kompose/db-deployment.yaml" created
INFO Kubernetes file "kompose/postgresql-persistentvolumeclaim.yaml" created
INFO Kubernetes file "kompose/gameserver-jdk11-deployment.yaml" created
INFO Kubernetes file "kompose/gameserver-jdk17-deployment.yaml" created
INFO Kubernetes file "kompose/gameserver-jdk17-cm0-configmap.yaml" created
INFO Kubernetes file "kompose/gameserver-jdk21-deployment.yaml" created
INFO Kubernetes file "kompose/gameserver-jdk21-cm0-configmap.yaml" created
INFO Kubernetes file "kompose/grafana-deployment.yaml" created
INFO Kubernetes file "kompose/jfr-datasource-deployment.yaml" created
INFO Kubernetes file "kompose/opensearch-dashboards-deployment.yaml" created
INFO Kubernetes file "kompose/opensearch-node-deployment.yaml" created
INFO Kubernetes file "kompose/opensearch-data-persistentvolumeclaim.yaml" created
INFO Kubernetes file "kompose/quarkus-cryostat-agent-deployment.yaml" created
INFO Kubernetes file "kompose/quarkus-cryostat-agent-cm0-configmap.yaml" created
INFO Kubernetes file "kompose/quarkus-cryostat-agent-cm1-configmap.yaml" created
INFO Kubernetes file "kompose/s3-deployment.yaml" created
INFO Kubernetes file "kompose/seaweed-data-persistentvolumeclaim.yaml" created
INFO Kubernetes file "kompose/vertx-agent-1-deployment.yaml" created
INFO Kubernetes file "kompose/vertx-agent-2-deployment.yaml" created
INFO Kubernetes file "kompose/vertx-agent-2-cm0-configmap.yaml" created
INFO Kubernetes file "kompose/vertx-agent-3-deployment.yaml" created
INFO Kubernetes file "kompose/vertx-agent-3-cm0-configmap.yaml" created
INFO Kubernetes file "kompose/vertx-agent-4-deployment.yaml" created
and the example manifests look like:
$ cat kompose/quarkus-cryostat-agent-*
apiVersion: v1
data:
certificate.pem: |
-----BEGIN CERTIFICATE-----
MIIFxDCCA6ygAwIBAgIUFeByXbVrU/z70l+sOgCxC1xhTK0wDQYJKoZIhvcNAQEL
BQAwaTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgMAk9OMRAwDgYDVQQHDAdUb3JvbnRv
MQ8wDQYDVQQKDAZSZWRIYXQxFzAVBgNVBAsMDkphdmFNb25pdG9yaW5nMREwDwYD
VQQDDAhDcnlvc3RhdDAeFw0yNDA5MTgyMDIwMzdaFw0yNTA5MTgyMDIwMzdaMGkx
CzAJBgNVBAYTAkNBMQswCQYDVQQIDAJPTjEQMA4GA1UEBwwHVG9yb250bzEPMA0G
A1UECgwGUmVkSGF0MRcwFQYDVQQLDA5KYXZhTW9uaXRvcmluZzERMA8GA1UEAwwI
Q3J5b3N0YXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6EMl3NFJU
GUqp6p6kCprtEI1YD67/yu9GH+3zQjsXK7NafpLqBKXvzLo8tvVRqpAFN6c3CALS
4tlBf42myZAGuedpjyxc8RjqcUu4tFts+GzwpWHig+9ZZfOP1yg//uUVLgWAO+rj
WWRnyCLuEBZV26o1k8LH7jfrtyThMhhBsdBwOHcebCnoPaFErEiu44JgvKtW2jwK
POezBraKdZraTeG8GL6vukDLtmGy5jQitrhu9H4hQrXoJdgZ8jfz4/piLEAidChV
xGiblI8hssLSQAxeSjpWnlPGYorStFoPRXgwGS95qIkSybq0tmR5pvFkZDwuQKcC
V6T+BXGt1iVaoxV/bxvYGcGKpB6vG/CN5BOlU4EQsHsN9q4n9c4LhLxFFQvm3yqb
uoADPxhl0s3pFPa4COcvOysP7s58k65DbjYxn7PRwY4DjVxB1cefWBzgy5EPd0u8
x4LH/TWOMizQRGQbnKxWbR00L6rPCSJLQhv80KDGsFMjkrZipIfn+1TqptR0UdeB
srNUEPrDM1p+2MEuFYoknE9jkQrPePbcxV3g8iNgWUc+pBm/OoECVkBqK7Kqi+96
DB0BqJpP0Y04BES38G5NF7Ie4T0QkeXjLSQYrcGIYLycfM4zVlcLXvzYmuBnIsCz
hUDDGkBVov7rRJRfvdTPivYE4EVdq5WRlwIDAQABo2QwYjAdBgNVHQ4EFgQUDWDt
Hiz3Ai5ctKL0JaAHGo5QJOkwHwYDVR0jBBgwFoAUDWDtHiz3Ai5ctKL0JaAHGo5Q
JOkwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHREECDAGggRhdXRoMA0GCSqGSIb3DQEB
CwUAA4ICAQBaTaJSHvhtePmxg6cnoIRFXAQtLnMbltYkRYljtGqlnNlF0KvpoOLW
v+pBDuNXuQ55OpWsOcGQPWGtfH3dqQIepS3wlaZxaxWWs3Lv+qp0Ey2vQ28qZit1
3sWlImsmb0iaHCLh79PRE+4onLlTJPGTVpXQK+WPFDZ3hhBYv1lKdeK3gMlSwVNy
LmPcsSLMT1Vggw3NzQmb6uk5BTK035DwaEBEFQU9/z+ikEB/FXjJmqApCYV6OD/A
d6wfXtUMlloH1MH0ubK2WGAntPJMzsgmyw0tPmzbNvZuSLo6fqWyi6aoJ+OpF0YJ
kxhZ9rOmtMVA4zPkkcwPB//JFCL2gEkcQc/6w1Qj46uluu8eqNldcwBEmHk3tNFN
wYupiLyNDauThtHSIAReUewxC6I0Lhv9MH1lPqWh24tLI4EUj0F33rCqc0cKGo98
cBehHbUjdWe0mCUoA4QOJDa0rI4ZqeB7+cCylno+m7cQksnDtlG5hZDUNUWfILba
QIWNO1cnjNyS3yhw1sIBNcB/hMDCKaEuGpRvGs+mgbWfyBBHa+JVU11r0PeHwBy9
msvzJpupWO1Wc8CX2pZIiIdFm7WKeDxC7DzLvbh3GskJ54Dt/0C3/XAwqc6xW50u
jvliYrAliNc3qT8AK/g6V+z5RhNNIa9z3zJcsJ2i4DRagVXiL1j23g==
-----END CERTIFICATE-----
generate.sh: |
#!/usr/bin/sh
set -xe
CERTS_DIR="$(dirname "$(readlink -f "$0")")"
openssl req -new -addext "subjectAltName = DNS:auth" -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out "${CERTS_DIR}/certificate.pem" -keyout "${CERTS_DIR}/private.key" -subj "/C=CA/ST=ON/L=Toronto/O=RedHat/OU=JavaMonitoring/CN=Cryostat"
private.key: |
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC6EMl3NFJUGUqp
6p6kCprtEI1YD67/yu9GH+3zQjsXK7NafpLqBKXvzLo8tvVRqpAFN6c3CALS4tlB
f42myZAGuedpjyxc8RjqcUu4tFts+GzwpWHig+9ZZfOP1yg//uUVLgWAO+rjWWRn
yCLuEBZV26o1k8LH7jfrtyThMhhBsdBwOHcebCnoPaFErEiu44JgvKtW2jwKPOez
BraKdZraTeG8GL6vukDLtmGy5jQitrhu9H4hQrXoJdgZ8jfz4/piLEAidChVxGib
lI8hssLSQAxeSjpWnlPGYorStFoPRXgwGS95qIkSybq0tmR5pvFkZDwuQKcCV6T+
BXGt1iVaoxV/bxvYGcGKpB6vG/CN5BOlU4EQsHsN9q4n9c4LhLxFFQvm3yqbuoAD
Pxhl0s3pFPa4COcvOysP7s58k65DbjYxn7PRwY4DjVxB1cefWBzgy5EPd0u8x4LH
/TWOMizQRGQbnKxWbR00L6rPCSJLQhv80KDGsFMjkrZipIfn+1TqptR0UdeBsrNU
EPrDM1p+2MEuFYoknE9jkQrPePbcxV3g8iNgWUc+pBm/OoECVkBqK7Kqi+96DB0B
qJpP0Y04BES38G5NF7Ie4T0QkeXjLSQYrcGIYLycfM4zVlcLXvzYmuBnIsCzhUDD
GkBVov7rRJRfvdTPivYE4EVdq5WRlwIDAQABAoICAAdwrADgDu0dkcm9/8spc8zh
w468GdBREHfqYPANCIkPQbDvRl3YAvA8bIBvBHVxvFtcQIuuMbnpdKyIA2Vu9YGY
8qYnu0UAJj604Kupf2czfw+xKhSnsYaoN/2n3QxdQewysE+fYolMX5WmABeRSlAm
l38xW5f11tCbIzAwegQ7R81xxJM32gXwwoxMPOyZXL/hHqzVAl+abd1pYE7X3KUf
RiG1j5jXrS2ekZHyXvu5+Ls4ry545dM7NPf2PClWRwKgwfPFJBooRdKRNZcwXomP
vBVGvJLbULHdhBWTo28TsdzVtPtImcQuXHcYPM5Mgz/AOyCfJZtHXx0CB+vemBTr
hZMUBtzcuf+zhHCNtYD6POtXe/fX+2zKPq0BjgY8Ssx+cv3J8Q7WtKLVfjbf5b07
k3nZKphZ5Mrh3bmnGIqw9Br3uhdhQ3733LqDaFIeSX3vcDQ++ER1tSltiTKID6k0
uU0w7m1xYjLJrgu3Vl1WY8rboOB4h3jz59J6qCe2ideiYuvSYmpkhwSi0RvFM3Ju
7GyB5z2TOZm3pznAOu9G+49dFaCRds5qevCT0/YfU8phOsMfabNZCyqoLFIrWTG/
DG0lrQgpqPizWEH9FweYAQkkfNop24lPVpMvwQ/SQRFPgNQVRaIA98O7gsSRSGV6
/cWi3vi17YqiVtvKgYFBAoIBAQD6twWARbbsOnfQdMfZqfLnKdjM1QqoLAFkSLaG
OOW61iTZnqPjpFUYhsSgy6ue1J4AVu1p8jyg/WqVPs6sAmcBGp9G6iVRK8lFUuz0
IifdYZWSfpQgEpOHMAkuKz/rSIgBPdtXYTGZjtHzC/gP1l7PiJQS4GVGFXXVoHNx
usoNF1jtgjJ4008qFqbNcKJU0A9Y9GBjjkkEjt0ZWTXx4r6JMHwbtyrGCs4I/WZt
Vlhyrkgmj63HE9KSBOhTMsHxGYCrvsUHLgT17Ccvra8PgBNUFI5FvM6gXjJpnNxZ
xJJ4UHUGCl3s8WE9UtsyiS468Iuvo3R3YnaDnhAsm17NahE3AoIBAQC9/OLtan0f
VmIjQ+ketkD7/E2NKs88DpP6wlvJCrmtHegnoIE8TmuK6XvWGBix7kfse8gOsAcC
oZ92nOAEQVgC3PEtwqsxaCn4vmhY12Rt+P25dYdb3LTtZ2cdZxo0J+8iN9zXUKfs
CFv1JiMr+A+ym2o0Wb2DpS4uK9ZgyghuIy09XDN1MhLecHKM2Ye0PYhVkuksDyw3
ukJkxHj5A1MrlhnFJwWVBDj+YpkfP+zf2QEn8ErN4c/2z3fcqjPIU6VY+auC1md7
C+9q+aHj/FwauTCokicSl6mViekiVVyAccenxh0+8SwpyTljg808ZLGU+ZxM5K7d
5kBS2LxxnDKhAoIBAQCcuKG4sFuLSXUyGn3/Ayxy8gay7A2QWIm6LXXja1e3tjss
yez61PPYtA3f0dEDJTdrUOtxydm6bQ8eIjfA8HOBDio4gw82sV9MdWznox42VdTQ
0U04y0PrQszKToDTS/CwjgE5mukNa2i0PGwhQkjcBC1Dq3/DEpEpK/ZeRnwdONX/
Cd8RBk47KhO04k6nI7QkUAac1QmxzrhJKyn8fVfLnEJIdPRI/eITXouTl2EMtwMl
D7V6d1quqmCr+VOgqedz9HlnZo31SFyqgjCnSNFMQtk4oLCtMJTkzgg0GRvSF8E/
OGXEQpMdaVjaO0Rp1YoMDeo04pjg54KGz8ywLTh7AoIBAGThVeG47K1qIfwVwEAV
iFYE92zg8V8zYnIBJ9mNf2AkBDSebmEGRuZg6eeZres02i4A4A6ke2RzS4gg7nZz
9/a1OL8SofI/HCI/gIrD/EjEsHz8oh4uCEgS4tbi+y/8kGa8AOC3rCKRobp/QKfF
NRiim3cmu5GecPIFRvTn8igBN7FgNtag+xHv5XNSwlL7ZVwDARrrB5Cjr0Nwa8fV
cyEut4pPGRCySE0TL7k/KVkHEi0R07aUk+e67CtYmNxjReYD1IVJsXLNuJg16zdy
tble4i5wRJ0DuQF1VDxt1QtC3z//22Gjj860UWu8/Yp28TBohgzyVMPw0fDrsswk
o2ECggEBAO/t5iVzQGkOqkE38MgEXIVCKrnA+GR1oF1L4NCHpBx1JvBkdFA5ns7A
QiOiJdsgVJn4ZtTZSe1cnUKQ+UhWFBjsh58QJPa7EkzLeyxiiEkQFGUh0pFN9WS1
NF54mMJYA+kp4iVzr412Lwmpv9rlZO4S2l2rs/2AUwjcyziHDT9WvUx69VPDAwL+
4lEf3n8RCwUVI1OTaB+ipfJCur5e2yPOqjSyQuONYCQP7vo4MYJRKG6Xg+mdgQ3D
qyM2L7T2d1ckGGbtRuXA8Hi7vqnNv36QhwKu8NxEpQvhYUIT94D9wv6ffgwAxgUh
/7XbyY45tcssElla0KxEcA0NaX38tWI=
-----END PRIVATE KEY-----
kind: ConfigMap
metadata:
labels:
io.kompose.service: quarkus-cryostat-agent
name: quarkus-cryostat-agent-cm0
apiVersion: v1
binaryData:
agent-keystore.p12: TUlJTjFBSUJBekNDRFg0R0NTcUdTSWIzRFFFSEFhQ0NEVzhFZ2cxck1JSU5aekNDQ0E0R0NTcUdTSWIzRFFFSEFhQ0NCLzhFZ2dmN01JSUg5ekNDQi9NR0N5cUdTSWIzRFFFTUNnRUNvSUlIZ0RDQ0Izd3daZ1lKS29aSWh2Y05BUVVOTUZrd09BWUpLb1pJaHZjTkFRVU1NQ3NFRkducUdsSzNFY3B4YVh0TWcralRYWFpMK240ZEFnSW5FQUlCSURBTUJnZ3Foa2lHOXcwQ0NRVUFNQjBHQ1dDR1NBRmxBd1FCS2dRUTkxbFlsdkZvSCtpVFhqU2xwY2JxdWdTQ0J4Q1Y3RzdrOEFJcHdHTjhENUNaTm9IZnA4N1R1MU1YaldnWi9ONjJDWVZHaFhWWElPd0ROZFVzcVJ4cVhMSUg5clNQNnlFNXJnSnZYS0xRWitQMUR0TC9ncmJxN0xSb0ZrNi9MWnVPWWQzU1NLSmlJWkY2d3ZKTDBqUW5zZUpFWGhDQzh0TENmMkdLY2U1N3ZtWHZueTFtK0NhYVZOUVZRSnhkUUxJYlpFN29maG8zNTFTVUlMZlJLdFhSYnNwc0luWEJQWTFweEd0QU1EOEttUWs3S1JCSzVlcjFESG44SE14MkMvRWxtQXRJbTZFYW1RcWlQS3pvWTRVZ1B0Y295UHpUelNaZHNwMFl3WDNGTm4vSzd1cmg5dldoMFp2VjlPWitZdUJZMUhwcTVyMEwvTXlkYkdhWFdOUWN0TzkvS1g3eGJ5eWhNSFRpS1NlYXlIWWJNMENBZW9UQkQzdVdvM1J5REJJRDRJUENlVi9Edzl0Z1ZQQTBJOUM1QkRIWVFieDczN3N1d1g1TEgxeEhWNC9Jc1ZmbExZMHluSmRFbmsvTXBEb0d4Vk1KMXlaWHhFMkJpc0dFSWRiY29sbVlobDlNckU0ckliQSt1U3BsTEk1amFOMEgxaGdUYkpOdFAwU0FRbWJkREtOWm43ODFabVlXRW91eWVwTGlYUWRFcHRzNUxaelpERWRYa3ZUaGpScjNKc3lTZ2s5WWltNTRRcHJqRS9iSGR5Mm9ITklKb3AyRnlZb0FoT0ViWmM3WWtlOU5ZMmZuMGJyVU9WRm1KZG1aY2FTbEF3NjBNU2s3UGMzTHZjZEw4RjhsdHlqckJmSWNFQ2Q5dzM3SWpTV1AyVC9namZ2QlJoVm1YVFBCTE1JQkZpMGg1bEwrd2JaOEJPV2dtVDAzVk1CTDNjRmZXN1hyRHEwTVdxaTd1ZFhGQTBhanIxUmdCcDg4TWQ4NlljWUl2Y0RoVGVWbVJzK2VrSXgyNDBCVjg0aG9zb0lybEpIK2p2T0FiQ1NzUFN4R1BsNkh0Rll0U0dZZVhzVjVQVldCTUcxOEtaZ2IweUYvakJXMEhRamZDYVh4cFFXRE5LMlR5RzgrVnVDTFpEOVRQSjV3VjJPVmFMMTNFM2FFbzBiUFRCLytIMkQydmxuWFlJNGI5MzBiVS80TDhWOGRUejhMUmlJa0ZmdUEyMmZvSWhWUEhIZzNqYnRHbGRmSkFNMFJEbXl1aktxYXZmUWFPT1NHamUxME91d1IxZ0duN2dpTDdBQUhXOHErcHE5bmM3WUt5V05ueFFDZGdINk5kTVBwZElJY0pRUDdxTVF6bGNEa25pZjBwU3c0NVpJUmpBNEZYRVF6aHpKZUVjS3ZvV0FQeHNSaGRaUEcvMVcveldCSVgyV0Qrc3VQYXZITVkxSSt0MFhodHplMDVEb1JsRVBSWjloU3ZZOStBNzBqRy8yU25jejZkY0MzWEgwbDdmdTFFQ3dpeVVmczB2cG5qbHNpbEt4UGJjWDE1YUpKLzU0N3hNcnRDak9YRlF1dHdmblBPT1hDT09hODNLcGcrM1cxVWhtN2hKSEVRbUxrYVg4QWkySG1YaXBaNlQxQjFzbFN5WHZVQlFQdjN0WlJrdlFoUEtlOTkzWFAyeC9sY1FpdG9Ja2pnZlZYZ3hTMUFZUFNvVlNweWRIaGllUVRQL3lzRDBQU3ZOSVZEQmtwSkdkemV5M2VoYm5VL20zUllCdlgyY1dGSi91bGJCUHBIVnRPOGx4Q3FtdGE1U0JZMFBhUEUxNEVsY2ZEazFjb25QOEVDTmRMbUxKS3Ryam8vNy9Xb1JCYngrdnVGTnJzS1RSMHhjbHBuN0U3cFc2dThPQ2tnUTByTU9MVUl2d0I5REhlSko0K3d1VHNqaktORzcyN09wV1ZoNDU4NnpjQlBHN0ZVSFFkUS96OTJmL0xlQVpzL1FMS2hzMFB0elVkTGpIZjR4M0tJeHEyRDJtSU5wR1BjSUdSTTdPelZGeFBNVk5sQ1B4cWJ1TVpwMWZuMkJmQjNIbityQitUNHY5T1pGbVpTUnRTMmJORUxoSFdLeEdyNDMyYXlZVUxSekNxeWxBR2NRQWZIdmdXbXRzd3kzQlZaNmJ0OHZMYS9sYzBmdVdTSDk0YUhEUXUvSnhBVzlSWDJlTVM0U2psNUo1ejJhRXNLN25TMjJtNUdiOU9ZaDdQeVIreVZlSUNwaVM0ancvQWE2R29IbkxFbzY4eFFGOWJwZlFtemVSVHU5NC9aaXlHRXF2eVAzOGJsSWVuYzZ2RHNPTHBDU2VadDBtY3RwUmtMWUp4cWJrTW41VmFLU0NCOHAvcVhHTFFkbDlDUE9ubmhLeWNyWlB6SlJ5S2xHb01INkJja1JRUzdXV3ZKMS8xVDMrZUY2MUlFMldQNkRocytzNERFTXhPRDdPQzUzamNISlREMDVlNnBWWHBCZUFZNUY2Qy84S1JTYmJ1d0tvT1NPdGNoaHlGZ05mMWtpWnRCa3RvdTlqV1EwaGZQWk80T0V4eE1xbzEwRUpTQklsVitoUDBPcG1HWDBSNU5WS3hxVFlNYmhmS1pQTWtkdDFpc2tsb2NpbFJ1dUJCT2VXQ0lBNWtlODZ0aWFqQlViS1NtNjVBTGZZUjd3TWEyVHZLajJ2RkRLK1MvTEY4OVEzRkNneDkvYVl2S3lpYk9NdE85WjcvUmFlMlpxVTQ5QWNXZEFmRkl6OXlJejRNVHNZSDIxZnNRd1VXeUpMaGYzREc5L0tRY085dzZ3THV0RWtEdUZFVTBZbVZqNDdCai9hOGhYT3Z5T1pmN0pKbFovR2M3cW54clV0YllicG1Hc25uY291akdPWGMrVEdOekpscUFLeUswd3R5cGFnNm1mdTFYMHg5bHByblBFRXNsSXorTXlTZEJ5RmRqaGF2MHpwWnVPMDh3TGVaeDUvUTdpVVZPemtqT3ZzUUU0dmsvVTZ6V3JpRFlKVGpFZXcwNW96NGxSSEUrc2ZIcml3dXUvMkxpYk1CcG5IYU96Mm1rZlFXYzYzc2Vkb0duTWpHT1JxTXcxWXhNdS9WZVlMcm4zN2ticFNHTVUyUG44eUVlUDVxek5ucFdQeEMzdlczcU5aUVZxWFIxRVBPNWdlMU1oR1dwazRkcjQ3d3hVWnBhcjEzd1ZsYWJUS3ZmT0hUQUR5enJLMm03cmIrS0VnVW04VUNJT2dreS9BK3JqRmdNRHNHQ1NxR1NJYjNEUUVKRkRFdUhpd0FjUUIxQUdFQWNnQnJBSFVBY3dBdEFHTUFjZ0I1QUc4QWN3QjBBR0VBZEFBdEFHRUFad0JsQUc0QWREQWhCZ2txaGtpRzl3MEJDUlV4RkFRU1ZHbHRaU0F4TnpJMk5qa3dPRE0yTWpjM01JSUZVUVlKS29aSWh2Y05BUWNHb0lJRlFqQ0NCVDRDQVFBd2dnVTNCZ2txaGtpRzl3MEJCd0V3WmdZSktvWklodmNOQVFVTk1Ga3dPQVlKS29aSWh2Y05BUVVNTUNzRUZQQjU3WG1iVHc0ekVrMFNrSWxKaFdHUkhTQitBZ0luRUFJQklEQU1CZ2dxaGtpRzl3MENDUVVBTUIwR0NXQ0dTQUZsQXdRQktnUVFVZEI3ZklqN2ExdHZCSG9sWTlQdkhJQ0NCTURFKzJDcmJrVENpLzN4ek5ERGhXSGExbkE4YnVNOXNpSUZlUTJKelJlU0RnMC85WFhJMDZPa3JrUFZLV1NMSUdmc3hHdVFHY3ltYm5vaE0zZjRFZ1BWWSt5bC9PZlIyTlpVajYveWMxV1JxeFpJdFZTUndPNmxkQlp2SWFSSE8xektndCtkVGRrUUU0aUowcm52aFBNaVlYSDMweFh1Z0Uzb2lhSHV4RlJVd2tvckhqMVRocVBrN1ZMbThFSldMSnpOaTR2dngzUGkreHdMNzJpL3g2eldIclB5WUNiaGlzWDdCL1U3dGs2R0pFemh6YUdUZXdFbzE1MFFDUGNwZDZiRzBYRFNZaENwdUZrMDVPaW9YS2wzc0xpQWQ1aW1qU3JGZng0N1Nxd0s4SlRCazFmb3QrRmtUMUh0MkhsdXpBMWxGNHVEQ1BkN0w2NitWQTA1ckFmNGZwNXFvVnFNV2dzbUdCUC9lWk93SHhpS3ZLRmQ0aGtnWERPN1h5UW9ZYXE2SzVEdVdPTjZUVzlSOUR3U04rRUFTOVFjZDUwR0czU2lyT0E0UE5ST2xkd2lITVNnZmV2bnRiWFlpNXFxQ1pRRVRqZVdFRElXRVJRa0IxaEpoUVdVaXN0aXFod2NkUVpKUi9KYjVMeEhvZGNnUDM2aWRvd1R5N0lYZXpLdFdLdFNXb0VkRWVkTTk5RFVXTzVpODV6TEJ5ZDNQQmRHWTRCaDlsbm9qRWJOdHpwbWtndUswd1RjblFVcWU4bTJOdkRpVEdYL3hnMVNqKzBhV0EwM2gzak9GOXhnOTFGL2YyTWYxSHhZVWtreTJFOGlZbDkyZXppM3pMWkpDc0hVcE0wZ2tWN0E2b3poOHRLdS9KNDFvdHN1OG1vejNBUWcvaXhyUG5HK0U2ckNYMDFtUUlrenZJckFZcGNISWNxOXZsMWJxc1NXdlpTMDcxcWFTbjJzUW45QnBsWlNUdVZWTEdISGtKZFZyOFlZVzJUQS9EQ0ltK0FENzRYMXNqaVExQU1TcC9BWTl0Y21iaGJZL2RtT0VZNXZJRzlUTUt3ZzdvK1dzVTFRNGxoRExrZnNyOGZvYUs3Qk81dHd3UlRXNytKYjdqdEZ4bzJiby9yZHdrc2VHaGF0STFnMDRGRW5pclFYTGg0T2NoMm5XUExsSUZkSi9EcG8xRjl6M2ZwQkFLYThnd2xrVVJrSzdwOVBxR3lFbjd3UGo3NGlhVjNrQUEzb1lIVFJTT1FuNlNRcnRxOFpOK0VOR2lFTWs0aHVEOXNkWU9Qa1JBSEhMSG5BaWRHZUVQd2ZFY3pkNHA5MGZRUS8rRGNHVTZjZndwem5VSHU1bXBhdWdrVWVKY05KVXpRRTBsb1ZZbDF4ZzNZVFUwQktvQXlyU2EzS1Y4b2Q1R3RsR2FZRkpQaWNpR3RkVUJaUGREclhuTHpJZUl6RXpWdW91blZXc2J1ZzdBc2pTNk5VYzJaRGx5TzJzcVhFV1o4Rlc4ckQwb2MwZVNKNUlMTGo2dzdjcjBqajA2V1kxTHFMQlZjZU1zR3lnMVBUejljNFBGMGpGdzBuK0FzVjdTSXFqbnhuUUtpVnlGMWRCZEZPVGk1TEpkQ1p4emxGTUVJM2dYMHI5djhtNE1lSWJRbTdPRzczVGxzT2Z0bHJ5V0FOaDQ2VC9CU1lDWnA2TEZ6RWdzV3A0QUVjdGFnZVJTeGRlRFdITFBRN0RsT1M3RXhPU29ScUVrZEl6MEowK0V2clRWMlFkUUJpQnJNSWs0MTdpS09IenptZkdHV2M4aytYa3VEd0xIVDA3K1FBa0cyTUplUm01ZFBlOHNTUVlhSUg3Q0VxRnE2am1yZDdlOU0wOEdtcHlCUUEraTFPaElpTkJTWm4rSk1LTWlXVkdqSzkyU1VzQmYzRFgzL0UzYW12UWJJanJ2SVI4U1dNRTRqcHNqamNtcGpHRDdiODV2ZFNIcEN0UTdPSzV6V3J6amIyK2gzRmZBK1dBZGtpd1BjeGE1MlVVQ3MyaTZqd0pTRklaWm9VQTFUYmpIdlJpcWZJTEJlemVxdzRRU0ZYRFFtQldFeE05M2VlSGpxVDVDN2pVaUdWNXF4UE1LOW9iandKZTN0OTVueVVzZW84MTN4Z3U3blExSVNmVUEzRWpaVjhyUjhaTUUwd01UQU5CZ2xnaGtnQlpRTUVBZ0VGQUFRZytITGpyZVJzOUpIMlVDYkxlS0F0QVgzbFVWWmFQTUlMZ0x1ak9wclNPNWNFRktKcmRlSXlBL0dIandoaE5WcmM2TjR2NkJObUFnSW5FQT09
agent_server.cer: TUlJRUpqQ0NBbzZnQXdJQkFnSUpBTzU5ZEJ2ZVRORldNQTBHQ1NxR1NJYjNEUUVCREFVQU1FRXhDekFKQmdOVkJBWVRBa05CTVJFd0R3WURWUVFLRXdoRGNubHZjM1JoZERFZk1CMEdBMVVFQXhNV2NYVmhjbXQxY3kxamNubHZjM1JoZEMxaFoyVnVkREFlRncweU5EQTVNVGd5TURJd016WmFGdzB5TlRBNU1UZ3lNREl3TXpaYU1FRXhDekFKQmdOVkJBWVRBa05CTVJFd0R3WURWUVFLRXdoRGNubHZjM1JoZERFZk1CMEdBMVVFQXhNV2NYVmhjbXQxY3kxamNubHZjM1JoZEMxaFoyVnVkRENDQWFJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dHUEFEQ0NBWW9DZ2dHQkFOUkVyMXdhQm9qRWRBb0xVVzUwQjQ0UCszZW5vajVHaFJqS0RkcFZETUFkYWo4anQraDhJK3l3Q1VyampqcU85SzZHTTJHdHJWL0Q3UUVoTFp4S3ZuTUNMT3ZoOFhsWXozKzFRZTNKcjcyMWlqQzVvMUppS1B2MS93cDhNajJhWko0Q0xIaEhKdFoveDV5SmpyUFUyM2l2WkhPMWc4Q2hvY0VvaExlaEc3amo1dkJvRVBOb3lXSmNYTUVneDF6NFZaS0JuZ3k5YVdsWE5SaVBoQ1RudUw5SXNIT1NVQ3U4aHNDT2Q5dUhHM2RZU1Y4cVMzbnpUY1lBYjJLYkgrS0JzUWZmNXJpdmVDc256NVFTVHNLMzVWeVZWRUZudy9XTHc1TTN4aWFXTTEybWxPWG5LcmFmakRDejgrbDJ6b2FMTlk0NFJUWXBIUjZlaFhjYUNNTU1CQkl4WDIrSDl0RXlGaVU1U1RsbWo4c25sRENMcXd6cGx4UzBJd2xaanVSTkdYcUFsWmlld09NdTZ3T0FTajRzd2UwSWhoRmtDNm9RVzNXODFwQXU3ZTIzS1htbWNGMXYvU2gzWGtEYWRvYUpsWlg3U3pEc01IMU9TNy84S2s3NE1RZzRGRUN3VnVVdERYaUNYbmpVVllyZDNqdUxYQTFaRmJUQ3RJYm5Ld2xFZlFJREFRQUJveUV3SHpBZEJnTlZIUTRFRmdRVUlFYytORmd5c0JucGpTUjdGR2FGRisyVG5vMHdEUVlKS29aSWh2Y05BUUVNQlFBRGdnR0JBSndiT092WkIrU1RpMnV6cG5qV0tQQ3RtZ0ZDR3g5WENhQUtSTHFpRU9qbWs2S3I4NEpJUFEwUWdtQzZ4UjljVlUwMnY0UmkxQ0pxa2RvOXYwVGdTRGhYbGhnWVNBbW5FUUx5QnVBMXlidVliUDljdGh2enZ0VzdGc0NQMmEybE1UUXo0dWFyL2NQQ3FrTkV5eUQwUmFwdUU4QmdUT0p0cmpMcVgwcWlaVXR5VDBYNFBhWC9oM2VvN1g3NTFQWVZJQ1k2Y2dXeE8xNy96amgyR2RMdE9sM1NOWkQzMERkYStGR1dCQk1BdUJHMm01L0tPbG9OV1BYWmZkWHNnWjFJZUtzWVdNanFvanU1dWd1ZStxYmtadTF6UWM4K1FwZ1BYQmZNQ09FOVBNSE1jZDVsVFR0UDlLaXhNb3A0VGhCd096d21wUkh4L3NQRlRvTFJTaEZtQzZvdGlGWHZweWFmQUN0SnptbEVPWjRRVVJWRHQwMTZEcmpFcHhZTXZRY2RockhKbFhMYU9WS1VYYVZpUWFVcmJEb2tXd3grK05XM3RLeVBqZExheC9lVUsrMmJMenNIcWxGN0owUEVKZjBac205VnE2VTJHTkVtaytPOXl3RVpPOGtFK1Q4eExFdVBOMEJuOFQxSWVQQjlTRmhHaUVhUHhWM0hEbzNKT2RkVjRBPT0=
data:
generate-agent-certs.bash: |
#!/usr/bin/env bash
set -x
CERTS_DIR="$(realpath "$(dirname "$0")")"
TRUSTSTORE_DIR="$CERTS_DIR/../../truststore/"
SSL_KEYSTORE=agent-keystore.p12
SSL_KEYSTORE_PASS_FILE=keystore.pass
AGENT_SERVER_CERT_FILE=agent_server.cer
cleanup() {
pushd "$CERTS_DIR"
rm "$SSL_KEYSTORE" "$SSL_KEYSTORE_PASS_FILE" "$AGENT_SERVER_CERT_FILE"
popd
}
case "$1" in
clean)
cleanup
exit 0
;;
generate)
;;
*)
echo "Usage: $0 [clean|generate]"
exit 1
;;
esac
set -e
genpass() {
< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32
}
SSL_KEYSTORE_PASS="$(genpass)"
cd "$CERTS_DIR"
trap "cd -" EXIT
echo "$SSL_KEYSTORE_PASS" > "$SSL_KEYSTORE_PASS_FILE"
keytool \
-genkeypair -v \
-alias quarkus-cryostat-agent \
-dname "CN=quarkus-cryostat-agent, O=Cryostat, C=CA" \
-storetype PKCS12 \
-validity 365 \
-keyalg RSA \
-storepass "$SSL_KEYSTORE_PASS" \
-keystore "$SSL_KEYSTORE"
keytool \
-exportcert -v \
-alias quarkus-cryostat-agent \
-keystore "$SSL_KEYSTORE" \
-storepass "$SSL_KEYSTORE_PASS" \
-file "$AGENT_SERVER_CERT_FILE"
mkdir -p "${TRUSTSTORE_DIR}" && \
cp agent_server.cer "${TRUSTSTORE_DIR}"
keystore.pass: |
UD-0ecxeZVb3IaiVpuOcqtsi7NHtN3LV
kind: ConfigMap
metadata:
labels:
io.kompose.service: quarkus-cryostat-agent
name: quarkus-cryostat-agent-cm1
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert --out kompose/ -f -
kompose.version: 1.34.0 (cbf2835db)
labels:
io.kompose.service: quarkus-cryostat-agent
name: quarkus-cryostat-agent
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: quarkus-cryostat-agent
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.cmd: kompose convert --out kompose/ -f -
kompose.version: 1.34.0 (cbf2835db)
labels:
io.kompose.service: quarkus-cryostat-agent
spec:
containers:
- env:
- name: CRYOSTAT_AGENT_API_WRITES_ENABLED
value: "true"
- name: CRYOSTAT_AGENT_APP_NAME
value: quarkus-cryostat-agent
- name: CRYOSTAT_AGENT_AUTHORIZATION_TYPE
value: basic
- name: CRYOSTAT_AGENT_AUTHORIZATION_VALUE
value: user:pass
- name: CRYOSTAT_AGENT_BASEURI
value: https://auth:8443/
- name: CRYOSTAT_AGENT_BASEURI_RANGE
value: public
- name: CRYOSTAT_AGENT_CALLBACK
value: https://quarkus-cryostat-agent:9977/
- name: CRYOSTAT_AGENT_HARVESTER_EXIT_MAX_AGE_MS
value: "60000"
- name: CRYOSTAT_AGENT_HARVESTER_EXIT_MAX_SIZE_B
value: "153600"
- name: CRYOSTAT_AGENT_HARVESTER_MAX_FILES
value: "3"
- name: CRYOSTAT_AGENT_HARVESTER_PERIOD_MS
value: "30000"
- name: CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_ALIAS
value: cryostat
- name: CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_PATH
value: /auth_certs/certificate.pem
- name: CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_TYPE
value: X.509
- name: CRYOSTAT_AGENT_WEBSERVER_HOST
value: quarkus-cryostat-agent
- name: CRYOSTAT_AGENT_WEBSERVER_PORT
value: "9977"
- name: CRYOSTAT_AGENT_WEBSERVER_TLS_CERT_FILE
value: /certs/agent_server.cer
- name: CRYOSTAT_AGENT_WEBSERVER_TLS_KEYSTORE_FILE
value: /certs/agent-keystore.p12
- name: CRYOSTAT_AGENT_WEBSERVER_TLS_KEYSTORE_PASS
value: /certs/keystore.pass
- name: JAVA_OPTS_APPEND
value: -Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager -javaagent:/deployments/app/cryostat-agent.jar -Dcom.sun.management.jmxremote.autodiscovery=false -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=22222 -Dcom.sun.management.jmxremote.rmi.port=22222 -Djava.rmi.server.hostname=quarkus-cryostat-agent -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=false
- name: ORG_ACME_CRYOSTATSERVICE_ENABLED
value: "false"
- name: QUARKUS_HTTP_PORT
value: "10010"
image: quay.io/redhat-java-monitoring/quarkus-cryostat-agent:latest
livenessProbe:
exec:
command:
- curl --fail http://localhost:10010 || exit 1
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
name: quarkus-cryostat-agent
ports:
- containerPort: 10010
- containerPort: 9977
protocol: TCP
volumeMounts:
- mountPath: /auth_certs
name: quarkus-cryostat-agent-cm0
- mountPath: /certs
name: quarkus-cryostat-agent-cm1
hostname: quarkus-cryostat-agent
restartPolicy: Always
volumes:
- configMap:
name: quarkus-cryostat-agent-cm0
name: quarkus-cryostat-agent-cm0
- configMap:
name: quarkus-cryostat-agent-cm1
name: quarkus-cryostat-agent-cm1
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert --out kompose/ -f -
kompose.version: 1.34.0 (cbf2835db)
labels:
io.kompose.service: quarkus-cryostat-agent
name: quarkus-cryostat-agent
spec:
ports:
- name: "10010"
port: 10010
targetPort: 10010
- name: "9977"
port: 9977
targetPort: 9977
selector:
io.kompose.service: quarkus-cryostat-agent
I haven't actually tried deploying that, but it seems like at least a reasonable starting point. I would rather build something based on top of that automation and applying some patching as needed rather than hand-crafting some more k8s manifests that need additional maintenance attention.
Describe the feature
For purpose of testing Cryostat on k8s environment, we would need to deploy these applications on k8s. I have been using the samples in the operator: https://github.com/cryostatio/cryostat-operator/tree/main/config/samples
I think it would be nice to have a similar single
deploy.yaml
here so that we can run, for example:Anything other information?
No response