Chapter 1. Overview of automated rules
You can use automated rules to enable JFR to continuously monitor a running target application. You do not need to restart or redeploy the application.
Continuous monitoring event templates exist in Cryostat that you can use to create automated rules and templates. By using continuous monitoring event templates, you can reduce any downtime for specifying a JFR to continuously monitoring an application.
You can define automated rules regardless of whether you configure your target applications to use a Java Management Extensions (JMX) connection or an agent HTTP API connection. For more information about configuring your target applications, see Configuring Java applications.
Consider the following guidelines:
-
If your target JVMs use an agent HTTP API connection, ensure that you set the
cryostat.agent.api.writes-enabledproperty totruein your target application’s configuration. Otherwise, the Cryostat agent cannot accept on-demand requests to start, stop, and delete JFR recordings based on automated rules. If your target JVMs use a JMX connection, before you create an automated rule that applies to multiple target JVMs that each require JMX credentials, consider storing credentials for each JVM on the Cryostat web console. Storing credentials ensures that your automated rule starts, because Cryostat maintains a connection with each target JVM. For more information, see Storing and managing JMX credentials (Using Cryostat to manage a JFR recording).
When your target JVMs use a JMX connection, Cryostat stores JMX credentials in a
keyringdatabase. In this database, JMX credentials are encrypted by a user-provided passphrase that Cryostat supplies with thePG_ENCRYPT_KEYenvironment variable.NoteFrom Cryostat 3.0 onward, the passphrase is supplied through the
PG_ENCRYPT_KEYenvironment variable in the Cryostat DB container. In previous releases, the passphrase was supplied through theCRYOSTAT_JMX_CREDENTIALS_DB_PASSWORDenvironment variable in the Cryostat container.When installing a Cryostat instance, you can specify an encryption key manually by using the
spec.databaseOptions.secretNameproperty in the Cryostat custom resource (CR). Otherwise, if you leave thespec.databaseOptions.secretNameproperty blank, the Cryostat Operator generates a key automatically.
