Buscar

Este contenido no está disponible en el idioma seleccionado.

Chapter 2. New features

download PDF

This section describes new features that the Cryostat 3.0 release provides.

Cryostat DB container

From Cryostat 3.0 onward, the Red Hat Ecosystem Catalog also includes a Cryostat DB container image (cryostat-db). When you install Cryostat by using either the Cryostat Operator or a Helm chart, the cryostat-db container is also automatically deployed.

The cryostat-db container provides a lightly customized Postgres database. Cryostat now uses this database for storing information such as the encrypted target JMX credentials keyring, Automated Rules definitions, discovered targets, and discovery plug-ins.

In previous releases, Cryostat stored information such as the JMX credentials keyring in a simple H2 file-based database, and other information such as Automated Rules definitions were stored directly as files on disk. With the introduction of the cryostat-db container, Cryostat can now store different types of information in the same Postgres database.

Cryostat Storage container

From Cryostat 3.0 onward, the Red Hat Ecosystem Catalog also includes a Cryostat Storage container image (cryostat-storage). When you install Cryostat by using either the Cryostat Operator or a Helm chart, the cryostat-storage container is also automatically deployed.

The cryostat-storage container provides a lightly customized SeaweedFS storage solution that acts as an S3-compatible storage provider.

In previous releases, Cryostat used direct storage of files on disk for archived Flight Recordings and custom Event Templates. With the introduction of the cryostat-storage container, Cryostat no longer needs to use direct file-system access for this type of information.

Reverse proxy architecture

When you install Cryostat 3.0 by using either the Cryostat Operator or a Helm chart, Cryostat now includes a reverse proxy (openshift-oauth-proxy or oauth2_proxy) in the pod. Only this proxy is exposed to cluster traffic through a service. This means that all API requests to Cryostat and all users of the Cryostat web console or Grafana dashboard are directed through the proxy.

The proxy handles user sessions to control access to the application, providing unified access control and user sessions for both the Cryostat web console and Grafana dashboard. Both of these user interfaces are accessible through the same route and present the same TLS certificate.

When deployed on Red Hat OpenShift, the proxy uses the Cryostat installation namespace to perform role-based access control (RBAC) checks for user authentication and authorization by integrating with the Red Hat OpenShift cluster SSO provider. You can optionally configure the auth proxy with an htpasswd file to enable Basic authentication. On Red Hat OpenShift, this allows for defining additional user accounts that can access Cryostat beyond those with Red Hat OpenShift SSO RBAC access.

Support for customizing the route host name

By default, Red Hat OpenShift Container Platform automatically assigns a host name, based on the cluster’s default ingress domain name, for any routes that do not specify a host. Depending on your requirements, you might want to use a particular host name for the route that the Cryostat Operator creates for your Cryostat deployment. In Cryostat 3.0, you can use a new .spec.networkOptions.coreConfig.externalHost property in the Cryostat custom resource (CR) to specify a custom host name for the Cryostat route.

In the Red Hat OpenShift console, you can access this property when creating your Cryostat CR:

Example of configuring an external host in the Cryostat CR

Alternatively, you can create your Cryostat CR in YAML format. For example:

apiVersion: operator.cryostat.io/v1beta2
kind: Cryostat
metadata:
  name: cryostat-sample
spec:
  networkOptions:
    coreConfig:
      externalHost: cryostat.example.com

Once a route is created in Red Hat OpenShift Container Platform, you cannot change the route’s host name. If you need to change the route’s host name after you have already created your Cryostat CR, you must delete the Cryostat CR and create a new CR with the modified host name.

Dynamic attachment to the JVM

From Cryostat 3.0 onward, the Cryostat agent can attach dynamically to an application JVM that is already running without requiring an application restart. This dynamic attachment feature has the following requirements:

  • You must ensure that the agent’s JAR file is copied to the JVM’s file system (for example, by using the oc cp command).
  • You must be able to run the agent as a separate process on the same host or within the same application (for example, by using the oc exec command).

Dynamic attachment supports ad hoc one-time profiling or troubleshooting workflows where you might not need the agent to be attached every time the JVM starts. Dynamic attachment also suits situations where you cannot or do not want to reconfigure your application for the sole purpose of attaching the agent. Because the agent can attach to a running JVM without requiring an application restart, this also means there is no application downtime.

Note

In previous releases, your only option was to enable your application’s JVM to load and initialize the Cryostat agent at JVM startup. This requires that you configure the application to pass the -javaagent JVM flag with the path to the Cryostat agent‘s JAR file. Depending on your requirements, you can continue to use this type of static attachment to the JVM.

Support for launching the Cryostat agent as a standalone process

From Cryostat 3.0 onward, if you want the Cryostat agent to attach dynamically to an application JVM that is already running, you can launch the agent as a standalone Java process. This feature requires that you have already copied the agent’s JAR file to the JVM’s file system (for example, by using the oc cp command).

To launch the agent, you can run the following command, where <agent_jar_file> represents the agent’s JAR file name and <pid> represents the process ID (PID) of the JVM:

$ java -jar target/<agent_jar_file> <pid>

For example:

$ java -jar target/cryostat-agent-0.4.0.jar 1234

The agent process uses its Attach providers to look up the specified PID. If the specified PID is found, the agent process attaches to this PID and attempts to load the agent’s JAR file into this JVM, which then bootstraps into the normal agent launch process.

You can also specify additional late-binding configuration options to the agent launcher by using command-line options. For example:

$ java -jar target/cryostat-agent-0.4.0.jar \
-Dcryostat.agent.baseuri=http://cryostat.local \
--smartTrigger=[ProcessCpuLoad>0.2]~profile \
@/deployment/app/moreAgentArgs \
1234

For more information about the available options and their behavior, run the java -jar target/cryostat-agent-0.4.0.jar -h help command. System properties that you specify with -D are set onto the host JVM before the injected agent attempts to read the configuration values. This has the same effect as setting these system properties or equivalent environment variables on the host JVM process itself.

Red Hat logoGithubRedditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

© 2024 Red Hat, Inc.