此内容没有您所选择的语言版本。
Chapter 3. New features
Cryostat 2.0 introduces new features that enhance your use of the Cryostat product.
API permissions for the Cryostat application
The Cryostat Operator creates a service account and then configures the Cryostat application to use the service account. The Cryostat Operator checks the service account to ensure its permissions remain in sync with those expected by the authorization check.
In Cryostat 1, the Cryostat Operator applied its own service account’s permissions to a Cryostat application. This provided excessive permissions to the Cryostat application.
Automated rules
In Cryostat 2.0, you can use automated rules to enable JFR to continuously monitor a running target application. You do not need to restart or redeploy the application.
You could continue to enable always-on continuous monitoring for an application by setting JVM flags, but this method requires an application restart.
Cryostat 2.0 includes continuous monitoring event templates that you can use to create automated rules and templates. By using continuous monitoring event templates, you can reduce any downtime for specifying a JFR to continuously monitoring an application.
You must specify of the following automated rule definitions for an automated rule:
-
One-shot rule definition: You can now create a simple configuration of one-shot automated rules for your JFR configuration. The
eventSpecifier
property contains anarchive
simple string value. matchExpression
definition: Mandatory component of an automated rule that defines JVM targets that must receive an automated rule. Cryostat uses to apply rules to any JVM targets that match regular expressions defined in thematchExpression
string expression. Valid string expressions include separator, operator, and simple expressions.-
You can apply OpenShift labels or annotations as criteria for a
matchExpression
definition.
-
You can apply OpenShift labels or annotations as criteria for a
After you upload an automated rule to Cryostat in JSON format, Cryostat validates the definition file.
You can immediately activate a rule definition for any previous defined matching targets. You do not need to re-add or restart targets after you create a rule definition.
You can delete a rule definition by adding the HTTP query clean=true
parameter to your DELETE
requests for rule definitions. This parameter directs Cryostat to delete only active recordings. Archived recordings do not get targeted for deletion.
cert-manager
API
You can now use the Enable cert-manager integation toggle button on the Create Cryostat page of your Cryostat Operator to enable or disable end-to-end encryption by using cert-manager
for your Cryostat application.
Figure 3.1. The Enable cert-manager integation toggle button
Additionally, the Cryostat Operator now automatically checks that the cert-manager
API exists before it deploys Cryostat. This ensures that the Cryostat Operator securely deploys Cryostat. Depending on your needs, you can explicitly set the Cryostat Operator cert-manager
API check to disabled.
If Cryostat Operator detects a Cryostat instance that requires cert-manager
, but you did not install cert-manager
, then you’ll receive a warning event for the Cryostat instance on the Events page of the OpenShift web console.
Deployment scenario tree view
After you deploy your application on OpenShift or any supported Kubernetes distribution, you can display your Cryostat’s information in a JSON-formatted tree view. You can view the following components on the tree view:
- Pods
- Replicas
- Containers
- Endpoints
Endpoint resource watch
The OpenShiftPlatformClient
automatically enables the endpoint resource watch to set an asynchronous target discovery for your target JVMs.
Event search with TargetEventGetHandler
You can use the TargetEventGetHandler
to list or search for event types produced by your target JVM.
HTTP API behavior change
Prior to Cryostat 2.0, HTTP request handlers might override the default isAsync
method setting of true
when determining whether to install a handler for the Vertx server.
Each HTTP handler contains code that defines an HTTP API endpoint for Cryostat. The isAsync
method defines whether an HTTP handler gets handled by either a separate worker thread or a main webserver thread.
New environment variables
Cryostat 2.0 includes the following two new environment variables:
-
CRYOSTAT_TARGET_CACHE_MAX_CONNECTIONS
, which the OpenShift Operator sets to a value for specifying the maximum amount of open JMX connections. -
CRYOSTAT_TARGET_CACHE_TTL
, which the OpenShift Operator sets to a value for specifying the amount of seconds for caching a JMX connection before they close from inactivity.
The OpenShift Operator automatically determines values for these environment variables, so you cannot modify the values specified by the OpenShift Operator for these environment variables.
New handlers
Cryostat 2.0 introduces the following V2 handlers:
-
AbstractV2RequestHandler
that behaves similar toAbstractAuthenticatedRequestHandler
, but maintaining the overall response format among V2 handlers. -
TargetRecordingOptionsListGetHandler
that checks recording options supported by your target JVM. Use this handler before you create a recording, so you do not attempt to use recording options not supported by the target JVM. -
TargetSnapshotPostHandler
that encodes a target response in JSON format for a customized snapshot recording. This V2 snapshot handler also includes the name of the recording, the URL for the downloadable recording file, the URL for the automated analysis report, and much more.
A V1 handler can perform snapshot operations similar to a V2 handler, but a V1 handler’s HTTP response renders only in plain string format and only contains the name of the snapshot recording.
New event template available on Cryostat
You can now select the cryostat.jfc
event template from the list of available Target JVM templates on the Cryostat web console.
By selecting the cryostat.jfc
event template, you automatically enable the following Cryostat settings:
- HTTP request information, such as status code, duration, and so on.
- WebSocket message information, such as duration, message type, and so on.
- JMX connection status, such as opened, closed, or failed.
Pre-configured Grafana dashboard image
Cryostat 2.0 includes a pre-configured Grafana dashboard image for viewing your application’s metrics. You can also create your own Grafana dashboard image to meet your needs.
Cryostat 1 provided a Grafana image that offered basic customization by the OpenShift Operator during deployment of a Cryostat container.
Response status code message
Response status code messages for a ClientUrlGetHandler
error message now display in the front of the error message. This is the default setting. The custom exception message remains in the response body of the error message.
Support for client-defined connection protocols
Cryostat 2 now adds a mountpoint for a clientlib
directory, to which you can add additional JAR files to be loaded into the Cryostat classpath. This supports client-defined connection protocols as alternatives to JMX RMI.