{"id":19184041,"url":"https://github.com/cryostatio/cryostat-operator","last_synced_at":"2025-08-21T07:32:14.439Z","repository":{"id":37252745,"uuid":"209638979","full_name":"cryostatio/cryostat-operator","owner":"cryostatio","description":"A Kubernetes Operator to facilitate the setup and management of Cryostat.","archived":false,"fork":false,"pushed_at":"2025-07-29T20:26:48.000Z","size":2615,"stargazers_count":34,"open_issues_count":63,"forks_count":19,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-08-12T19:44:30.369Z","etag":null,"topics":["cryostat","go","golang","hacktoberfest","hacktoberfest2021","kubernetes","metrics","monitoring","observability","openshift","operator"],"latest_commit_sha":null,"homepage":"https://cryostat.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cryostatio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-09-19T20:02:38.000Z","updated_at":"2025-07-29T19:52:31.000Z","dependencies_parsed_at":"2023-02-19T12:16:33.152Z","dependency_job_id":"6f733f5d-a459-4c39-98cd-672f47a49dca","html_url":"https://github.com/cryostatio/cryostat-operator","commit_stats":null,"previous_names":["rh-jmc-team/container-jfr-operator"],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/cryostatio/cryostat-operator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cryostatio%2Fcryostat-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cryostatio%2Fcryostat-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cryostatio%2Fcryostat-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cryostatio%2Fcryostat-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cryostatio","download_url":"https://codeload.github.com/cryostatio/cryostat-operator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cryostatio%2Fcryostat-operator/sbom","scorecard":{"id":310080,"data":{"date":"2025-08-11","repo":{"name":"github.com/cryostatio/cryostat-operator","commit":"bb21ebc5142a9b2acb7a74db93fa5c3881230b2d"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.7,"checks":[{"name":"Code-Review","score":9,"reason":"Found 23/25 approved changesets -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":10,"reason":"9 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/dependent-issues.yml:25","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/semantic-pr.yml:14","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/semantic-pr.yml:15","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/test-ci-command.yml:52","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/test-ci-command.yml:91","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/test-ci-command.yml:92","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/test-ci-push.yml:41","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/test-ci-push.yml:42","Warn: no topLevel permission defined: .github/workflows/build-ci.yml:1","Warn: no topLevel permission defined: .github/workflows/dependent-issues.yml:1","Warn: no topLevel permission defined: .github/workflows/semantic-pr.yml:1","Warn: no topLevel permission defined: .github/workflows/test-ci-command.yml:1","Warn: no topLevel permission defined: .github/workflows/test-ci-push.yml:1","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/test-ci-reusable.yml:22","Warn: topLevel 'packages' permission set to 'write': .github/workflows/test-ci-reusable.yml:23"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-ci.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/build-ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-ci.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/build-ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-ci.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/build-ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-ci.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/build-ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-ci.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/build-ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-ci.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/build-ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependent-issues.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/dependent-issues.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/semantic-pr.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/semantic-pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-ci-command.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/test-ci-command.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-ci-command.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/test-ci-command.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-ci-command.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/test-ci-command.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-ci-command.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/test-ci-command.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-ci-command.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/test-ci-command.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-ci-reusable.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/test-ci-reusable.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-ci-reusable.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/test-ci-reusable.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-ci-reusable.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/test-ci-reusable.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-ci-reusable.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/test-ci-reusable.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-ci-reusable.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/test-ci-reusable.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-ci-reusable.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/test-ci-reusable.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-ci-reusable.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/test-ci-reusable.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-ci-reusable.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/test-ci-reusable.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-ci-reusable.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/test-ci-reusable.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-ci-reusable.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/test-ci-reusable.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-ci-reusable.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/cryostatio/cryostat-operator/test-ci-reusable.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:2","Warn: containerImage not pinned by hash: Dockerfile:27: pin your Docker image by updating registry.access.redhat.com/ubi9/ubi-minimal:latest to registry.access.redhat.com/ubi9/ubi-minimal:latest@sha256:8d905a93f1392d4a8f7fb906bd49bf540290674b28d82de3536bb4d0898bf9d7","Warn: containerImage not pinned by hash: internal/images/custom-scorecard-tests/Dockerfile:16","Warn: containerImage not pinned by hash: internal/images/custom-scorecard-tests/Dockerfile:36: pin your Docker image by updating registry.access.redhat.com/ubi9/ubi-minimal:latest to registry.access.redhat.com/ubi9/ubi-minimal:latest@sha256:8d905a93f1392d4a8f7fb906bd49bf540290674b28d82de3536bb4d0898bf9d7","Warn: downloadThenRun not pinned by hash: .github/workflows/test-ci-reusable.yml:148","Info:   0 out of  10 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  14 third-party GitHubAction dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:   0 out of   4 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T23:00:08.437Z","repository_id":37252745,"created_at":"2025-08-17T23:00:08.437Z","updated_at":"2025-08-17T23:00:08.437Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271444206,"owners_count":24760745,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-21T02:00:08.990Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryostat","go","golang","hacktoberfest","hacktoberfest2021","kubernetes","metrics","monitoring","observability","openshift","operator"],"created_at":"2024-11-09T11:05:57.371Z","updated_at":"2025-08-21T07:32:14.433Z","avatar_url":"https://github.com/cryostatio.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cryostat-operator\n\n[![CI build](https://github.com/cryostatio/cryostat-operator/actions/workflows/build-ci.yml/badge.svg)](https://github.com/cryostatio/cryostat-operator/actions/workflows/build-ci.yml)\n[![Test CI push](https://github.com/cryostatio/cryostat-operator/actions/workflows/test-ci-push.yml/badge.svg)](https://github.com/cryostatio/cryostat-operator/actions/workflows/test-ci-push.yml)\n[![Google Group : Cryostat Development](https://img.shields.io/badge/Google%20Group-Cryostat%20Development-blue.svg)](https://groups.google.com/g/cryostat-development)\n\nA Kubernetes Operator to automate deployment of\n[Cryostat](https://github.com/cryostatio/cryostat).\n\n## SEE ALSO\n\n* [cryostat-core](https://github.com/cryostatio/cryostat-core) for\nthe core library providing a convenience wrapper and headless stubs for use of\nJFR using JDK Mission Control internals.\n\n* [cryostat](https://github.com/cryostatio/cryostat) for the main API\nbackend to detect JVMs and manage JFR.\n\n* [cryostat-web](https://github.com/cryostatio/cryostat-web) for the React\ngraphical frontend included as a submodule in Cryostat and built into\nCryostat's OCI images.\n\n* [jfr-datasource](https://github.com/cryostatio/jfr-datasource) for\nthe JFR datasource for Grafana.\n\n* [cryostat-grafana-dashboard](https://github.com/cryostatio/cryostat-grafana-dashboard)\nfor the Grafana dashboard.\n\n## USING\n\n### Requirements\n\n- `kubernetes` v1.25+ with [`Operator Lifecycle Manager`](https://olm.operatorframework.io/)\n- [`cert-manager`](https://github.com/cert-manager/cert-manager) v1.11.5+ (Recommended)\n\n### Instructions\n\nOnce deployed, the `cryostat` instance can be accessed via web browser\nat the URL provided by:\n```\nkubectl get cryostat -o jsonpath='{$.items[0].status.applicationUrl}'\n```\n\nTo use Cryostat to monitor or profile Cryostat itself - since it is also an available JVM target -\nyou may use the Cryostat web UI to define a Custom Target with the connection URL `localhost:0`.\nThis is a special value which tells Cryostat's JVM that it should connect to itself directly, without\nthe need to expose a JMX port over the network.\n\n## INSTALLATION\n\n### OperatorHub\n\nThe operator's primary installation method is via [OperatorHub](https://operatorhub.io/).\nA more detailed installation guide is available [here](https://cryostat.io/get-started/#install-via-operatorhub).\nInstallation of the Operator without OLM/OperatorHub is intended for development purposes and is\nnot a supported release configuration.\n\n### Bundle Deployment\n\nThe operator can be deployed using OLM using `make deploy_bundle`. This will\ndeploy `quay.io/cryostat/cryostat-operator-bundle:$IMAGE_VERSION` to\nyour configured cluster using `oc` or `kubectl` (`kubeconfig`). You can set the\nvariables `IMAGE_NAMESPACE` or `IMAGE_VERSION` to deploy different builds of\nthe bundle. Once this is complete, the Cryostat Operator will be deployed\nand running in your cluster.\n\n### Manual Deployment\n\n`make install` will create CustomResourceDefinitions and do other setup\nrequired to prepare the cluster for deploying the operator, using `oc` or\n`kubectl` on whichever OpenShift/Kubernetes cluster is configured with the local client.\n`make uninstall` destroys the CRDs and undoes the setup.\n\n`make run` can be used to run the operator controller manager as a process on\nyour local development machine and observing/interacting with your cluster.\nThis may be useful in some development scenarios, however in this case the\noperator process will not have access to certain in-cluster resources such as\nenvironment variables or service account token files.\n\n`make deploy` will deploy the operator using static manifests to an arbitrary namespace (default to `cryostat-operator-system`).\n- `make DEPLOY_NAMESPACE=foo-namespace deploy`\ncan be used to deploy to a namespace named `foo-namespace`. For\na convenient shorthand, use\n`make DEPLOY_NAMESPACE=$(kubectl config view --minify -o 'jsonpath={.contexts[0].context.namespace}') deploy`\nto deploy to the currently active OpenShift/Kubernetes namespace.\n- `make undeploy` will likewise remove the operator, and also uses the\n`DEPLOY_NAMESPACE` variable.\nThis also respects the `IMAGE_TAG` environment variable, so that different\nversions of the operator can be easily deployed.\n- To obtain such static manifests remotely without further customizations, use:\n    ```bash\n    # Replace ref with any version tag or branch\n    kubectl kustomize \"https://github.com/cryostatio/cryostat-operator.git/config/default?ref=v2.4.0\"\n    ```\n\n\n### Configuration\n\nOnce deployed, the operator deployment will be active in the cluster, but no\nCryostat instance will be created. To trigger its creation, add a\nCryostat CR using the UI for operator \"provided APIs\". Full details on the\nconfiguration options in the Cryostat CRD can be found in\n[Configuring Cryostat](docs/config.md). When running on Kubernetes, see\n[Network Options](docs/config.md#network-options) for additional\nmandatory configuration in order to access Cryostat outside of the cluster.\n\nFor convenience, a full deployment can be created using\n`kubectl create -f config/samples/operator_v1beta2_cryostat.yaml`, or more\nsimply, `make create_cryostat_cr`.\n\nThe container images used by the operator for the core application,\njfr-datasource, and the Grafana dashboard can be overridden by setting the\n`RELATED_IMAGE_CORE`, `RELATED_IMAGE_DATASOURCE`, and `RELATED_IMAGE_GRAFANA`\nenvironment variables, respectively, in the operator deployment.\n\n## SECURITY\n\nBy default, the operator expects cert-manager to be available in the cluster.\nThis allows the operator to deploy Cryostat with all communication\nbetween its internal services done over HTTPS. If you wish to disable this\nfeature and not use cert-manager, you can set the environment variable\n`DISABLE_SERVICE_TLS=true` when you deploy the operator. We provide\n`make cert_manager` and `make remove_cert_manager` targets to easily\ninstall/remove cert-manager from your cluster.\n\n\n### User Authentication\n\nUsers can use `oc whoami --show-token` to retrieve their OpenShift OAuth token\nfor the currently logged in user account. This token can be used when directly\ninteracting with the deployed Cryostat instance(s).\n\nWhen using the web-client, users can login with their username and password associated with their OpenShift account. User credentials will be remembered for the duration of the session.\n\nIf the current user account does not have sufficient permissions to list\nroutes, list endpointslices, or perform other actions that Cryostat requires,\nthen the user may also try to authenticate using the Operator's service\naccount. This, of course, assumes that the user has permission to view this\nservice account's secrets.\n\n`oc get secrets | grep cryostat-operator-service-account-token` will provide at least one\nsuch operator service account token secret name which can be used - for\nexample, `cryostat-operator-service-account-token-7tt7l`. The token can then be retrieved\nfor use in authenticating as the operator service account:\n\n```\n$ oc describe secret cryostat-operator-service-account-token-7tt7l\nName:         cryostat-operator-service-account-token-7tt7l\nNamespace:    default\nLabels:       \u003cnone\u003e\nAnnotations:  kubernetes.io/created-by: openshift.io/create-dockercfg-secrets\n              kubernetes.io/service-account.name: cryostat-operator-service-account\n              kubernetes.io/service-account.uid: 692aa8c7-081e-4a51-9355-be3eaa8f9fa6\n\nType:  kubernetes.io/service-account-token\n\nData\n====\nca.crt:          7209 bytes\nnamespace:       7 bytes\nservice-ca.crt:  8422 bytes\ntoken:           eyJhbGciOiJSUzI1NiIsImtpZCI6IkhYZC13eDdGVGwyQzdGNVpZVndScEZ2VmRxWTlzbnBUUG9HRkJpejJkV3cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImNyeW9zdGF0LW9wZXJhdG9yLXNlcnZpY2UtYWNjb3VudC10b2tlbi03dHQ3bCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJjcnlvc3RhdC1vcGVyYXRvci1zZXJ2aWNlLWFjY291bnQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2OTJhYThjNy0wODFlLTRhNTEtOTM1NS1iZTNlYWE4ZjlmYTYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpjcnlvc3RhdC1vcGVyYXRvci1zZXJ2aWNlLWFjY291bnQifQ.M7C1V0bN3aILBflO7TTOTikw7wLGRJ79-OkCDQIZbu71QLdX05jyCxxtlH32lr8jz6HwxfXXweh3ifG_2lbe7_TbM8jxmBoMdLuc4Q_akpmA-GQuDPrRxfHGJApYGQ6CVug3KHSrQwj2M4QrSUz7FoeQGaOH9BnWj1TrHGmOZUPJ6u7JSu2OwoLBda6rF-M4Bl72DmkyMAzikreRgPEk4D7gTCY0yNvsQDuUAwpFwmEukRC2WyTAVTpKPgThZUk-UJ-dXufbhAcqIRt6jeCQ19_Bo0zXc_ELgQydxuTack1ndT3HwRmwwNuZDFv-G3Y0YdjfRh00DqEvSn9ynZzwueDCJUxlHdznytfUWk9PA712JENpFC7b-zSHnjymIcFeUd8s_Zq_-JKrDIPnH0oZDRO_MUpKEC7Jz_8SeFJHLLGfBZt_aP4VwQHEUThiFQPwrfbd8tppUG2TKcekPScKcauy-BCI52odBzapP6meilMQVrmRtu7i30L05vgQiST_OsmSP8CuKW13a-leCCtN_aNQGqlWvLhP81H95ui-PvMzwMIDlfDZ03ycuYg4R4eUG3nUq7-42wrSdFLo8gm9wsl7y1ZRMQwHR1DCVBbHYS0iFOcmwto2Ejlrgvn3Cs0pDS7pDVoFkH2FsTopEw3jXtnkMs15mSmBnHz-UjF-l08\n```\n\nor more briefly:\n\n```\n$ oc get -o jsonpath='{.data.token}' secret cryostat-operator-service-account-token-7tt7l | base64 -d\neyJhbGciOiJSUzI1NiIsImtpZCI6IkhYZC13eDdGVGwyQzdGNVpZVndScEZ2VmRxWTlzbnBUUG9HRkJpejJkV3cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImNyeW9zdGF0LW9wZXJhdG9yLXNlcnZpY2UtYWNjb3VudC10b2tlbi03dHQ3bCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJjcnlvc3RhdC1vcGVyYXRvci1zZXJ2aWNlLWFjY291bnQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2OTJhYThjNy0wODFlLTRhNTEtOTM1NS1iZTNlYWE4ZjlmYTYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpjcnlvc3RhdC1vcGVyYXRvci1zZXJ2aWNlLWFjY291bnQifQ.M7C1V0bN3aILBflO7TTOTikw7wLGRJ79-OkCDQIZbu71QLdX05jyCxxtlH32lr8jz6HwxfXXweh3ifG_2lbe7_TbM8jxmBoMdLuc4Q_akpmA-GQuDPrRxfHGJApYGQ6CVug3KHSrQwj2M4QrSUz7FoeQGaOH9BnWj1TrHGmOZUPJ6u7JSu2OwoLBda6rF-M4Bl72DmkyMAzikreRgPEk4D7gTCY0yNvsQDuUAwpFwmEukRC2WyTAVTpKPgThZUk-UJ-dXufbhAcqIRt6jeCQ19_Bo0zXc_ELgQydxuTack1ndT3HwRmwwNuZDFv-G3Y0YdjfRh00DqEvSn9ynZzwueDCJUxlHdznytfUWk9PA712JENpFC7b-zSHnjymIcFeUd8s_Zq_-JKrDIPnH0oZDRO_MUpKEC7Jz_8SeFJHLLGfBZt_aP4VwQHEUThiFQPwrfbd8tppUG2TKcekPScKcauy-BCI52odBzapP6meilMQVrmRtu7i30L05vgQiST_OsmSP8CuKW13a-leCCtN_aNQGqlWvLhP81H95ui-PvMzwMIDlfDZ03ycuYg4R4eUG3nUq7-42wrSdFLo8gm9wsl7y1ZRMQwHR1DCVBbHYS0iFOcmwto2Ejlrgvn3Cs0pDS7pDVoFkH2FsTopEw3jXtnkMs15mSmBnHz-UjF-l08\n```\n\n## BUILDING\n\n### Requirements\n- `go` v1.23+\n- [`operator-sdk`](https://github.com/operator-framework/operator-sdk) v1.31.0\n- `podman` or `docker`\n- [`jq`](https://stedolan.github.io/jq/) v1.6+\n- [`yq`](https://github.com/mikefarah/yq/) v4.35+\n- `ginkgo` (Optional)\n\n### Instructions\n`make generate manifests manager` will trigger code/YAML generation and compile\nthe operator controller manager, along with running some code quality checks.\n\n`make oci-build` will build an OCI image from the generated YAML and compiled\nbinary to the local registry, tagged as\n`quay.io/crystatio/cryostat-operator`. This tag can be overridden by\nsetting the environment variables `IMAGE_NAMESPACE` and `OPERATOR_NAME`.\n`IMAGE_VERSION` can also be set to override the tagged version.\n\n`make bundle` will create an OLM bundle. This will generate a CSV, CRDs and\nother manifests, and other required configurations for an OLM bundle versioned\nwith version `$IMAGE_VERSION` in the `bundle/` directory. `make bundle-build`\nwill create an OCI image of this bundle, which can then be pushed to an image\nrepository such as `quay.io`.\n\n`make catalog-build` will build an OCI image of the operator catalog (i.e. index)\nwith version `$IMAGE_VERSION` that includes the bundle image of the same version.\n\n## DEVELOPMENT\n\nAn invocation like\n`export IMAGE_NAMESPACE=quay.io/some-user` `export IMAGE_VERSION=test-version`\n`make generate manifests manager oci-build bundle bundle-build`\n`podman image prune -f \u0026\u0026 podman push $IMAGE_NAMESPACE/cryostat-operator:$IMAGE_VERSION \u0026\u0026 podman push $IMAGE_NAMESPACE/cryostat-operator-bundle:$IMAGE_VERSION`\n`make deploy_bundle`\nis handy for local development testing using ex. CodeReady Containers. This\nexercises a similar build and deployment path as what end users using OLM and\nOperatorHub will eventually receive.\n\n## TESTING\n\n### Requirements\n- (optional) [oc](https://www.okd.io/download.html)\n- (optional) [crc](https://github.com/code-ready/crc)\n\n### Instructions\n\n`make test-envtest` will run controller tests using ginkgo if installed, or go test if\nnot, requiring no cluster connection.\n\n`make test-scorecard` will run the Operator SDK's scorecard test suite. This requires a\nKubernetes or OpenShift cluster to be available and logged in with your `kubectl` or `oc`\nclient. The recommended setup for development testing is CodeReady Containers (`crc`).\n\nBefore the scorecard tests are run, all cryostat and cryostat-operator\nresources will be deleted to ensure a clean slate.\n\n`make test` will run all tests.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcryostatio%2Fcryostat-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcryostatio%2Fcryostat-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcryostatio%2Fcryostat-operator/lists"}