Featured image for Cryostat (was ContainerJFR) topics.

You probably have used Java Flight Recorder, an excellent tool for analyzing and understanding Java workloads. It comes in handy during development or while workloads run in production. Cryostat takes that further by bringing the same functionality to containers and Kubernetes. Now users can record applications for the entire cluster to understand how the applications behave. Users can also utilize various APIs and get the analysis data in different formats.

RBAC and OAuth support

Cryostat 2.1 enables OAuth authentication using the built-in OAuth server in the Red Hat OpenShift Container Platform. This means that users no longer need to paste authorization tokens manually. Also, if more than one user manages JDK flight recordings with Cryostat in a single namespace, you can give each of them user-specific permissions by creating a role with Cryostat-specific RBAC permissions and binding the role to your user account.

For more details, read How to log into Cryostat 2.1 on OpenShift: SSO for all on Red Hat Developer.

Automated rules

Cryostat 2.1 has a brand new user interface for its automated rules. In the 2.0 release, we introduced this as an API feature. Automated rules can be used to trigger the creation of new JDK Flight Recordings against target JVMs with powerful and flexible match expressions to determine the appropriate application rule. These match expressions reference various application attributes (e.g., the pod name, JMX port, Kubernetes labels, and annotations). When a rule is created, Cryostat selects and starts a new recording using the JFR event template defined by the rule.

For more details, read How to build automated JFR rules with Cryostat 2.1's new UI on Red Hat Developer.

Recording labels

Users can attach metadata or custom labels to JDK flight recordings managed by Cryostat. Recording labels can also be used to attach metadata associated with a recording, identify recordings during queries, or perform actions on multiple recordings containing the same Kubernetes labels.

For more details, read How to organize JFR data with recording labels in Cryostat 2.1 on Red Hat Developer.

GraphQL support

Cryostat 2.1 also includes a new GraphQL API. Now users can create queries for target JVMs and the active or archived recordings that belong to them. Recordings present in the Cryostat archives can combine with mutations to start, stop, archive, and delete active or archived recordings to create powerful queries for building automation around Cryostat and JDK Flight Recorder.

For more details, read Manage JFR across instances with Cryostat and GraphQL on Red Hat Developer.

Java Management Extensions

If you have Java Management Extensions (JMX) authentication enabled on your containerized JVMs, Cryostat will prompt you to enter your JMX credentials before it can access the JDK flight recordings on your target JVMs. On the Cryostat console, the Automated rules, Recordings, and Events tabs require you to enter your JMX credentials to view existing flight recordings or perform a recording operation on a target with JMX authentication enabled.

For more details, read Manage JMX credentials on Kubernetes with Cryostat 2.1 on Red Hat Developer.

Sidecar reports container

Cryostat 2.1 introduces the option of using a sidecar reports container to generate automated analysis reports for JDK flight recordings. Previously, report generation was handled solely by the main Cryostat container. With this new option to delegate report generation to a sidecar container, users will find it easier to provision resources more efficiently.

For more details, read Eat up fewer resources in Cryostat 2.1 with sidecar reports on Red Hat Developer.

JSON web tokens (JWT)

In Cryostat 2.1 we have implemented new API handlers to help facilitate JWT downloads. When a user decides to download a file through the web client, it sends a POST request containing the required authorization headers and a multipart form attribute identifying the requested resource to the Cryostat endpoint. The API handler encodes this information into a JWT token, symmetrically encrypts it, and returns a resource URL associated with the token.


Cryostat uses a WebSocket connection between the Cryostat backend and the web client running in your browser to display notifications when various actions or state changes occur. In Cryostat 2.1, a WebSocket notification is emitted for all conceptual actions and state changes that may arise, whereas previous versions of Cryostat did not include notifications for some types of activity or state change. Formatting is also more consistent now, providing a clear title and description for each notification type.

For more details, read Filter unwanted notifications in Cryostat 2.1 on Red Hat Developer.

Helm charts

Cryostat 2.1 is now installable using a Helm chart. While the Cryostat Operator is our preferred installation method for production environments, the Cryostat Helm chart is a great choice for trying Cryostat for demo purposes, and is designed to be flexible and requires few permissions to accommodate as many users as possible. The Cryostat Helm Chart is included by default in OpenShift 4.8 and up.

Look for a future Red Hat Developer article to explore this subject in more detail.

Getting support for Cryostat

Support for Cryostat is available to Red Hat customers through a subscription to Red Hat Enterprise Linux, Red Hat OpenShift, and Red Hat Runtimes. Contact your local Red Hat representative or Red Hat sales for details on how you can enjoy the world-class support offered by Red Hat and its worldwide partner network.

Moving forward, customers can expect support for Cryostat and other runtimes according to the Red Hat Product Update and Support Lifecycle.

The people behind Red Hat Runtimes and Cryostat support

This offering was produced by the Red Hat Runtimes product and engineering team, along with the Cryostat upstream community. The production involved many hours of development, extensive testing, documentation writing, and working with the wider Red Hat community of customers, partners, and Cryostat developers to incorporate contributions, both big and small. We are glad you have chosen to use it and hope that it exceeds your expectations!

More about Red Hat runtimes

Red Hat Runtimes provides a set of comprehensive frameworks, runtimes, and programming languages for developers, architects, and IT leaders with cloud-native application development needs. It is designed to accelerate the development and delivery of business solutions. There are different runtimes and enablers available to create your microservices with Red Hat Runtimes.

Last updated: September 20, 2023