Featured image for Cryostat (was ContainerJFR) topics.

Version 2.2 of Cryostat, an advanced monitoring tool for Java applications, has been released, and the new version offers a lot to talk about. A new Discovery Plugin API to make Cryostat more flexible; a new JMX credentials keyring that enhances automated rules for targets using JMX authentication and enhancing security; many user interface features and improvements; integration with the JMC bytecode agent; and improvements for OpenShift RBAC, Pod security contexts, and node scheduling.

Cryostat 2.2 also comes with a fresh new logo and a revamped upstream project website. As always, the team is very excited to announce and publish this release, and we look forward to hearing your feedback. Watch this space for upcoming feature articles discussing the big-ticket items.

This article covers some of the new features that aren't large enough to merit their own articles.

Changes and deprecations

Some important changes to note include:

  • Deprecation of the POST /api/v2/targets/:<targetId>/credentials command. This is the old creation endpoint for target-specific credentials. A new /api/v2.2/credentials endpoint replaces the deprecated endpoint with an implementation that uses generalized match expressions and is not target-specific.
  • A change from GET /api/v2.1/credentials to GET /api/v2.2/credentials. This endpoint lists targets that had defined credentials as described in the previous item.
  • A change from DELETE /api/v2/credentials/:<id> to DELETE /api/v2.2/credentials/:<id> to delete target-specific credentials.
  • Deprecation of the GET /api/v2.1/reports/:<recordingName> and GET /api/v1/reports/:<recordingName> commands. These endpoints were used for retrieving automated analysis reports for an archived recording. These older implementations do not properly support the notion of a "source target," which specifies the target application from which the archived file came. The replacements are still in beta and subject to change, but previews are available at GET /api/beta/reports/:<sourceTarget>/:<recordingName> and GET /api/beta/reports/:<sourceTarget>/:<recordingName>/jwt.
  • Deprecation of the GET /api/v2.1/recordings/:<recordingName> and GET /api/v1/recordings/:<recordingName> commands, for the same reason as the previous item. These targets were used to download recording JFR files. The replacement beta previews are available at GET /api/beta/recordings/:<sourceTarget>/:<recordingName> and GET /api/beta/recordings/:<sourceTarget>/:<recordingName>/jwt.
  • Deprecation of the POST /api/v1/recordings/:<recordingName>/upload command. This endpoint was used to tell Cryostat to upload the specified recording file for analysis in the bundled Grafana dashboard, and is deprecated for the same reason as the previous items. The replacement beta preview is available at POST /api/beta/recordings/:<sourceTarget>/:<recordingName>/upload.
  • Deprecation of the DELETE /api/v1/recordings/:<recordingName> command. This endpoint was used to delete archived recording files from disk and is deprecated for the same reasons as the previous items. The replacement beta preview is available at DELETE /api/beta/recordings/:sourceTarget/:recordingName.
  • The new CRYOSTAT_JMX_CREDENTIALS_DB_PASSWORD environment variable is required. Cryostat Operator users will see a seamless upgrade, but other users may need to manually define this variable.
  • The deprecated FlightRecorder and Recording Custom Resource Definitions have been removed from the Cryostat Operator. Users can create and manage their JDK Flight Recordings using the Cryostat application.
  • Any archived recordings currently stored in a Cryostat v2.1.0 instance might be moved to the new All-Archives view in the Archives tab, under the directory titled lost, after the new 2.2.0 release upgrade.

Notable new features

Developers can enjoy these enhancements.

  • Automated rules can be disabled and re-enabled.
  • The JMX credentials keyring offers a match expression (see Cryostat 2.2's new JMX credentials keyring for more information).
  • A Discovery Plugin API was added (feature article forthcoming).
  • The JMC bytecode agent was integrated (feature article forthcoming).
  • There is a new dashboard layout for View in Grafana. The user is automatically taken to the dashboard and doesn't have to explicitly select it.
  • The on-disk size of each recording file is now listed next to it in the Archived Recordings tables.
  • There is a new UI for recording filters (feature article forthcoming), in particular:
    • New UIs for listing archived recordings
    • A new UI for editing labels on recordings
    • A new UI for uploading recordings to archives
  • When you download recordings to your workstation, the .jfr file is accompanied by a .metadata.json file. When re-uploading a recording into the archives, you can also re-upload this .metadata.json file to retain the labels and other metadata that were originally attached to the recording.
  • A new UI configuration option enables or disables automatic storage of prompted JMX credentials in the Cryostat keyring.
  • Throughput performance has been improved, particularly for parallel operations across multiple target applications.
  • Configuring a maximum cache size no longer causes premature evictions of older connections and forced operation failures. Instead, if the cache is full, new connections wait for older connections to time out and be evicted.
  • There is an Archive On Stop option for fixed-duration recordings. When this option is checked, the manually captured recording is automatically archived upon stopping.
  • There is a new Initial Delay option for automated rules.
  • The automated rules creation form now correctly lists event templates for the selected target application.
  • There are new user interface prompts for destructive actions.
  • Bugs were fixed relating to archived files with the same filename but originating from different target applications.
  • Bugs were fixed relating to actions performed on target applications with "aliased" definitions; ie., two different connection URLs pointing to the same actual JVM.
  • Bugs were fixed related to reports showing incomplete results after recordings stops.
  • There is a new error UI with a retry button for authorization failures.
  • The target refreshing button was removed.
  • The ability to delete noncustom targets was removed.
  • Changes related to the Operator (feature article forthcoming) include:
    • Operator Capabilities: Seamless Upgrades.
    • Deployments configured for Pod Security Admission.
    • Scheduling options to control which nodes the Cryostat and report generator pods can be scheduled on.
    • Security options to customize the security contexts for each pod and container deployed by the Cryostat Operator.
    • Authorization Options to change the Kubernetes permissions required to perform actions within Cryostat, such as creating recordings.
    • The Network Options interface now allows you to define labels and annotations for routes created by the Cryostat Operator.
    • The secret containing the credentials for Cryostat's Grafana instance is now listed for convenience in the status section of the Cryostat instance.
  • Helm offers new core.sslProxied and grafana.sslProxied configuration parameters. Set these to true when using a TLS terminating service to get access to Cryostat and Grafana, respectively.
Last updated: February 11, 2024