[Request] Static manifests for deploying test applications on k8s

[tthvo]

Describe the feature

For purpose of testing Cryostat on k8s environment, we would need to deploy these applications on k8s. I have been using the samples in the operator: https://github.com/cryostatio/cryostat-operator/tree/main/config/samples

I think it would be nice to have a similar single deploy.yaml here so that we can run, for example:

kubectl apply -f https://raw.githubusercontent.com/cryostatio/test-applications/main/quarkus-agent/deploy.yaml

Anything other information?

No response

[andrewazores]

The docker-compose manifests should be good references:

https://github.com/cryostatio/cryostat/tree/main/compose/sample_apps

They might even be automatically convertible into k8s manifests using kompose and smoketest.bash:

$ cd cryostat
$ ./smoketest.bash -n | kompose convert -f -

Currently this fails:

FATA Unable to load files: 1 error(s) decoding:

* 'deploy.resources.limits.cpus' expected type 'string', got unconvertible type 'float64', value: '0.1' 

but I imagine that some scripting can be done (ex. piping through yq to remove the resource limits object) to automate this.

https://stackoverflow.com/questions/63854901/how-to-remove-an-attribute-in-yaml-file-using-yq

https://mikefarah.gitbook.io/yq/operators/delete

[andrewazores]

Actually, just upgrading from kompose 1.31 or whatever I had to the latest 1.34 fixed that:

$ ./smoketest.bash -tn | kompose convert --out kompose/ -f -
>>>> Executing external compose provider "/usr/bin/docker-compose". Please refer to the documentation for details. <<<<

WARN -: `version` is obsolete                     
WARN Restart policy 'unless-stopped' in service auth is not supported, convert it to 'always' 
WARN Restart policy 'unless-stopped' in service cryostat is not supported, convert it to 'always' 
WARN Restart policy 'unless-stopped' in service grafana is not supported, convert it to 'always' 
WARN Restart policy 'unless-stopped' in service jfr-datasource is not supported, convert it to 'always' 
WARN File don't exist or failed to check if the directory is empty: stat :/certs: no such file or directory 
WARN File don't exist or failed to check if the directory is empty: stat :/tmp: no such file or directory 
WARN File don't exist or failed to check if the directory is empty: stat :/opt/cryostat.d/templates.d: no such file or directory 
WARN Skip file in path /run/user/1001/podman/podman.sock  
WARN File don't exist or failed to check if the directory is empty: stat :/truststore: no such file or directory 
WARN File don't exist or failed to check if the directory is empty: stat :/var/lib/pgsql/data: no such file or directory 
WARN File don't exist or failed to check if the directory is empty: stat :/usr/share/opensearch/data: no such file or directory 
WARN File don't exist or failed to check if the directory is empty: stat :/data: no such file or directory 
INFO Kubernetes file "kompose/auth-service.yaml" created 
INFO Kubernetes file "kompose/cryostat-service.yaml" created 
INFO Kubernetes file "kompose/db-service.yaml" created 
INFO Kubernetes file "kompose/gameserver-jdk11-service.yaml" created 
INFO Kubernetes file "kompose/gameserver-jdk17-service.yaml" created 
INFO Kubernetes file "kompose/gameserver-jdk21-service.yaml" created 
INFO Kubernetes file "kompose/grafana-service.yaml" created 
INFO Kubernetes file "kompose/jfr-datasource-service.yaml" created 
INFO Kubernetes file "kompose/opensearch-dashboards-service.yaml" created 
INFO Kubernetes file "kompose/opensearch-node-service.yaml" created 
INFO Kubernetes file "kompose/quarkus-cryostat-agent-service.yaml" created 
INFO Kubernetes file "kompose/s3-service.yaml" created 
INFO Kubernetes file "kompose/vertx-agent-1-service.yaml" created 
INFO Kubernetes file "kompose/vertx-agent-2-service.yaml" created 
INFO Kubernetes file "kompose/vertx-agent-3-service.yaml" created 
INFO Kubernetes file "kompose/vertx-agent-4-service.yaml" created 
INFO Kubernetes file "kompose/auth-deployment.yaml" created 
INFO Kubernetes file "kompose/auth-proxy-certs-persistentvolumeclaim.yaml" created 
INFO Kubernetes file "kompose/auth-proxy-cfg-persistentvolumeclaim.yaml" created 
INFO Kubernetes file "kompose/cryostat-deployment.yaml" created 
INFO Kubernetes file "kompose/templates-persistentvolumeclaim.yaml" created 
INFO Kubernetes file "kompose/jmxtls-cfg-persistentvolumeclaim.yaml" created 
INFO Kubernetes file "kompose/db-deployment.yaml" created 
INFO Kubernetes file "kompose/postgresql-persistentvolumeclaim.yaml" created 
INFO Kubernetes file "kompose/gameserver-jdk11-deployment.yaml" created 
INFO Kubernetes file "kompose/gameserver-jdk17-deployment.yaml" created 
INFO Kubernetes file "kompose/gameserver-jdk17-cm0-configmap.yaml" created 
INFO Kubernetes file "kompose/gameserver-jdk21-deployment.yaml" created 
INFO Kubernetes file "kompose/gameserver-jdk21-cm0-configmap.yaml" created 
INFO Kubernetes file "kompose/grafana-deployment.yaml" created 
INFO Kubernetes file "kompose/jfr-datasource-deployment.yaml" created 
INFO Kubernetes file "kompose/opensearch-dashboards-deployment.yaml" created 
INFO Kubernetes file "kompose/opensearch-node-deployment.yaml" created 
INFO Kubernetes file "kompose/opensearch-data-persistentvolumeclaim.yaml" created 
INFO Kubernetes file "kompose/quarkus-cryostat-agent-deployment.yaml" created 
INFO Kubernetes file "kompose/quarkus-cryostat-agent-cm0-configmap.yaml" created 
INFO Kubernetes file "kompose/quarkus-cryostat-agent-cm1-configmap.yaml" created 
INFO Kubernetes file "kompose/s3-deployment.yaml" created 
INFO Kubernetes file "kompose/seaweed-data-persistentvolumeclaim.yaml" created 
INFO Kubernetes file "kompose/vertx-agent-1-deployment.yaml" created 
INFO Kubernetes file "kompose/vertx-agent-2-deployment.yaml" created 
INFO Kubernetes file "kompose/vertx-agent-2-cm0-configmap.yaml" created 
INFO Kubernetes file "kompose/vertx-agent-3-deployment.yaml" created 
INFO Kubernetes file "kompose/vertx-agent-3-cm0-configmap.yaml" created 
INFO Kubernetes file "kompose/vertx-agent-4-deployment.yaml" created

and the example manifests look like:

$ cat kompose/quarkus-cryostat-agent-*

apiVersion: v1
data:
  certificate.pem: |
    -----BEGIN CERTIFICATE-----
    MIIFxDCCA6ygAwIBAgIUFeByXbVrU/z70l+sOgCxC1xhTK0wDQYJKoZIhvcNAQEL
    BQAwaTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgMAk9OMRAwDgYDVQQHDAdUb3JvbnRv
    MQ8wDQYDVQQKDAZSZWRIYXQxFzAVBgNVBAsMDkphdmFNb25pdG9yaW5nMREwDwYD
    VQQDDAhDcnlvc3RhdDAeFw0yNDA5MTgyMDIwMzdaFw0yNTA5MTgyMDIwMzdaMGkx
    CzAJBgNVBAYTAkNBMQswCQYDVQQIDAJPTjEQMA4GA1UEBwwHVG9yb250bzEPMA0G
    A1UECgwGUmVkSGF0MRcwFQYDVQQLDA5KYXZhTW9uaXRvcmluZzERMA8GA1UEAwwI
    Q3J5b3N0YXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6EMl3NFJU
    GUqp6p6kCprtEI1YD67/yu9GH+3zQjsXK7NafpLqBKXvzLo8tvVRqpAFN6c3CALS
    4tlBf42myZAGuedpjyxc8RjqcUu4tFts+GzwpWHig+9ZZfOP1yg//uUVLgWAO+rj
    WWRnyCLuEBZV26o1k8LH7jfrtyThMhhBsdBwOHcebCnoPaFErEiu44JgvKtW2jwK
    POezBraKdZraTeG8GL6vukDLtmGy5jQitrhu9H4hQrXoJdgZ8jfz4/piLEAidChV
    xGiblI8hssLSQAxeSjpWnlPGYorStFoPRXgwGS95qIkSybq0tmR5pvFkZDwuQKcC
    V6T+BXGt1iVaoxV/bxvYGcGKpB6vG/CN5BOlU4EQsHsN9q4n9c4LhLxFFQvm3yqb
    uoADPxhl0s3pFPa4COcvOysP7s58k65DbjYxn7PRwY4DjVxB1cefWBzgy5EPd0u8
    x4LH/TWOMizQRGQbnKxWbR00L6rPCSJLQhv80KDGsFMjkrZipIfn+1TqptR0UdeB
    srNUEPrDM1p+2MEuFYoknE9jkQrPePbcxV3g8iNgWUc+pBm/OoECVkBqK7Kqi+96
    DB0BqJpP0Y04BES38G5NF7Ie4T0QkeXjLSQYrcGIYLycfM4zVlcLXvzYmuBnIsCz
    hUDDGkBVov7rRJRfvdTPivYE4EVdq5WRlwIDAQABo2QwYjAdBgNVHQ4EFgQUDWDt
    Hiz3Ai5ctKL0JaAHGo5QJOkwHwYDVR0jBBgwFoAUDWDtHiz3Ai5ctKL0JaAHGo5Q
    JOkwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHREECDAGggRhdXRoMA0GCSqGSIb3DQEB
    CwUAA4ICAQBaTaJSHvhtePmxg6cnoIRFXAQtLnMbltYkRYljtGqlnNlF0KvpoOLW
    v+pBDuNXuQ55OpWsOcGQPWGtfH3dqQIepS3wlaZxaxWWs3Lv+qp0Ey2vQ28qZit1
    3sWlImsmb0iaHCLh79PRE+4onLlTJPGTVpXQK+WPFDZ3hhBYv1lKdeK3gMlSwVNy
    LmPcsSLMT1Vggw3NzQmb6uk5BTK035DwaEBEFQU9/z+ikEB/FXjJmqApCYV6OD/A
    d6wfXtUMlloH1MH0ubK2WGAntPJMzsgmyw0tPmzbNvZuSLo6fqWyi6aoJ+OpF0YJ
    kxhZ9rOmtMVA4zPkkcwPB//JFCL2gEkcQc/6w1Qj46uluu8eqNldcwBEmHk3tNFN
    wYupiLyNDauThtHSIAReUewxC6I0Lhv9MH1lPqWh24tLI4EUj0F33rCqc0cKGo98
    cBehHbUjdWe0mCUoA4QOJDa0rI4ZqeB7+cCylno+m7cQksnDtlG5hZDUNUWfILba
    QIWNO1cnjNyS3yhw1sIBNcB/hMDCKaEuGpRvGs+mgbWfyBBHa+JVU11r0PeHwBy9
    msvzJpupWO1Wc8CX2pZIiIdFm7WKeDxC7DzLvbh3GskJ54Dt/0C3/XAwqc6xW50u
    jvliYrAliNc3qT8AK/g6V+z5RhNNIa9z3zJcsJ2i4DRagVXiL1j23g==
    -----END CERTIFICATE-----
  generate.sh: |
    #!/usr/bin/sh

    set -xe

    CERTS_DIR="$(dirname "$(readlink -f "$0")")"

    openssl req -new -addext "subjectAltName = DNS:auth" -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out "${CERTS_DIR}/certificate.pem" -keyout "${CERTS_DIR}/private.key" -subj "/C=CA/ST=ON/L=Toronto/O=RedHat/OU=JavaMonitoring/CN=Cryostat"
  private.key: |
    -----BEGIN PRIVATE KEY-----
    MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC6EMl3NFJUGUqp
    6p6kCprtEI1YD67/yu9GH+3zQjsXK7NafpLqBKXvzLo8tvVRqpAFN6c3CALS4tlB
    f42myZAGuedpjyxc8RjqcUu4tFts+GzwpWHig+9ZZfOP1yg//uUVLgWAO+rjWWRn
    yCLuEBZV26o1k8LH7jfrtyThMhhBsdBwOHcebCnoPaFErEiu44JgvKtW2jwKPOez
    BraKdZraTeG8GL6vukDLtmGy5jQitrhu9H4hQrXoJdgZ8jfz4/piLEAidChVxGib
    lI8hssLSQAxeSjpWnlPGYorStFoPRXgwGS95qIkSybq0tmR5pvFkZDwuQKcCV6T+
    BXGt1iVaoxV/bxvYGcGKpB6vG/CN5BOlU4EQsHsN9q4n9c4LhLxFFQvm3yqbuoAD
    Pxhl0s3pFPa4COcvOysP7s58k65DbjYxn7PRwY4DjVxB1cefWBzgy5EPd0u8x4LH
    /TWOMizQRGQbnKxWbR00L6rPCSJLQhv80KDGsFMjkrZipIfn+1TqptR0UdeBsrNU
    EPrDM1p+2MEuFYoknE9jkQrPePbcxV3g8iNgWUc+pBm/OoECVkBqK7Kqi+96DB0B
    qJpP0Y04BES38G5NF7Ie4T0QkeXjLSQYrcGIYLycfM4zVlcLXvzYmuBnIsCzhUDD
    GkBVov7rRJRfvdTPivYE4EVdq5WRlwIDAQABAoICAAdwrADgDu0dkcm9/8spc8zh
    w468GdBREHfqYPANCIkPQbDvRl3YAvA8bIBvBHVxvFtcQIuuMbnpdKyIA2Vu9YGY
    8qYnu0UAJj604Kupf2czfw+xKhSnsYaoN/2n3QxdQewysE+fYolMX5WmABeRSlAm
    l38xW5f11tCbIzAwegQ7R81xxJM32gXwwoxMPOyZXL/hHqzVAl+abd1pYE7X3KUf
    RiG1j5jXrS2ekZHyXvu5+Ls4ry545dM7NPf2PClWRwKgwfPFJBooRdKRNZcwXomP
    vBVGvJLbULHdhBWTo28TsdzVtPtImcQuXHcYPM5Mgz/AOyCfJZtHXx0CB+vemBTr
    hZMUBtzcuf+zhHCNtYD6POtXe/fX+2zKPq0BjgY8Ssx+cv3J8Q7WtKLVfjbf5b07
    k3nZKphZ5Mrh3bmnGIqw9Br3uhdhQ3733LqDaFIeSX3vcDQ++ER1tSltiTKID6k0
    uU0w7m1xYjLJrgu3Vl1WY8rboOB4h3jz59J6qCe2ideiYuvSYmpkhwSi0RvFM3Ju
    7GyB5z2TOZm3pznAOu9G+49dFaCRds5qevCT0/YfU8phOsMfabNZCyqoLFIrWTG/
    DG0lrQgpqPizWEH9FweYAQkkfNop24lPVpMvwQ/SQRFPgNQVRaIA98O7gsSRSGV6
    /cWi3vi17YqiVtvKgYFBAoIBAQD6twWARbbsOnfQdMfZqfLnKdjM1QqoLAFkSLaG
    OOW61iTZnqPjpFUYhsSgy6ue1J4AVu1p8jyg/WqVPs6sAmcBGp9G6iVRK8lFUuz0
    IifdYZWSfpQgEpOHMAkuKz/rSIgBPdtXYTGZjtHzC/gP1l7PiJQS4GVGFXXVoHNx
    usoNF1jtgjJ4008qFqbNcKJU0A9Y9GBjjkkEjt0ZWTXx4r6JMHwbtyrGCs4I/WZt
    Vlhyrkgmj63HE9KSBOhTMsHxGYCrvsUHLgT17Ccvra8PgBNUFI5FvM6gXjJpnNxZ
    xJJ4UHUGCl3s8WE9UtsyiS468Iuvo3R3YnaDnhAsm17NahE3AoIBAQC9/OLtan0f
    VmIjQ+ketkD7/E2NKs88DpP6wlvJCrmtHegnoIE8TmuK6XvWGBix7kfse8gOsAcC
    oZ92nOAEQVgC3PEtwqsxaCn4vmhY12Rt+P25dYdb3LTtZ2cdZxo0J+8iN9zXUKfs
    CFv1JiMr+A+ym2o0Wb2DpS4uK9ZgyghuIy09XDN1MhLecHKM2Ye0PYhVkuksDyw3
    ukJkxHj5A1MrlhnFJwWVBDj+YpkfP+zf2QEn8ErN4c/2z3fcqjPIU6VY+auC1md7
    C+9q+aHj/FwauTCokicSl6mViekiVVyAccenxh0+8SwpyTljg808ZLGU+ZxM5K7d
    5kBS2LxxnDKhAoIBAQCcuKG4sFuLSXUyGn3/Ayxy8gay7A2QWIm6LXXja1e3tjss
    yez61PPYtA3f0dEDJTdrUOtxydm6bQ8eIjfA8HOBDio4gw82sV9MdWznox42VdTQ
    0U04y0PrQszKToDTS/CwjgE5mukNa2i0PGwhQkjcBC1Dq3/DEpEpK/ZeRnwdONX/
    Cd8RBk47KhO04k6nI7QkUAac1QmxzrhJKyn8fVfLnEJIdPRI/eITXouTl2EMtwMl
    D7V6d1quqmCr+VOgqedz9HlnZo31SFyqgjCnSNFMQtk4oLCtMJTkzgg0GRvSF8E/
    OGXEQpMdaVjaO0Rp1YoMDeo04pjg54KGz8ywLTh7AoIBAGThVeG47K1qIfwVwEAV
    iFYE92zg8V8zYnIBJ9mNf2AkBDSebmEGRuZg6eeZres02i4A4A6ke2RzS4gg7nZz
    9/a1OL8SofI/HCI/gIrD/EjEsHz8oh4uCEgS4tbi+y/8kGa8AOC3rCKRobp/QKfF
    NRiim3cmu5GecPIFRvTn8igBN7FgNtag+xHv5XNSwlL7ZVwDARrrB5Cjr0Nwa8fV
    cyEut4pPGRCySE0TL7k/KVkHEi0R07aUk+e67CtYmNxjReYD1IVJsXLNuJg16zdy
    tble4i5wRJ0DuQF1VDxt1QtC3z//22Gjj860UWu8/Yp28TBohgzyVMPw0fDrsswk
    o2ECggEBAO/t5iVzQGkOqkE38MgEXIVCKrnA+GR1oF1L4NCHpBx1JvBkdFA5ns7A
    QiOiJdsgVJn4ZtTZSe1cnUKQ+UhWFBjsh58QJPa7EkzLeyxiiEkQFGUh0pFN9WS1
    NF54mMJYA+kp4iVzr412Lwmpv9rlZO4S2l2rs/2AUwjcyziHDT9WvUx69VPDAwL+
    4lEf3n8RCwUVI1OTaB+ipfJCur5e2yPOqjSyQuONYCQP7vo4MYJRKG6Xg+mdgQ3D
    qyM2L7T2d1ckGGbtRuXA8Hi7vqnNv36QhwKu8NxEpQvhYUIT94D9wv6ffgwAxgUh
    /7XbyY45tcssElla0KxEcA0NaX38tWI=
    -----END PRIVATE KEY-----
kind: ConfigMap
metadata:
  labels:
    io.kompose.service: quarkus-cryostat-agent
  name: quarkus-cryostat-agent-cm0
apiVersion: v1
binaryData:
  agent-keystore.p12: TUlJTjFBSUJBekNDRFg0R0NTcUdTSWIzRFFFSEFhQ0NEVzhFZ2cxck1JSU5aekNDQ0E0R0NTcUdTSWIzRFFFSEFhQ0NCLzhFZ2dmN01JSUg5ekNDQi9NR0N5cUdTSWIzRFFFTUNnRUNvSUlIZ0RDQ0Izd3daZ1lKS29aSWh2Y05BUVVOTUZrd09BWUpLb1pJaHZjTkFRVU1NQ3NFRkducUdsSzNFY3B4YVh0TWcralRYWFpMK240ZEFnSW5FQUlCSURBTUJnZ3Foa2lHOXcwQ0NRVUFNQjBHQ1dDR1NBRmxBd1FCS2dRUTkxbFlsdkZvSCtpVFhqU2xwY2JxdWdTQ0J4Q1Y3RzdrOEFJcHdHTjhENUNaTm9IZnA4N1R1MU1YaldnWi9ONjJDWVZHaFhWWElPd0ROZFVzcVJ4cVhMSUg5clNQNnlFNXJnSnZYS0xRWitQMUR0TC9ncmJxN0xSb0ZrNi9MWnVPWWQzU1NLSmlJWkY2d3ZKTDBqUW5zZUpFWGhDQzh0TENmMkdLY2U1N3ZtWHZueTFtK0NhYVZOUVZRSnhkUUxJYlpFN29maG8zNTFTVUlMZlJLdFhSYnNwc0luWEJQWTFweEd0QU1EOEttUWs3S1JCSzVlcjFESG44SE14MkMvRWxtQXRJbTZFYW1RcWlQS3pvWTRVZ1B0Y295UHpUelNaZHNwMFl3WDNGTm4vSzd1cmg5dldoMFp2VjlPWitZdUJZMUhwcTVyMEwvTXlkYkdhWFdOUWN0TzkvS1g3eGJ5eWhNSFRpS1NlYXlIWWJNMENBZW9UQkQzdVdvM1J5REJJRDRJUENlVi9Edzl0Z1ZQQTBJOUM1QkRIWVFieDczN3N1d1g1TEgxeEhWNC9Jc1ZmbExZMHluSmRFbmsvTXBEb0d4Vk1KMXlaWHhFMkJpc0dFSWRiY29sbVlobDlNckU0ckliQSt1U3BsTEk1amFOMEgxaGdUYkpOdFAwU0FRbWJkREtOWm43ODFabVlXRW91eWVwTGlYUWRFcHRzNUxaelpERWRYa3ZUaGpScjNKc3lTZ2s5WWltNTRRcHJqRS9iSGR5Mm9ITklKb3AyRnlZb0FoT0ViWmM3WWtlOU5ZMmZuMGJyVU9WRm1KZG1aY2FTbEF3NjBNU2s3UGMzTHZjZEw4RjhsdHlqckJmSWNFQ2Q5dzM3SWpTV1AyVC9namZ2QlJoVm1YVFBCTE1JQkZpMGg1bEwrd2JaOEJPV2dtVDAzVk1CTDNjRmZXN1hyRHEwTVdxaTd1ZFhGQTBhanIxUmdCcDg4TWQ4NlljWUl2Y0RoVGVWbVJzK2VrSXgyNDBCVjg0aG9zb0lybEpIK2p2T0FiQ1NzUFN4R1BsNkh0Rll0U0dZZVhzVjVQVldCTUcxOEtaZ2IweUYvakJXMEhRamZDYVh4cFFXRE5LMlR5RzgrVnVDTFpEOVRQSjV3VjJPVmFMMTNFM2FFbzBiUFRCLytIMkQydmxuWFlJNGI5MzBiVS80TDhWOGRUejhMUmlJa0ZmdUEyMmZvSWhWUEhIZzNqYnRHbGRmSkFNMFJEbXl1aktxYXZmUWFPT1NHamUxME91d1IxZ0duN2dpTDdBQUhXOHErcHE5bmM3WUt5V05ueFFDZGdINk5kTVBwZElJY0pRUDdxTVF6bGNEa25pZjBwU3c0NVpJUmpBNEZYRVF6aHpKZUVjS3ZvV0FQeHNSaGRaUEcvMVcveldCSVgyV0Qrc3VQYXZITVkxSSt0MFhodHplMDVEb1JsRVBSWjloU3ZZOStBNzBqRy8yU25jejZkY0MzWEgwbDdmdTFFQ3dpeVVmczB2cG5qbHNpbEt4UGJjWDE1YUpKLzU0N3hNcnRDak9YRlF1dHdmblBPT1hDT09hODNLcGcrM1cxVWhtN2hKSEVRbUxrYVg4QWkySG1YaXBaNlQxQjFzbFN5WHZVQlFQdjN0WlJrdlFoUEtlOTkzWFAyeC9sY1FpdG9Ja2pnZlZYZ3hTMUFZUFNvVlNweWRIaGllUVRQL3lzRDBQU3ZOSVZEQmtwSkdkemV5M2VoYm5VL20zUllCdlgyY1dGSi91bGJCUHBIVnRPOGx4Q3FtdGE1U0JZMFBhUEUxNEVsY2ZEazFjb25QOEVDTmRMbUxKS3Ryam8vNy9Xb1JCYngrdnVGTnJzS1RSMHhjbHBuN0U3cFc2dThPQ2tnUTByTU9MVUl2d0I5REhlSko0K3d1VHNqaktORzcyN09wV1ZoNDU4NnpjQlBHN0ZVSFFkUS96OTJmL0xlQVpzL1FMS2hzMFB0elVkTGpIZjR4M0tJeHEyRDJtSU5wR1BjSUdSTTdPelZGeFBNVk5sQ1B4cWJ1TVpwMWZuMkJmQjNIbityQitUNHY5T1pGbVpTUnRTMmJORUxoSFdLeEdyNDMyYXlZVUxSekNxeWxBR2NRQWZIdmdXbXRzd3kzQlZaNmJ0OHZMYS9sYzBmdVdTSDk0YUhEUXUvSnhBVzlSWDJlTVM0U2psNUo1ejJhRXNLN25TMjJtNUdiOU9ZaDdQeVIreVZlSUNwaVM0ancvQWE2R29IbkxFbzY4eFFGOWJwZlFtemVSVHU5NC9aaXlHRXF2eVAzOGJsSWVuYzZ2RHNPTHBDU2VadDBtY3RwUmtMWUp4cWJrTW41VmFLU0NCOHAvcVhHTFFkbDlDUE9ubmhLeWNyWlB6SlJ5S2xHb01INkJja1JRUzdXV3ZKMS8xVDMrZUY2MUlFMldQNkRocytzNERFTXhPRDdPQzUzamNISlREMDVlNnBWWHBCZUFZNUY2Qy84S1JTYmJ1d0tvT1NPdGNoaHlGZ05mMWtpWnRCa3RvdTlqV1EwaGZQWk80T0V4eE1xbzEwRUpTQklsVitoUDBPcG1HWDBSNU5WS3hxVFlNYmhmS1pQTWtkdDFpc2tsb2NpbFJ1dUJCT2VXQ0lBNWtlODZ0aWFqQlViS1NtNjVBTGZZUjd3TWEyVHZLajJ2RkRLK1MvTEY4OVEzRkNneDkvYVl2S3lpYk9NdE85WjcvUmFlMlpxVTQ5QWNXZEFmRkl6OXlJejRNVHNZSDIxZnNRd1VXeUpMaGYzREc5L0tRY085dzZ3THV0RWtEdUZFVTBZbVZqNDdCai9hOGhYT3Z5T1pmN0pKbFovR2M3cW54clV0YllicG1Hc25uY291akdPWGMrVEdOekpscUFLeUswd3R5cGFnNm1mdTFYMHg5bHByblBFRXNsSXorTXlTZEJ5RmRqaGF2MHpwWnVPMDh3TGVaeDUvUTdpVVZPemtqT3ZzUUU0dmsvVTZ6V3JpRFlKVGpFZXcwNW96NGxSSEUrc2ZIcml3dXUvMkxpYk1CcG5IYU96Mm1rZlFXYzYzc2Vkb0duTWpHT1JxTXcxWXhNdS9WZVlMcm4zN2ticFNHTVUyUG44eUVlUDVxek5ucFdQeEMzdlczcU5aUVZxWFIxRVBPNWdlMU1oR1dwazRkcjQ3d3hVWnBhcjEzd1ZsYWJUS3ZmT0hUQUR5enJLMm03cmIrS0VnVW04VUNJT2dreS9BK3JqRmdNRHNHQ1NxR1NJYjNEUUVKRkRFdUhpd0FjUUIxQUdFQWNnQnJBSFVBY3dBdEFHTUFjZ0I1QUc4QWN3QjBBR0VBZEFBdEFHRUFad0JsQUc0QWREQWhCZ2txaGtpRzl3MEJDUlV4RkFRU1ZHbHRaU0F4TnpJMk5qa3dPRE0yTWpjM01JSUZVUVlKS29aSWh2Y05BUWNHb0lJRlFqQ0NCVDRDQVFBd2dnVTNCZ2txaGtpRzl3MEJCd0V3WmdZSktvWklodmNOQVFVTk1Ga3dPQVlKS29aSWh2Y05BUVVNTUNzRUZQQjU3WG1iVHc0ekVrMFNrSWxKaFdHUkhTQitBZ0luRUFJQklEQU1CZ2dxaGtpRzl3MENDUVVBTUIwR0NXQ0dTQUZsQXdRQktnUVFVZEI3ZklqN2ExdHZCSG9sWTlQdkhJQ0NCTURFKzJDcmJrVENpLzN4ek5ERGhXSGExbkE4YnVNOXNpSUZlUTJKelJlU0RnMC85WFhJMDZPa3JrUFZLV1NMSUdmc3hHdVFHY3ltYm5vaE0zZjRFZ1BWWSt5bC9PZlIyTlpVajYveWMxV1JxeFpJdFZTUndPNmxkQlp2SWFSSE8xektndCtkVGRrUUU0aUowcm52aFBNaVlYSDMweFh1Z0Uzb2lhSHV4RlJVd2tvckhqMVRocVBrN1ZMbThFSldMSnpOaTR2dngzUGkreHdMNzJpL3g2eldIclB5WUNiaGlzWDdCL1U3dGs2R0pFemh6YUdUZXdFbzE1MFFDUGNwZDZiRzBYRFNZaENwdUZrMDVPaW9YS2wzc0xpQWQ1aW1qU3JGZng0N1Nxd0s4SlRCazFmb3QrRmtUMUh0MkhsdXpBMWxGNHVEQ1BkN0w2NitWQTA1ckFmNGZwNXFvVnFNV2dzbUdCUC9lWk93SHhpS3ZLRmQ0aGtnWERPN1h5UW9ZYXE2SzVEdVdPTjZUVzlSOUR3U04rRUFTOVFjZDUwR0czU2lyT0E0UE5ST2xkd2lITVNnZmV2bnRiWFlpNXFxQ1pRRVRqZVdFRElXRVJRa0IxaEpoUVdVaXN0aXFod2NkUVpKUi9KYjVMeEhvZGNnUDM2aWRvd1R5N0lYZXpLdFdLdFNXb0VkRWVkTTk5RFVXTzVpODV6TEJ5ZDNQQmRHWTRCaDlsbm9qRWJOdHpwbWtndUswd1RjblFVcWU4bTJOdkRpVEdYL3hnMVNqKzBhV0EwM2gzak9GOXhnOTFGL2YyTWYxSHhZVWtreTJFOGlZbDkyZXppM3pMWkpDc0hVcE0wZ2tWN0E2b3poOHRLdS9KNDFvdHN1OG1vejNBUWcvaXhyUG5HK0U2ckNYMDFtUUlrenZJckFZcGNISWNxOXZsMWJxc1NXdlpTMDcxcWFTbjJzUW45QnBsWlNUdVZWTEdISGtKZFZyOFlZVzJUQS9EQ0ltK0FENzRYMXNqaVExQU1TcC9BWTl0Y21iaGJZL2RtT0VZNXZJRzlUTUt3ZzdvK1dzVTFRNGxoRExrZnNyOGZvYUs3Qk81dHd3UlRXNytKYjdqdEZ4bzJiby9yZHdrc2VHaGF0STFnMDRGRW5pclFYTGg0T2NoMm5XUExsSUZkSi9EcG8xRjl6M2ZwQkFLYThnd2xrVVJrSzdwOVBxR3lFbjd3UGo3NGlhVjNrQUEzb1lIVFJTT1FuNlNRcnRxOFpOK0VOR2lFTWs0aHVEOXNkWU9Qa1JBSEhMSG5BaWRHZUVQd2ZFY3pkNHA5MGZRUS8rRGNHVTZjZndwem5VSHU1bXBhdWdrVWVKY05KVXpRRTBsb1ZZbDF4ZzNZVFUwQktvQXlyU2EzS1Y4b2Q1R3RsR2FZRkpQaWNpR3RkVUJaUGREclhuTHpJZUl6RXpWdW91blZXc2J1ZzdBc2pTNk5VYzJaRGx5TzJzcVhFV1o4Rlc4ckQwb2MwZVNKNUlMTGo2dzdjcjBqajA2V1kxTHFMQlZjZU1zR3lnMVBUejljNFBGMGpGdzBuK0FzVjdTSXFqbnhuUUtpVnlGMWRCZEZPVGk1TEpkQ1p4emxGTUVJM2dYMHI5djhtNE1lSWJRbTdPRzczVGxzT2Z0bHJ5V0FOaDQ2VC9CU1lDWnA2TEZ6RWdzV3A0QUVjdGFnZVJTeGRlRFdITFBRN0RsT1M3RXhPU29ScUVrZEl6MEowK0V2clRWMlFkUUJpQnJNSWs0MTdpS09IenptZkdHV2M4aytYa3VEd0xIVDA3K1FBa0cyTUplUm01ZFBlOHNTUVlhSUg3Q0VxRnE2am1yZDdlOU0wOEdtcHlCUUEraTFPaElpTkJTWm4rSk1LTWlXVkdqSzkyU1VzQmYzRFgzL0UzYW12UWJJanJ2SVI4U1dNRTRqcHNqamNtcGpHRDdiODV2ZFNIcEN0UTdPSzV6V3J6amIyK2gzRmZBK1dBZGtpd1BjeGE1MlVVQ3MyaTZqd0pTRklaWm9VQTFUYmpIdlJpcWZJTEJlemVxdzRRU0ZYRFFtQldFeE05M2VlSGpxVDVDN2pVaUdWNXF4UE1LOW9iandKZTN0OTVueVVzZW84MTN4Z3U3blExSVNmVUEzRWpaVjhyUjhaTUUwd01UQU5CZ2xnaGtnQlpRTUVBZ0VGQUFRZytITGpyZVJzOUpIMlVDYkxlS0F0QVgzbFVWWmFQTUlMZ0x1ak9wclNPNWNFRktKcmRlSXlBL0dIandoaE5WcmM2TjR2NkJObUFnSW5FQT09
  agent_server.cer: TUlJRUpqQ0NBbzZnQXdJQkFnSUpBTzU5ZEJ2ZVRORldNQTBHQ1NxR1NJYjNEUUVCREFVQU1FRXhDekFKQmdOVkJBWVRBa05CTVJFd0R3WURWUVFLRXdoRGNubHZjM1JoZERFZk1CMEdBMVVFQXhNV2NYVmhjbXQxY3kxamNubHZjM1JoZEMxaFoyVnVkREFlRncweU5EQTVNVGd5TURJd016WmFGdzB5TlRBNU1UZ3lNREl3TXpaYU1FRXhDekFKQmdOVkJBWVRBa05CTVJFd0R3WURWUVFLRXdoRGNubHZjM1JoZERFZk1CMEdBMVVFQXhNV2NYVmhjbXQxY3kxamNubHZjM1JoZEMxaFoyVnVkRENDQWFJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dHUEFEQ0NBWW9DZ2dHQkFOUkVyMXdhQm9qRWRBb0xVVzUwQjQ0UCszZW5vajVHaFJqS0RkcFZETUFkYWo4anQraDhJK3l3Q1VyampqcU85SzZHTTJHdHJWL0Q3UUVoTFp4S3ZuTUNMT3ZoOFhsWXozKzFRZTNKcjcyMWlqQzVvMUppS1B2MS93cDhNajJhWko0Q0xIaEhKdFoveDV5SmpyUFUyM2l2WkhPMWc4Q2hvY0VvaExlaEc3amo1dkJvRVBOb3lXSmNYTUVneDF6NFZaS0JuZ3k5YVdsWE5SaVBoQ1RudUw5SXNIT1NVQ3U4aHNDT2Q5dUhHM2RZU1Y4cVMzbnpUY1lBYjJLYkgrS0JzUWZmNXJpdmVDc256NVFTVHNLMzVWeVZWRUZudy9XTHc1TTN4aWFXTTEybWxPWG5LcmFmakRDejgrbDJ6b2FMTlk0NFJUWXBIUjZlaFhjYUNNTU1CQkl4WDIrSDl0RXlGaVU1U1RsbWo4c25sRENMcXd6cGx4UzBJd2xaanVSTkdYcUFsWmlld09NdTZ3T0FTajRzd2UwSWhoRmtDNm9RVzNXODFwQXU3ZTIzS1htbWNGMXYvU2gzWGtEYWRvYUpsWlg3U3pEc01IMU9TNy84S2s3NE1RZzRGRUN3VnVVdERYaUNYbmpVVllyZDNqdUxYQTFaRmJUQ3RJYm5Ld2xFZlFJREFRQUJveUV3SHpBZEJnTlZIUTRFRmdRVUlFYytORmd5c0JucGpTUjdGR2FGRisyVG5vMHdEUVlKS29aSWh2Y05BUUVNQlFBRGdnR0JBSndiT092WkIrU1RpMnV6cG5qV0tQQ3RtZ0ZDR3g5WENhQUtSTHFpRU9qbWs2S3I4NEpJUFEwUWdtQzZ4UjljVlUwMnY0UmkxQ0pxa2RvOXYwVGdTRGhYbGhnWVNBbW5FUUx5QnVBMXlidVliUDljdGh2enZ0VzdGc0NQMmEybE1UUXo0dWFyL2NQQ3FrTkV5eUQwUmFwdUU4QmdUT0p0cmpMcVgwcWlaVXR5VDBYNFBhWC9oM2VvN1g3NTFQWVZJQ1k2Y2dXeE8xNy96amgyR2RMdE9sM1NOWkQzMERkYStGR1dCQk1BdUJHMm01L0tPbG9OV1BYWmZkWHNnWjFJZUtzWVdNanFvanU1dWd1ZStxYmtadTF6UWM4K1FwZ1BYQmZNQ09FOVBNSE1jZDVsVFR0UDlLaXhNb3A0VGhCd096d21wUkh4L3NQRlRvTFJTaEZtQzZvdGlGWHZweWFmQUN0SnptbEVPWjRRVVJWRHQwMTZEcmpFcHhZTXZRY2RockhKbFhMYU9WS1VYYVZpUWFVcmJEb2tXd3grK05XM3RLeVBqZExheC9lVUsrMmJMenNIcWxGN0owUEVKZjBac205VnE2VTJHTkVtaytPOXl3RVpPOGtFK1Q4eExFdVBOMEJuOFQxSWVQQjlTRmhHaUVhUHhWM0hEbzNKT2RkVjRBPT0=
data:
  generate-agent-certs.bash: |
    #!/usr/bin/env bash

    set -x

    CERTS_DIR="$(realpath "$(dirname "$0")")"
    TRUSTSTORE_DIR="$CERTS_DIR/../../truststore/"

    SSL_KEYSTORE=agent-keystore.p12

    SSL_KEYSTORE_PASS_FILE=keystore.pass

    AGENT_SERVER_CERT_FILE=agent_server.cer

    cleanup() {
        pushd "$CERTS_DIR"
        rm "$SSL_KEYSTORE" "$SSL_KEYSTORE_PASS_FILE" "$AGENT_SERVER_CERT_FILE"
        popd
    }

    case "$1" in
        clean)
            cleanup
            exit 0
            ;;
        generate)
            ;;
        *)
            echo "Usage: $0 [clean|generate]"
            exit 1
            ;;
    esac

    set -e

    genpass() {
        < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32
    }

    SSL_KEYSTORE_PASS="$(genpass)"

    cd "$CERTS_DIR"
    trap "cd -" EXIT

    echo "$SSL_KEYSTORE_PASS" > "$SSL_KEYSTORE_PASS_FILE"

    keytool \
        -genkeypair -v \
        -alias quarkus-cryostat-agent \
        -dname "CN=quarkus-cryostat-agent, O=Cryostat, C=CA" \
        -storetype PKCS12 \
        -validity 365 \
        -keyalg RSA \
        -storepass "$SSL_KEYSTORE_PASS" \
        -keystore "$SSL_KEYSTORE"

    keytool \
        -exportcert -v \
        -alias  quarkus-cryostat-agent \
        -keystore "$SSL_KEYSTORE" \
        -storepass "$SSL_KEYSTORE_PASS" \
        -file "$AGENT_SERVER_CERT_FILE"

    mkdir -p "${TRUSTSTORE_DIR}" && \
        cp agent_server.cer "${TRUSTSTORE_DIR}"
  keystore.pass: |
    UD-0ecxeZVb3IaiVpuOcqtsi7NHtN3LV
kind: ConfigMap
metadata:
  labels:
    io.kompose.service: quarkus-cryostat-agent
  name: quarkus-cryostat-agent-cm1
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    kompose.cmd: kompose convert --out kompose/ -f -
    kompose.version: 1.34.0 (cbf2835db)
  labels:
    io.kompose.service: quarkus-cryostat-agent
  name: quarkus-cryostat-agent
spec:
  replicas: 1
  selector:
    matchLabels:
      io.kompose.service: quarkus-cryostat-agent
  strategy:
    type: Recreate
  template:
    metadata:
      annotations:
        kompose.cmd: kompose convert --out kompose/ -f -
        kompose.version: 1.34.0 (cbf2835db)
      labels:
        io.kompose.service: quarkus-cryostat-agent
    spec:
      containers:
        - env:
            - name: CRYOSTAT_AGENT_API_WRITES_ENABLED
              value: "true"
            - name: CRYOSTAT_AGENT_APP_NAME
              value: quarkus-cryostat-agent
            - name: CRYOSTAT_AGENT_AUTHORIZATION_TYPE
              value: basic
            - name: CRYOSTAT_AGENT_AUTHORIZATION_VALUE
              value: user:pass
            - name: CRYOSTAT_AGENT_BASEURI
              value: https://auth:8443/
            - name: CRYOSTAT_AGENT_BASEURI_RANGE
              value: public
            - name: CRYOSTAT_AGENT_CALLBACK
              value: https://quarkus-cryostat-agent:9977/
            - name: CRYOSTAT_AGENT_HARVESTER_EXIT_MAX_AGE_MS
              value: "60000"
            - name: CRYOSTAT_AGENT_HARVESTER_EXIT_MAX_SIZE_B
              value: "153600"
            - name: CRYOSTAT_AGENT_HARVESTER_MAX_FILES
              value: "3"
            - name: CRYOSTAT_AGENT_HARVESTER_PERIOD_MS
              value: "30000"
            - name: CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_ALIAS
              value: cryostat
            - name: CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_PATH
              value: /auth_certs/certificate.pem
            - name: CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERT[0]_TYPE
              value: X.509
            - name: CRYOSTAT_AGENT_WEBSERVER_HOST
              value: quarkus-cryostat-agent
            - name: CRYOSTAT_AGENT_WEBSERVER_PORT
              value: "9977"
            - name: CRYOSTAT_AGENT_WEBSERVER_TLS_CERT_FILE
              value: /certs/agent_server.cer
            - name: CRYOSTAT_AGENT_WEBSERVER_TLS_KEYSTORE_FILE
              value: /certs/agent-keystore.p12
            - name: CRYOSTAT_AGENT_WEBSERVER_TLS_KEYSTORE_PASS
              value: /certs/keystore.pass
            - name: JAVA_OPTS_APPEND
              value: -Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager -javaagent:/deployments/app/cryostat-agent.jar -Dcom.sun.management.jmxremote.autodiscovery=false -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=22222 -Dcom.sun.management.jmxremote.rmi.port=22222 -Djava.rmi.server.hostname=quarkus-cryostat-agent -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=false
            - name: ORG_ACME_CRYOSTATSERVICE_ENABLED
              value: "false"
            - name: QUARKUS_HTTP_PORT
              value: "10010"
          image: quay.io/redhat-java-monitoring/quarkus-cryostat-agent:latest
          livenessProbe:
            exec:
              command:
                - curl --fail http://localhost:10010 || exit 1
            failureThreshold: 3
            initialDelaySeconds: 30
            periodSeconds: 10
            timeoutSeconds: 5
          name: quarkus-cryostat-agent
          ports:
            - containerPort: 10010
            - containerPort: 9977
              protocol: TCP
          volumeMounts:
            - mountPath: /auth_certs
              name: quarkus-cryostat-agent-cm0
            - mountPath: /certs
              name: quarkus-cryostat-agent-cm1
      hostname: quarkus-cryostat-agent
      restartPolicy: Always
      volumes:
        - configMap:
            name: quarkus-cryostat-agent-cm0
          name: quarkus-cryostat-agent-cm0
        - configMap:
            name: quarkus-cryostat-agent-cm1
          name: quarkus-cryostat-agent-cm1
apiVersion: v1
kind: Service
metadata:
  annotations:
    kompose.cmd: kompose convert --out kompose/ -f -
    kompose.version: 1.34.0 (cbf2835db)
  labels:
    io.kompose.service: quarkus-cryostat-agent
  name: quarkus-cryostat-agent
spec:
  ports:
    - name: "10010"
      port: 10010
      targetPort: 10010
    - name: "9977"
      port: 9977
      targetPort: 9977
  selector:
    io.kompose.service: quarkus-cryostat-agent

[andrewazores]

I haven't actually tried deploying that, but it seems like at least a reasonable starting point. I would rather build something based on top of that automation and applying some patching as needed rather than hand-crafting some more k8s manifests that need additional maintenance attention.