cryostatio
diff --git a/‎api/v1beta2/cryostat_types.go‎
Lines changed: 10 additions & 1 deletion b/‎api/v1beta2/cryostat_types.go‎
Lines changed: 10 additions & 1 deletion
diff --git a/‎api/v1beta2/zz_generated.deepcopy.go‎
Lines changed: 10 additions & 0 deletions b/‎api/v1beta2/zz_generated.deepcopy.go‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎bundle/manifests/cryostat-operator.clusterserviceversion.yaml‎
Lines changed: 45 additions & 5 deletions b/‎bundle/manifests/cryostat-operator.clusterserviceversion.yaml‎
Lines changed: 45 additions & 5 deletions
diff --git a/‎bundle/manifests/operator.cryostat.io_cryostats.yaml‎
Lines changed: 44 additions & 4 deletions b/‎bundle/manifests/operator.cryostat.io_cryostats.yaml‎
Lines changed: 44 additions & 4 deletions
diff --git a/‎config/crd/bases/operator.cryostat.io_cryostats.yaml‎
Lines changed: 44 additions & 4 deletions b/‎config/crd/bases/operator.cryostat.io_cryostats.yaml‎
Lines changed: 44 additions & 4 deletions
diff --git a/‎config/manifests/bases/cryostat-operator.clusterserviceversion.yaml‎
Lines changed: 56 additions & 4 deletions b/‎config/manifests/bases/cryostat-operator.clusterserviceversion.yaml‎
Lines changed: 56 additions & 4 deletions
diff --git a/‎config/samples/sample-app.yaml‎
Lines changed: 6 additions & 4 deletions b/‎config/samples/sample-app.yaml‎
Lines changed: 6 additions & 4 deletions
@@ -444,10 +444,19 @@ type NetworkPoliciesList struct {
 }
 
 type NetworkPolicyConfig struct {
-	// Disable the NetworkPolicy for a given service.
+	// Disable the NetworkPolicies (Ingress and Egress) for a given service.
+	// Deprecated: use IngressDisabled and EgressEnabled instead.
 	// +optional
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Disable NetworkPolicy creation",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:booleanSwitch"}
 	Disabled *bool `json:"disabled,omitempty"`
+	// Disable the NetworkPolicy for ingress to a given pod. Enabled by default.
+	// +optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Disable ingress NetworkPolicy creation",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:booleanSwitch"}
+	IngressDisabled *bool `json:"ingressDisabled,omitempty"`
+	// Enable the NetworkPolicy for egress from a given pod. Disabled by default.
+	// +optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Enable egress NetworkPolicy creation",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:booleanSwitch"}
+	EgressEnabled *bool `json:"egressEnabled,omitempty"`
 }
 
 // NetworkConfiguration provides customization for how to expose a Cryostat
 
@@ -24,7 +24,7 @@ metadata:
     capabilities: Seamless Upgrades
     categories: Monitoring, Developer Tools
     containerImage: quay.io/cryostat/cryostat-operator:4.1.0-dev
-    createdAt: "2025-06-12T15:56:01Z"
+    createdAt: "2025-08-26T15:38:48Z"
     description: JVM monitoring and profiling tool
     operatorframework.io/initialization-resource: |-
       {
@@ -183,26 +183,66 @@ spec:
           - description: Options to customize the NetworkPolicy objects created for Cryostat's various Services.
             displayName: Network Policies
             path: networkPolicies
-          - description: Disable the NetworkPolicy for a given service.
+          - description: 'Disable the NetworkPolicies (Ingress and Egress) for a given service. Deprecated: use IngressDisabled and EgressEnabled instead.'
             displayName: Disable NetworkPolicy creation
             path: networkPolicies.coreConfig.disabled
             x-descriptors:
               - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
-          - description: Disable the NetworkPolicy for a given service.
+          - description: Enable the NetworkPolicy for egress from a given pod. Disabled by default.
+            displayName: Enable egress NetworkPolicy creation
+            path: networkPolicies.coreConfig.egressEnabled
+            x-descriptors:
+              - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+          - description: Disable the NetworkPolicy for ingress to a given pod. Enabled by default.
+            displayName: Disable ingress NetworkPolicy creation
+            path: networkPolicies.coreConfig.ingressDisabled
+            x-descriptors:
+              - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+          - description: 'Disable the NetworkPolicies (Ingress and Egress) for a given service. Deprecated: use IngressDisabled and EgressEnabled instead.'
             displayName: Disable NetworkPolicy creation
             path: networkPolicies.databaseConfig.disabled
             x-descriptors:
               - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
-          - description: Disable the NetworkPolicy for a given service.
+          - description: Enable the NetworkPolicy for egress from a given pod. Disabled by default.
+            displayName: Enable egress NetworkPolicy creation
+            path: networkPolicies.databaseConfig.egressEnabled
+            x-descriptors:
+              - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+          - description: Disable the NetworkPolicy for ingress to a given pod. Enabled by default.
+            displayName: Disable ingress NetworkPolicy creation
+            path: networkPolicies.databaseConfig.ingressDisabled
+            x-descriptors:
+              - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+          - description: 'Disable the NetworkPolicies (Ingress and Egress) for a given service. Deprecated: use IngressDisabled and EgressEnabled instead.'
             displayName: Disable NetworkPolicy creation
             path: networkPolicies.reportsConfig.disabled
             x-descriptors:
               - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
-          - description: Disable the NetworkPolicy for a given service.
+          - description: Enable the NetworkPolicy for egress from a given pod. Disabled by default.
+            displayName: Enable egress NetworkPolicy creation
+            path: networkPolicies.reportsConfig.egressEnabled
+            x-descriptors:
+              - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+          - description: Disable the NetworkPolicy for ingress to a given pod. Enabled by default.
+            displayName: Disable ingress NetworkPolicy creation
+            path: networkPolicies.reportsConfig.ingressDisabled
+            x-descriptors:
+              - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+          - description: 'Disable the NetworkPolicies (Ingress and Egress) for a given service. Deprecated: use IngressDisabled and EgressEnabled instead.'
             displayName: Disable NetworkPolicy creation
             path: networkPolicies.storageConfig.disabled
             x-descriptors:
               - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+          - description: Enable the NetworkPolicy for egress from a given pod. Disabled by default.
+            displayName: Enable egress NetworkPolicy creation
+            path: networkPolicies.storageConfig.egressEnabled
+            x-descriptors:
+              - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+          - description: Disable the NetworkPolicy for ingress to a given pod. Enabled by default.
+            displayName: Disable ingress NetworkPolicy creation
+            path: networkPolicies.storageConfig.ingressDisabled
+            x-descriptors:
+              - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
           - description: Options to configure the Cryostat deployments and pods metadata
             displayName: Operand metadata
             path: operandMetadata
 
@@ -5890,29 +5890,69 @@ spec:
                       service.
                     properties:
                       disabled:
-                        description: Disable the NetworkPolicy for a given service.
+                        description: |-
+                          Disable the NetworkPolicies (Ingress and Egress) for a given service.
+                          Deprecated: use IngressDisabled and EgressEnabled instead.
+                        type: boolean
+                      egressEnabled:
+                        description: Enable the NetworkPolicy for egress from a given
+                          pod. Disabled by default.
+                        type: boolean
+                      ingressDisabled:
+                        description: Disable the NetworkPolicy for ingress to a given
+                          pod. Enabled by default.
                         type: boolean
                     type: object
                   databaseConfig:
                     description: NetworkPolicy configuration for the database service.
                     properties:
                       disabled:
-                        description: Disable the NetworkPolicy for a given service.
+                        description: |-
+                          Disable the NetworkPolicies (Ingress and Egress) for a given service.
+                          Deprecated: use IngressDisabled and EgressEnabled instead.
+                        type: boolean
+                      egressEnabled:
+                        description: Enable the NetworkPolicy for egress from a given
+                          pod. Disabled by default.
+                        type: boolean
+                      ingressDisabled:
+                        description: Disable the NetworkPolicy for ingress to a given
+                          pod. Enabled by default.
                         type: boolean
                     type: object
                   reportsConfig:
                     description: NetworkPolicy configuration for the cryostat-reports
                       service.
                     properties:
                       disabled:
-                        description: Disable the NetworkPolicy for a given service.
+                        description: |-
+                          Disable the NetworkPolicies (Ingress and Egress) for a given service.
+                          Deprecated: use IngressDisabled and EgressEnabled instead.
+                        type: boolean
+                      egressEnabled:
+                        description: Enable the NetworkPolicy for egress from a given
+                          pod. Disabled by default.
+                        type: boolean
+                      ingressDisabled:
+                        description: Disable the NetworkPolicy for ingress to a given
+                          pod. Enabled by default.
                         type: boolean
                     type: object
                   storageConfig:
                     description: NetworkPolicy configuration for the storage service.
                     properties:
                       disabled:
-                        description: Disable the NetworkPolicy for a given service.
+                        description: |-
+                          Disable the NetworkPolicies (Ingress and Egress) for a given service.
+                          Deprecated: use IngressDisabled and EgressEnabled instead.
+                        type: boolean
+                      egressEnabled:
+                        description: Enable the NetworkPolicy for egress from a given
+                          pod. Disabled by default.
+                        type: boolean
+                      ingressDisabled:
+                        description: Disable the NetworkPolicy for ingress to a given
+                          pod. Enabled by default.
                         type: boolean
                     type: object
                 type: object
 
@@ -5877,29 +5877,69 @@ spec:
                       service.
                     properties:
                       disabled:
-                        description: Disable the NetworkPolicy for a given service.
+                        description: |-
+                          Disable the NetworkPolicies (Ingress and Egress) for a given service.
+                          Deprecated: use IngressDisabled and EgressEnabled instead.
+                        type: boolean
+                      egressEnabled:
+                        description: Enable the NetworkPolicy for egress from a given
+                          pod. Disabled by default.
+                        type: boolean
+                      ingressDisabled:
+                        description: Disable the NetworkPolicy for ingress to a given
+                          pod. Enabled by default.
                         type: boolean
                     type: object
                   databaseConfig:
                     description: NetworkPolicy configuration for the database service.
                     properties:
                       disabled:
-                        description: Disable the NetworkPolicy for a given service.
+                        description: |-
+                          Disable the NetworkPolicies (Ingress and Egress) for a given service.
+                          Deprecated: use IngressDisabled and EgressEnabled instead.
+                        type: boolean
+                      egressEnabled:
+                        description: Enable the NetworkPolicy for egress from a given
+                          pod. Disabled by default.
+                        type: boolean
+                      ingressDisabled:
+                        description: Disable the NetworkPolicy for ingress to a given
+                          pod. Enabled by default.
                         type: boolean
                     type: object
                   reportsConfig:
                     description: NetworkPolicy configuration for the cryostat-reports
                       service.
                     properties:
                       disabled:
-                        description: Disable the NetworkPolicy for a given service.
+                        description: |-
+                          Disable the NetworkPolicies (Ingress and Egress) for a given service.
+                          Deprecated: use IngressDisabled and EgressEnabled instead.
+                        type: boolean
+                      egressEnabled:
+                        description: Enable the NetworkPolicy for egress from a given
+                          pod. Disabled by default.
+                        type: boolean
+                      ingressDisabled:
+                        description: Disable the NetworkPolicy for ingress to a given
+                          pod. Enabled by default.
                         type: boolean
                     type: object
                   storageConfig:
                     description: NetworkPolicy configuration for the storage service.
                     properties:
                       disabled:
-                        description: Disable the NetworkPolicy for a given service.
+                        description: |-
+                          Disable the NetworkPolicies (Ingress and Egress) for a given service.
+                          Deprecated: use IngressDisabled and EgressEnabled instead.
+                        type: boolean
+                      egressEnabled:
+                        description: Enable the NetworkPolicy for egress from a given
+                          pod. Disabled by default.
+                        type: boolean
+                      ingressDisabled:
+                        description: Disable the NetworkPolicy for ingress to a given
+                          pod. Enabled by default.
                         type: boolean
                     type: object
                 type: object
 
@@ -203,26 +203,78 @@ spec:
           various Services.
         displayName: Network Policies
         path: networkPolicies
-      - description: Disable the NetworkPolicy for a given service.
+      - description: 'Disable the NetworkPolicies (Ingress and Egress) for a given
+          service. Deprecated: use IngressDisabled and EgressEnabled instead.'
         displayName: Disable NetworkPolicy creation
         path: networkPolicies.coreConfig.disabled
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
-      - description: Disable the NetworkPolicy for a given service.
+      - description: Enable the NetworkPolicy for egress from a given pod. Disabled
+          by default.
+        displayName: Enable egress NetworkPolicy creation
+        path: networkPolicies.coreConfig.egressEnabled
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+      - description: Disable the NetworkPolicy for ingress to a given pod. Enabled
+          by default.
+        displayName: Disable ingress NetworkPolicy creation
+        path: networkPolicies.coreConfig.ingressDisabled
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+      - description: 'Disable the NetworkPolicies (Ingress and Egress) for a given
+          service. Deprecated: use IngressDisabled and EgressEnabled instead.'
         displayName: Disable NetworkPolicy creation
         path: networkPolicies.databaseConfig.disabled
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
-      - description: Disable the NetworkPolicy for a given service.
+      - description: Enable the NetworkPolicy for egress from a given pod. Disabled
+          by default.
+        displayName: Enable egress NetworkPolicy creation
+        path: networkPolicies.databaseConfig.egressEnabled
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+      - description: Disable the NetworkPolicy for ingress to a given pod. Enabled
+          by default.
+        displayName: Disable ingress NetworkPolicy creation
+        path: networkPolicies.databaseConfig.ingressDisabled
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+      - description: 'Disable the NetworkPolicies (Ingress and Egress) for a given
+          service. Deprecated: use IngressDisabled and EgressEnabled instead.'
         displayName: Disable NetworkPolicy creation
         path: networkPolicies.reportsConfig.disabled
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
-      - description: Disable the NetworkPolicy for a given service.
+      - description: Enable the NetworkPolicy for egress from a given pod. Disabled
+          by default.
+        displayName: Enable egress NetworkPolicy creation
+        path: networkPolicies.reportsConfig.egressEnabled
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+      - description: Disable the NetworkPolicy for ingress to a given pod. Enabled
+          by default.
+        displayName: Disable ingress NetworkPolicy creation
+        path: networkPolicies.reportsConfig.ingressDisabled
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+      - description: 'Disable the NetworkPolicies (Ingress and Egress) for a given
+          service. Deprecated: use IngressDisabled and EgressEnabled instead.'
         displayName: Disable NetworkPolicy creation
         path: networkPolicies.storageConfig.disabled
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+      - description: Enable the NetworkPolicy for egress from a given pod. Disabled
+          by default.
+        displayName: Enable egress NetworkPolicy creation
+        path: networkPolicies.storageConfig.egressEnabled
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+      - description: Disable the NetworkPolicy for ingress to a given pod. Enabled
+          by default.
+        displayName: Disable ingress NetworkPolicy creation
+        path: networkPolicies.storageConfig.ingressDisabled
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
       - description: Options to configure the Cryostat deployments and pods metadata
         displayName: Operand metadata
         path: operandMetadata
 
@@ -19,6 +19,11 @@ spec:
         - image: quay.io/redhat-java-monitoring/quarkus-cryostat-agent:latest
           imagePullPolicy: Always
           name: quarkus-test
+          env:
+            - name: JAVA_OPTS_APPEND
+              value: -Djava.util.logging.manager=org.jboss.logmanager.LogManager -Dcom.sun.management.jmxremote.port=9097 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false
+            - name: QUARKUS_HTTP_HOST
+              value: 0.0.0.0
           ports:
           - containerPort: 10010
             protocol: TCP
@@ -27,12 +32,9 @@ spec:
             protocol: TCP
             name: jfr-jmx
           resources:
-            requests:
-              cpu: 200m
-              memory: 96Mi
             limits:
               cpu: 500m
-              memory: 192Mi
+              memory: 256Mi
           securityContext:
             allowPrivilegeEscalation: false
             capabilities: