lightrun-platform
diff --git a/‎.github/workflows/tests_data/lightrunjavaagent.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/tests_data/lightrunjavaagent.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎api/v1beta/lightrunjavaagent_types.go
Lines changed: 6 additions & 3 deletions b/‎api/v1beta/lightrunjavaagent_types.go
Lines changed: 6 additions & 3 deletions
diff --git a/‎charts/lightrun-agents/README.md
Lines changed: 75 additions & 11 deletions b/‎charts/lightrun-agents/README.md
Lines changed: 75 additions & 11 deletions
diff --git a/‎charts/lightrun-agents/templates/_checkConfig.tpl
Lines changed: 10 additions & 2 deletions b/‎charts/lightrun-agents/templates/_checkConfig.tpl
Lines changed: 10 additions & 2 deletions
diff --git a/‎charts/lightrun-agents/templates/java-agent-cr.yaml
Lines changed: 13 additions & 2 deletions b/‎charts/lightrun-agents/templates/java-agent-cr.yaml
Lines changed: 13 additions & 2 deletions
diff --git a/‎charts/lightrun-agents/values.yaml
Lines changed: 24 additions & 8 deletions b/‎charts/lightrun-agents/values.yaml
Lines changed: 24 additions & 8 deletions
diff --git a/‎charts/lightrun-operator/crds/lightrunjavaagent_crd.yaml
Lines changed: 8 additions & 4 deletions b/‎charts/lightrun-operator/crds/lightrunjavaagent_crd.yaml
Lines changed: 8 additions & 4 deletions
diff --git a/‎config/crd/bases/agents.lightrun.com_lightrunjavaagents.yaml
Lines changed: 8 additions & 4 deletions b/‎config/crd/bases/agents.lightrun.com_lightrunjavaagents.yaml
Lines changed: 8 additions & 4 deletions
diff --git a/‎config/samples/agents_v1beta_lightrunjavaagent.yaml
Lines changed: 1 addition & 1 deletion b/‎config/samples/agents_v1beta_lightrunjavaagent.yaml
Lines changed: 1 addition & 1 deletion
@@ -10,7 +10,7 @@ spec:
   deploymentName: sample-deployment  
   secretName: lightrun-secrets 
   serverHostname: dogfood.internal.lightrun.com
-  useSecretAsEnvVars: true
+  useSecretsAsMountedFiles: false
   agentEnvVarName: JAVA_TOOL_OPTIONS
   agentConfig:
     max_log_cpu_cost: "2"
 
@@ -17,6 +17,7 @@ limitations under the License.
 package v1beta
 
 import (
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -41,6 +42,8 @@ type InitContainer struct {
 	SharedVolumeMountPath string `json:"sharedVolumeMountPath"`
 	// Image of the init container. Image name and tag will define platform and version of the agent
 	Image string `json:"image"`
+	// Pull policy of the init container. Can be one of: Always, IfNotPresent, or Never.
+	ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"`
 }
 
 // LightrunJavaAgentSpec defines the desired state of LightrunJavaAgent
@@ -91,9 +94,9 @@ type LightrunJavaAgentSpec struct {
 	// Agent name for registration to the server
 	AgentName string `json:"agentName,omitempty"`
 
-	// UseSecretAsEnvVars determines whether to use secret values as environment variables (true) or as mounted files (false)
-	// +kubebuilder:default=true
-	UseSecretAsEnvVars bool `json:"useSecretAsEnvVars,omitempty"`
+	// UseSecretsAsMountedFiles determines whether to use secret values as mounted files (true) or as environment variables (false)
+	// +kubebuilder:default=false
+	UseSecretsAsMountedFiles bool `json:"useSecretsAsMountedFiles,omitempty"`
 }
 
 // LightrunJavaAgentStatus defines the observed state of LightrunJavaAgent
 
@@ -31,8 +31,11 @@ The values.yaml file includes the following configurable parameters for each Jav
 | `javaAgents[].agentPoolCredentials.pinnedCertHash` | 64 character sha256 certificate public key hash for pinning.                                                                                                                                                                                    | Required if `existingSecret` not set                            |
 | `javaAgents[].agentTags`                           | [List of Lightrun Java Agent tags](https://docs.lightrun.com/jvm/tagging/#manage-lightrun-java-agent-tags).                                                                                                                                     | Optional `[]` (empty list)                                      |
 | `javaAgents[].containerSelector`                   | Selector for containers within the deployment to inject the Lightrun Java Agent.                                                                                                                                                                | Required                                                        |
-| `javaAgents[].deploymentName`                      | Name of the Kubernetes deployment to attach the Lightrun Java Agent.                                                                                                                                                                            | Required                                                        |
+| `javaAgents[].workloadName`                        | Name of the Kubernetes workload (Deployment or StatefulSet) to attach the Lightrun Java Agent. **Recommended over `deploymentName`**.                                                                                                          | Required (if `deploymentName` not used)                        |
+| `javaAgents[].workloadType`                        | Type of the Kubernetes workload. Must be either `"Deployment"` or `"StatefulSet"`. **Required when using `workloadName`**.                                                                                                                     | Required (if `workloadName` is used)                           |
+| `javaAgents[].deploymentName`                      | **[DEPRECATED]** Name of the Kubernetes deployment to attach the Lightrun Java Agent. Use `workloadName` and `workloadType` instead.                                                                                                           | Required (if `workloadName` not used)                          |
 | `javaAgents[].initContainer.image`                 | Image for the Lightrun Java Agent init container.                                                                                                                                                                                               | Required                                                        |
+| `javaAgents[].initContainer.imagePullPolicy` | Image pull policy for the init container. Can be one of: Always, IfNotPresent, or Never. | Optional (if not provided, defaults according to [Kubernetes Default Image Pull Policy](https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting)) |
 | `javaAgents[].initContainer.sharedVolumeMountPath` | Mount path for the shared volume in the init container.                                                                                                                                                                                         | Optional (if not provided, defaults to `"/lightrun"`"           |
 | `javaAgents[].initContainer.sharedVolumeName`      | Name of the shared volume for the init container.                                                                                                                                                                                               | Optional (if not provided, defaults to `"lightrun-agent-init"`" |
 | `javaAgents[].name`                                | Name of the Lightrun Java Agent custom resource.                                                                                                                                                                                                | Required                                                        |
@@ -73,24 +76,62 @@ Use the -n flag to specify a namespace, either using the same namespace where yo
 helm install <release-name> lightrun-k8s-operator/lightrun-agents -n <namespace> -f values.yaml
 ```
 
+## Migration from Legacy Configuration
+
+If you are currently using the `deploymentName` field, you should migrate to the new `workloadName` and `workloadType` fields for better clarity and StatefulSet support:
+
+**Legacy Configuration (deprecated):**
+```yaml
+javaAgents:
+  - name: 'my-service'
+    namespace: 'my-namespace'
+    deploymentName: "my-deployment"  # deprecated
+    # ... other fields
+```
+
+**New Configuration (recommended):**
+```yaml
+javaAgents:
+  - name: 'my-service'
+    namespace: 'my-namespace'
+    workloadName: "my-deployment"     # new field
+    workloadType: "Deployment"       # new field (required)
+    # ... other fields
+```
+
+**For StatefulSets:**
+```yaml
+javaAgents:
+  - name: 'my-service'
+    namespace: 'my-namespace'
+    workloadName: "my-statefulset"   # new field
+    workloadType: "StatefulSet"      # new field (required)
+    # ... other fields
+```
+
+> **Note:** You cannot use both `deploymentName` and `workloadName`/`workloadType` in the same configuration. The chart validation will fail if both are specified.
+
 ## Examples
 
 ### Basic
 
-- The `my-service-1` does not use an `existingSecret` and instead the `agentPoolCredentials.apiKey` and `agentPoolCredentials.pinnedCertHash` are provided directly.
-
-- The `my-service-2` uses an `existingSecret` named `my-existing-secret`
+- The `my-service-1` uses the new workload configuration (recommended) for a Deployment and does not use an `existingSecret`
+- The `my-service-2` uses the new workload configuration for a StatefulSet and uses an `existingSecret` named `my-existing-secret`
+- The `my-service-3` shows the legacy configuration using `deploymentName` (deprecated but still supported)
 
 ```yaml
 javaAgents:
   - name: 'my-service-1'
     namespace: 'my-namespace-1'
-    deploymentName: "my-deployment-1"
+    # New workload configuration (recommended)
+    workloadName: "my-deployment-1"
+    workloadType: "Deployment"
     containerSelector:
       - my-container-1
     serverHostname: 'lightrun.example.com'
     initContainer:
       image: "lightruncom/k8s-operator-init-java-agent-linux:latest"
+      imagePullPolicy: "IfNotPresent"      
     agentPoolCredentials:
       existingSecret: ""
       apiKey: "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
@@ -104,7 +145,9 @@ javaAgents:
     namespace: 'my-namespace-2'
     initContainer:
       image: "lightruncom/k8s-operator-init-java-agent-linux:latest"
-    deploymentName: "my-deployment-2"
+    # StatefulSet configuration
+    workloadName: "my-statefulset-2"
+    workloadType: "StatefulSet"
     containerSelector:
       - my-container-2
     serverHostname: 'lightrun.example.com'
@@ -117,19 +160,36 @@ javaAgents:
       - service-my-other-server
       - region-us_east_1
       - provider-aws
+  - name: 'my-service-3'
+    namespace: 'my-namespace-3'
+    # Legacy configuration (deprecated but still supported)
+    deploymentName: "my-deployment-3"
+    containerSelector:
+      - my-container-3
+    serverHostname: 'lightrun.example.com'
+    initContainer:
+      image: "lightruncom/k8s-operator-init-java-agent-linux:latest"
+    agentPoolCredentials:
+      existingSecret: "my-existing-secret"
+      apiKey: ""
+      pinnedCertHash: ""
+    agentTags:
+      - env-production
+      - service-legacy
 ```
 
 ### Full
 
-- The `my-service-1` does not use an `existingSecret` and instead the `agentPoolCredentials.apiKey` and `agentPoolCredentials.pinnedCertHash` are provided directly.
-
-- The `my-service-2` uses an `existingSecret` named `my-existing-secret`
+- The `my-service-1` uses the new workload configuration for a Deployment with full configuration options
+- The `my-service-2` uses the new workload configuration for a StatefulSet with an `existingSecret`
 
 ```yaml
 javaAgents:
   - name: 'my-service-1'
     namespace: 'my-namespace-1'
-    deploymentName: "my-deployment-1"
+    # New workload configuration (recommended)
+    workloadName: "my-deployment-1"
+    workloadType: "Deployment"
     containerSelector:
       - my-container-1
     serverHostname: 'lightrun.example.com'
@@ -139,6 +199,7 @@ javaAgents:
     agentCliFlags: "--lightrun_extra_class_path=<PATH_TO_JAR>:<PATH_TO_JAR>,lightrun_init_wait_time_ms"
     initContainer:
       image: "lightruncom/k8s-operator-init-java-agent-linux:latest"
+      imagePullPolicy: "IfNotPresent"
       sharedVolumeName: 'my-shared-volume'
       sharedVolumeMountPath: '/mypath'
     agentPoolCredentials:
@@ -154,9 +215,12 @@ javaAgents:
     namespace: 'my-namespace-2'
     initContainer:
       image: "lightruncom/k8s-operator-init-java-agent-linux:latest"
+      imagePullPolicy: "IfNotPresent"
       sharedVolumeName: 'my-shared-volume'
       sharedVolumeMountPath: '/mypath'
-    deploymentName: "my-deployment-2"
+    # StatefulSet configuration with full options
+    workloadName: "my-statefulset-2"
+    workloadType: "StatefulSet"
     containerSelector:
       - my-container-2
     serverHostname: 'lightrun.example.com'
 
@@ -22,9 +22,17 @@ Compile all warnings into a single message, and call fail.
   {{- if not .initContainer.image }}
     {{- $objectErrorMsgs = append $objectErrorMsgs "Init Container Image Checker:\n Error: The 'initContainer.image' field is missing. Please provide the 'initContainer.image' parameter." -}}
   {{- end }}
-  {{- if not .deploymentName }}
-    {{- $objectErrorMsgs = append $objectErrorMsgs "Deployment Name Checker:\n  Error: The 'deploymentName' field is missing. Please provide the 'deploymentName' parameter." -}}
+
+  {{- /* Workload configuration validation */}}
+  {{- $hasDeploymentName := .deploymentName }}
+  {{- $hasWorkloadConfig := and .workloadName .workloadType }}
+  
+  {{- if and $hasDeploymentName $hasWorkloadConfig }}
+    {{- $objectErrorMsgs = append $objectErrorMsgs "Workload Configuration Checker:\n  Error: Both 'deploymentName' (legacy) and 'workloadName'/'workloadType' (new) are specified. Please use only one configuration method: either 'deploymentName' OR 'workloadName' with 'workloadType'." -}}
+  {{- else if not (or $hasDeploymentName $hasWorkloadConfig) }}
+    {{- $objectErrorMsgs = append $objectErrorMsgs "Workload Configuration Checker:\n  Error: No workload configuration specified. Please provide either 'deploymentName' (legacy) OR 'workloadName' with 'workloadType' (recommended)." -}}
   {{- end }}
+
   {{- if not .containerSelector }}
     {{- $objectErrorMsgs = append $objectErrorMsgs "Container Selector Checker:\n Error: The 'containerSelector' field is missing. Please provide the 'containerSelector' parameter." -}}
   {{- end }}
 
@@ -8,18 +8,29 @@ metadata:
 spec:
   initContainer:
     image: {{ .initContainer.image }}
+    {{- if .initContainer.imagePullPolicy }}
+    imagePullPolicy: {{ .initContainer.imagePullPolicy }}
+    {{- end }}
     sharedVolumeName: {{ .initContainer.sharedVolumeName | default "lightrun-agent-init" }}
     sharedVolumeMountPath: {{ .initContainer.sharedVolumeMountPath | default "/lightrun" }}
+  {{- if .workloadName }}
+  workloadName: {{ .workloadName }}
+  {{- end }}
+  {{- if .workloadType }}
+  workloadType: {{ .workloadType }}
+  {{- end }}
+  {{- if .deploymentName }}
   deploymentName: {{ .deploymentName }}
+  {{- end }}
   containerSelector: {{- toYaml .containerSelector | nindent 4 }}
   {{- if .agentPoolCredentials.existingSecret }}
   secretName: {{ .agentPoolCredentials.existingSecret }}
   {{- else }}
   secretName: {{ .name }}-secret
   {{- end }}
   serverHostname: {{ .serverHostname }}
-  {{- if .useSecretAsEnvVars }}
-  useSecretAsEnvVars: {{ .useSecretAsEnvVars | default true }}
+  {{- if .useSecretsAsMountedFiles }}
+  useSecretsAsMountedFiles: {{ .useSecretsAsMountedFiles | default false }}
   {{- end }}
   agentEnvVarName: {{ .agentEnvVarName | default "JAVA_TOOL_OPTIONS" }}
   {{- if .agentConfig }}
 
@@ -11,13 +11,18 @@ javaAgents: []
 #javaAgents:
 #  - name: 'my-service-1'
 #    namespace: 'my-namespace-1'
-#    deploymentName: "my-deployment-1"
+#    # New workload configuration (recommended)
+#    workloadName: "my-deployment-1"
+#    workloadType: "Deployment"  # or "StatefulSet"
+#    # Legacy configuration (deprecated, use workloadName and workloadType instead)
+#    # deploymentName: "my-deployment-1"
 #    containerSelector:
 #      - my-container-1
 #    serverHostname: 'lightrun.example.com'
-#    useSecretAsEnvVars: true
+#    useSecretsAsMountedFiles: false
 #    initContainer:
 #      image: "lightruncom/k8s-operator-init-java-agent-linux:latest"
+#      imagePullPolicy: "IfNotPresent"
 #    agentPoolCredentials:
 #      existingSecret: ""
 #      apiKey: "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
@@ -31,11 +36,14 @@ javaAgents: []
 #    namespace: 'my-namespace-2'
 #    initContainer:
 #      image: "lightruncom/k8s-operator-init-java-agent-linux:latest"
-#    deploymentName: "my-deployment-2"
+#      imagePullPolicy: "IfNotPresent"
+#    # Example of StatefulSet configuration
+#    workloadName: "my-statefulset-2"
+#    workloadType: "StatefulSet"
 #    containerSelector:
 #      - my-container-2
 #    serverHostname: 'lightrun.example.com'
-#    useSecretAsEnvVars: true
+#    useSecretsAsMountedFiles: false
 #    agentPoolCredentials:
 #      existingSecret: "my-existing-secret"
 #      apiKey: ""
@@ -55,17 +63,22 @@ javaAgents: []
 #javaAgents:
 #  - name: 'my-service-1'
 #    namespace: 'my-namespace-1'
-#    deploymentName: "my-deployment-1"
+#    # New workload configuration (recommended)
+#    workloadName: "my-deployment-1"
+#    workloadType: "Deployment"  # or "StatefulSet"
+#    # Legacy configuration (deprecated, use workloadName and workloadType instead)
+#    # deploymentName: "my-deployment-1"
 #    containerSelector:
 #      - my-container-1
 #    serverHostname: 'lightrun.example.com'
-#    useSecretAsEnvVars: true
+#    useSecretsAsMountedFiles: false
 #    agentEnvVarName: '_JAVA_OPTIONS'
 #    agentConfig:
 #      max_log_cpu_cost: "2"
 #    agentCliFlags: "--lightrun_extra_class_path=<PATH_TO_JAR>:<PATH_TO_JAR>,lightrun_init_wait_time_ms"
 #    initContainer:
 #      image: "lightruncom/k8s-operator-init-java-agent-linux:latest"
+#      imagePullPolicy: "IfNotPresent"
 #      sharedVolumeName: 'my-shared-volume'
 #      sharedVolumeMountPath: '/mypath'
 #    agentPoolCredentials:
@@ -81,13 +94,16 @@ javaAgents: []
 #    namespace: 'my-namespace-2'
 #    initContainer:
 #      image: "lightruncom/k8s-operator-init-java-agent-linux:latest"
+#      imagePullPolicy: "IfNotPresent"
 #      sharedVolumeName: 'my-shared-volume'
 #      sharedVolumeMountPath: '/mypath'
-#    deploymentName: "my-deployment-2"
+#    # Example of StatefulSet configuration
+#    workloadName: "my-statefulset-2"
+#    workloadType: "StatefulSet"
 #    containerSelector:
 #      - my-container-2
 #    serverHostname: 'lightrun.example.com'
-#    useSecretAsEnvVars: true
+#    useSecretsAsMountedFiles: false
 #    agentEnvVarName: 'JAVA_OPTS'
 #    agentConfig:
 #      max_log_cpu_cost: "2"
 
@@ -98,6 +98,10 @@ spec:
                     description: Image of the init container. Image name and tag will
                       define platform and version of the agent
                     type: string
+                  imagePullPolicy:
+                    description: 'Pull policy of the init container. Can be one of:
+                      Always, IfNotPresent, or Never.'
+                    type: string
                   sharedVolumeMountPath:
                     description: Path in the app container where volume with agent
                       will be mounted
@@ -119,10 +123,10 @@ spec:
                   Lightrun server hostname that will be used for downloading an agent
                   Key and company id in the secret has to be taken from this server as well
                 type: string
-              useSecretAsEnvVars:
-                default: true
-                description: UseSecretAsEnvVars determines whether to use secret values
-                  as environment variables (true) or as mounted files (false)
+              useSecretsAsMountedFiles:
+                default: false
+                description: UseSecretsAsMountedFiles determines whether to use secret
+                  values as mounted files (true) or as environment variables (false)
                 type: boolean
               workloadName:
                 description: Name of the Workload that will be patched. workload can
 
@@ -99,6 +99,10 @@ spec:
                     description: Image of the init container. Image name and tag will
                       define platform and version of the agent
                     type: string
+                  imagePullPolicy:
+                    description: 'Pull policy of the init container. Can be one of:
+                      Always, IfNotPresent, or Never.'
+                    type: string
                   sharedVolumeMountPath:
                     description: Path in the app container where volume with agent
                       will be mounted
@@ -120,10 +124,10 @@ spec:
                   Lightrun server hostname that will be used for downloading an agent
                   Key and company id in the secret has to be taken from this server as well
                 type: string
-              useSecretAsEnvVars:
-                default: true
-                description: UseSecretAsEnvVars determines whether to use secret values
-                  as environment variables (true) or as mounted files (false)
+              useSecretsAsMountedFiles:
+                default: false
+                description: UseSecretsAsMountedFiles determines whether to use secret
+                  values as mounted files (true) or as environment variables (false)
                 type: boolean
               workloadName:
                 description: Name of the Workload that will be patched. workload can
 
@@ -11,7 +11,7 @@ spec:
   workloadType: Deployment
   secretName: lightrun-secrets 
   serverHostname: <lightrun_server>  #for saas it will be app.lightrun.com
-  useSecretAsEnvVars: true
+  useSecretsAsMountedFiles: false
   agentEnvVarName: JAVA_TOOL_OPTIONS
   agentConfig:
     max_log_cpu_cost: "2"