Deprecate MongoDB support in AOC verification CLI
Removes legacy MongoDB options and code paths from the AOC verification command, enforcing PostgreSQL as the required backend. Updates environment examples and documentation to reflect Valkey and RustFS as defaults, replacing Redis and MinIO references.
This commit is contained in:
master
89
deploy/compose/env/prod.env.example
vendored
89
deploy/compose/env/prod.env.example
vendored
@@ -1,49 +1,76 @@
|
||||
# Substitutions for docker-compose.prod.yaml
|
||||
# ⚠️ Replace all placeholder secrets with values sourced from your secret manager.
|
||||
MONGO_INITDB_ROOT_USERNAME=stellaops-prod
|
||||
MONGO_INITDB_ROOT_PASSWORD=REPLACE_WITH_STRONG_PASSWORD
|
||||
MINIO_ROOT_USER=stellaops-prod
|
||||
MINIO_ROOT_PASSWORD=REPLACE_WITH_STRONG_PASSWORD
|
||||
# Expose the MinIO console only to trusted operator networks.
|
||||
MINIO_CONSOLE_PORT=39001
|
||||
RUSTFS_HTTP_PORT=8080
|
||||
AUTHORITY_ISSUER=https://authority.prod.stella-ops.org
|
||||
AUTHORITY_PORT=8440
|
||||
SIGNER_POE_INTROSPECT_URL=https://licensing.prod.stella-ops.org/introspect
|
||||
# Substitutions for docker-compose.prod.yaml
|
||||
# ⚠️ Replace all placeholder secrets with values sourced from your secret manager.
|
||||
|
||||
# PostgreSQL Database
|
||||
POSTGRES_USER=stellaops-prod
|
||||
POSTGRES_PASSWORD=REPLACE_WITH_STRONG_PASSWORD
|
||||
POSTGRES_DB=stellaops_platform
|
||||
POSTGRES_PORT=5432
|
||||
|
||||
# Valkey (Redis-compatible cache and messaging)
|
||||
VALKEY_PORT=6379
|
||||
|
||||
# RustFS Object Storage
|
||||
RUSTFS_HTTP_PORT=8080
|
||||
|
||||
# Authority
|
||||
AUTHORITY_ISSUER=https://authority.prod.stella-ops.org
|
||||
AUTHORITY_PORT=8440
|
||||
|
||||
# Signer
|
||||
SIGNER_POE_INTROSPECT_URL=https://licensing.prod.stella-ops.org/introspect
|
||||
SIGNER_PORT=8441
|
||||
|
||||
# Attestor
|
||||
ATTESTOR_PORT=8442
|
||||
# Secrets for Issuer Directory are provided via issuer-directory.mongo.env (see etc/secrets/issuer-directory.mongo.secret.example).
|
||||
|
||||
# Issuer Directory
|
||||
ISSUER_DIRECTORY_PORT=8447
|
||||
ISSUER_DIRECTORY_MONGO_CONNECTION_STRING=mongodb://${MONGO_INITDB_ROOT_USERNAME}:${MONGO_INITDB_ROOT_PASSWORD}@mongo:27017
|
||||
ISSUER_DIRECTORY_SEED_CSAF=true
|
||||
|
||||
# Concelier
|
||||
CONCELIER_PORT=8445
|
||||
SCANNER_WEB_PORT=8444
|
||||
UI_PORT=8443
|
||||
NATS_CLIENT_PORT=4222
|
||||
SCANNER_QUEUE_BROKER=nats://nats:4222
|
||||
# `true` enables signed scanner events for Notify ingestion.
|
||||
SCANNER_EVENTS_ENABLED=true
|
||||
SCANNER_EVENTS_DRIVER=redis
|
||||
# Leave SCANNER_EVENTS_DSN empty to inherit the Redis queue DSN when SCANNER_QUEUE_BROKER uses redis://.
|
||||
SCANNER_EVENTS_DSN=
|
||||
|
||||
# Scanner
|
||||
SCANNER_WEB_PORT=8444
|
||||
SCANNER_QUEUE_BROKER=valkey://valkey:6379
|
||||
# `true` enables signed scanner events for Notify ingestion.
|
||||
SCANNER_EVENTS_ENABLED=true
|
||||
SCANNER_EVENTS_DRIVER=valkey
|
||||
SCANNER_EVENTS_DSN=valkey:6379
|
||||
SCANNER_EVENTS_STREAM=stella.events
|
||||
SCANNER_EVENTS_PUBLISH_TIMEOUT_SECONDS=5
|
||||
SCANNER_EVENTS_MAX_STREAM_LENGTH=10000
|
||||
|
||||
# Scanner Surface.Env Configuration
|
||||
SCANNER_SURFACE_FS_ENDPOINT=https://surfacefs.prod.stella-ops.org/api/v1
|
||||
SCANNER_SURFACE_CACHE_ROOT=/var/lib/stellaops/surface
|
||||
# Zastava inherits Scanner defaults; override if Observer/Webhook diverge
|
||||
ZASTAVA_SURFACE_FS_ENDPOINT=${SCANNER_SURFACE_FS_ENDPOINT}
|
||||
ZASTAVA_SURFACE_CACHE_ROOT=${SCANNER_SURFACE_CACHE_ROOT}
|
||||
SCANNER_SURFACE_SECRETS_PROVIDER=kubernetes
|
||||
SCANNER_SURFACE_SECRETS_ROOT=stellaops/scanner
|
||||
SCHEDULER_QUEUE_KIND=Nats
|
||||
SCHEDULER_QUEUE_NATS_URL=nats://nats:4222
|
||||
SCHEDULER_STORAGE_DATABASE=stellaops_scheduler
|
||||
|
||||
# Zastava (inherits Scanner defaults; override if Observer/Webhook diverge)
|
||||
ZASTAVA_SURFACE_FS_ENDPOINT=${SCANNER_SURFACE_FS_ENDPOINT}
|
||||
ZASTAVA_SURFACE_CACHE_ROOT=${SCANNER_SURFACE_CACHE_ROOT}
|
||||
|
||||
# Scheduler (Valkey default, NATS optional)
|
||||
SCHEDULER_QUEUE_KIND=Valkey
|
||||
SCHEDULER_QUEUE_VALKEY_URL=valkey:6379
|
||||
# SCHEDULER_QUEUE_NATS_URL=nats://nats:4222
|
||||
SCHEDULER_STORAGE_DATABASE=stellaops_platform
|
||||
SCHEDULER_SCANNER_BASEADDRESS=http://scanner-web:8444
|
||||
|
||||
# NATS (Optional - only if using NATS instead of Valkey for queues)
|
||||
NATS_CLIENT_PORT=4222
|
||||
|
||||
# Advisory AI
|
||||
ADVISORY_AI_WEB_PORT=8448
|
||||
ADVISORY_AI_SBOM_BASEADDRESS=https://scanner-web:8444
|
||||
ADVISORY_AI_INFERENCE_MODE=Local
|
||||
ADVISORY_AI_REMOTE_BASEADDRESS=
|
||||
ADVISORY_AI_REMOTE_APIKEY=
|
||||
# External reverse proxy (Traefik, Envoy, etc.) that terminates TLS.
|
||||
FRONTDOOR_NETWORK=stellaops_frontdoor
|
||||
|
||||
# Web UI
|
||||
UI_PORT=8443
|
||||
|
||||
# External reverse proxy (Traefik, Envoy, etc.) that terminates TLS.
|
||||
FRONTDOOR_NETWORK=stellaops_frontdoor
|
||||
|
||||
Reference in New Issue
Block a user