Add StellaOps Authority planning artifacts and config templates
This commit is contained in:
root
36
StellaOps.Authority.TODOS.DevOps.md
Normal file
36
StellaOps.Authority.TODOS.DevOps.md
Normal file
@@ -0,0 +1,36 @@
|
||||
# StellaOps Authority — DevOps & Observability Team
|
||||
|
||||
> **Read first:** `AGENTS.md`, `StellaOps.Authority.TODOS.md`, and this plan. Reflect status changes in both TODO trackers.
|
||||
|
||||
## Mission
|
||||
Deliver deployable artefacts, CI/CD automation, runtime observability, and operational runbooks for StellaOps Authority.
|
||||
|
||||
## Task Matrix
|
||||
|
||||
| Order | Task IDs | Description | Dependencies | Acceptance |
|
||||
|-------|----------|-------------|--------------|------------|
|
||||
| 1 | OPS1 | Author distroless Dockerfile + docker-compose sample (Authority + Mongo + optional Redis). | FND4, CORE1 | **DONE (DevEx scaffold)** – see `ops/authority/` Dockerfile + compose; verify with production secrets before release. |
|
||||
| 2 | OPS2 | Extend CI workflows (build/test/publish) for Authority + auth libraries (dotnet build/test, docker build, artefact publish). | OPS1 | **DONE** – Authority build/test/publish integrated into `.gitea/workflows/build-test-deploy.yml`. |
|
||||
| 3 | OPS3 | Implement key rotation script/CLI and wire pipeline job (manual trigger) to rotate signing keys + update JWKS. | CORE10 | Document rotation process + store secrets securely. |
|
||||
| 4 | OPS4 | Document backup/restore for Authority Mongo collections, plugin configs, key material. | CORE3 | Produce runbook in `/docs/ops`. |
|
||||
| 5 | OPS5 | Define monitoring metrics/alerts (token issuance failure rate, lockout spikes, bypass usage). Provide dashboards (Prometheus/Otel). | CORE7 | Share Grafana JSON or equivalent. |
|
||||
| 6 | SUPPORT | Assist other teams with docker-compose variations for integration tests (Feedser, CLI). | OPS1, FSR5 | Provide templates + guidance. |
|
||||
|
||||
## Implementation Notes
|
||||
- Container image must remain offline-friendly (no package installs at runtime).
|
||||
- Compose sample should include environment variable settings referencing `etc/authority.yaml`.
|
||||
- Store key rotation artefacts in secure storage (vault/secrets).
|
||||
- Align metrics naming with existing StellaOps conventions.
|
||||
- Provide fallback instructions for air-gapped deployments (manual image load, offline key rotation).
|
||||
|
||||
## Deliverables
|
||||
- Dockerfile(s), compose stack, and documentation.
|
||||
- Updated CI pipeline definitions.
|
||||
- Runbooks for rotation, backup, restore.
|
||||
- Monitoring/alerting templates.
|
||||
|
||||
## Coordination
|
||||
- Sync with DevEx on configuration paths + plugin directories.
|
||||
- Coordinate with Authority Core regarding key management endpoints.
|
||||
- Work with Feedser Integration + CLI teams on integration test environments.
|
||||
- Engage Security Guild to review key rotation + secret storage approach.
|
||||
Reference in New Issue
Block a user