sprints completion. new product advisories prepared

devops/helm/stellaops/values-bluegreen-blue.yaml

@@ -0,0 +1,104 @@
+# Blue/Green Deployment: Blue Environment
+# Use this file alongside values-prod.yaml for the blue (current) environment
+#
+# Deploy with:
+#   helm upgrade stellaops-blue ./devops/helm/stellaops \
+#     --namespace stellaops-blue \
+#     --values devops/helm/stellaops/values-prod.yaml \
+#     --values devops/helm/stellaops/values-bluegreen-blue.yaml \
+#     --wait
+
+# Environment identification
+global:
+  profile: prod-blue
+  labels:
+    stellaops.io/environment: blue
+    stellaops.io/deployment-strategy: blue-green
+
+# Deployment identification
+deployment:
+  environment: blue
+  color: blue
+  namespace: stellaops-blue
+
+# Ingress for direct blue access (for validation/debugging)
+ingress:
+  enabled: true
+  hosts:
+    - host: stellaops-blue.example.com
+      path: /
+      servicePort: 80
+  annotations:
+    # Not a canary - this is the primary ingress for blue
+    nginx.ingress.kubernetes.io/canary: "false"
+
+# Service naming for traffic routing
+services:
+  api:
+    name: stellaops-blue-api
+  web:
+    name: stellaops-blue-web
+  scanner:
+    name: stellaops-blue-scanner
+
+# Pod labels for service selector
+podLabels:
+  stellaops.io/color: blue
+
+# Shared resources (same for both blue and green)
+database:
+  # IMPORTANT: Blue and Green share the same database
+  # Ensure migrations are N-1 compatible
+  host: postgres.shared.svc.cluster.local
+  database: stellaops_production
+  # Connection pool tuning for blue/green (half of normal)
+  pool:
+    minSize: 5
+    maxSize: 25
+
+redis:
+  # Separate Redis instance per environment to avoid cache conflicts
+  host: redis-blue.stellaops-blue.svc.cluster.local
+  database: 0
+
+evidence:
+  storage:
+    # IMPORTANT: Shared evidence storage for continuity
+    bucket: stellaops-evidence-production
+    prefix: ""  # No prefix - shared namespace
+
+# Health check configuration
+healthCheck:
+  readiness:
+    path: /health/ready
+    initialDelaySeconds: 10
+    periodSeconds: 15
+  liveness:
+    path: /health/live
+    initialDelaySeconds: 30
+    periodSeconds: 10
+
+# Resource allocation (half of normal for blue/green)
+resources:
+  api:
+    requests:
+      cpu: 500m
+      memory: 512Mi
+    limits:
+      cpu: 2000m
+      memory: 2Gi
+  scanner:
+    requests:
+      cpu: 1000m
+      memory: 1Gi
+    limits:
+      cpu: 4000m
+      memory: 4Gi
+
+# Replica count (half of normal for blue/green)
+replicaCount:
+  api: 2
+  web: 2
+  scanner: 2
+  signer: 1
+  attestor: 1

devops/helm/stellaops/values-bluegreen-green.yaml

@@ -0,0 +1,126 @@
+# Blue/Green Deployment: Green Environment
+# Use this file alongside values-prod.yaml for the green (new version) environment
+#
+# Deploy with:
+#   helm upgrade stellaops-green ./devops/helm/stellaops \
+#     --namespace stellaops-green \
+#     --create-namespace \
+#     --values devops/helm/stellaops/values-prod.yaml \
+#     --values devops/helm/stellaops/values-bluegreen-green.yaml \
+#     --set global.release.version="NEW_VERSION" \
+#     --wait
+
+# Environment identification
+global:
+  profile: prod-green
+  labels:
+    stellaops.io/environment: green
+    stellaops.io/deployment-strategy: blue-green
+
+# Deployment identification
+deployment:
+  environment: green
+  color: green
+  namespace: stellaops-green
+
+# Ingress for green - starts as canary with 0% weight
+ingress:
+  enabled: true
+  hosts:
+    - host: stellaops-green.example.com
+      path: /
+      servicePort: 80
+  annotations:
+    # Canary ingress for gradual traffic shifting
+    nginx.ingress.kubernetes.io/canary: "true"
+    nginx.ingress.kubernetes.io/canary-weight: "0"
+    # Optional: header-based routing for testing
+    nginx.ingress.kubernetes.io/canary-by-header: "X-Canary"
+    nginx.ingress.kubernetes.io/canary-by-header-value: "green"
+
+# Canary ingress for production hostname (traffic shifting)
+canaryIngress:
+  enabled: true
+  host: stellaops.example.com
+  annotations:
+    nginx.ingress.kubernetes.io/canary: "true"
+    nginx.ingress.kubernetes.io/canary-weight: "0"  # Start at 0%, increase during cutover
+
+# Service naming for traffic routing
+services:
+  api:
+    name: stellaops-green-api
+  web:
+    name: stellaops-green-web
+  scanner:
+    name: stellaops-green-scanner
+
+# Pod labels for service selector
+podLabels:
+  stellaops.io/color: green
+
+# Shared resources (same for both blue and green)
+database:
+  # IMPORTANT: Blue and Green share the same database
+  # Ensure migrations are N-1 compatible
+  host: postgres.shared.svc.cluster.local
+  database: stellaops_production
+  # Connection pool tuning for blue/green (half of normal)
+  pool:
+    minSize: 5
+    maxSize: 25
+
+redis:
+  # Separate Redis instance per environment to avoid cache conflicts
+  host: redis-green.stellaops-green.svc.cluster.local
+  database: 0
+
+evidence:
+  storage:
+    # IMPORTANT: Shared evidence storage for continuity
+    bucket: stellaops-evidence-production
+    prefix: ""  # No prefix - shared namespace
+
+# Health check configuration
+healthCheck:
+  readiness:
+    path: /health/ready
+    initialDelaySeconds: 10
+    periodSeconds: 15
+  liveness:
+    path: /health/live
+    initialDelaySeconds: 30
+    periodSeconds: 10
+
+# Resource allocation (half of normal for blue/green)
+resources:
+  api:
+    requests:
+      cpu: 500m
+      memory: 512Mi
+    limits:
+      cpu: 2000m
+      memory: 2Gi
+  scanner:
+    requests:
+      cpu: 1000m
+      memory: 1Gi
+    limits:
+      cpu: 4000m
+      memory: 4Gi
+
+# Replica count (half of normal for blue/green)
+replicaCount:
+  api: 2
+  web: 2
+  scanner: 2
+  signer: 1
+  attestor: 1
+
+# Migration jobs - enable for green environment
+migrations:
+  enabled: true
+  # Run migrations before main deployment
+  preUpgrade:
+    enabled: true
+    backoffLimit: 3