feat: Initialize Zastava Webhook service with TLS and Authority authentication

- Added Program.cs to set up the web application with Serilog for logging, health check endpoints, and a placeholder admission endpoint. - Configured Kestrel server to use TLS 1.3 and handle client certificates appropriately. - Created StellaOps.Zastava.Webhook.csproj with necessary dependencies including Serilog and Polly. - Documented tasks in TASKS.md for the Zastava Webhook project, outlining current work and exit criteria for each task.
2025-10-19 18:36:22 +03:00
parent 7e2fa0a42a
commit 5ce40d2eeb
966 changed files with 91038 additions and 1850 deletions
--- a/deploy/helm/stellaops/values-airgap.yaml
+++ b/deploy/helm/stellaops/values-airgap.yaml
@@ -8,6 +8,49 @@ global:
    pullPolicy: IfNotPresent
  labels:
    stellaops.io/channel: airgap
+
+configMaps:
+  notify-config:
+    data:
+      notify.yaml: |
+        storage:
+          driver: mongo
+          connectionString: "mongodb://notify-mongo.prod.svc.cluster.local:27017"
+          database: "stellaops_notify"
+          commandTimeoutSeconds: 60
+
+        authority:
+          enabled: true
+          issuer: "https://authority.stella-ops.org"
+          metadataAddress: "https://authority.stella-ops.org/.well-known/openid-configuration"
+          requireHttpsMetadata: true
+          allowAnonymousFallback: false
+          backchannelTimeoutSeconds: 30
+          tokenClockSkewSeconds: 60
+          audiences:
+            - notify
+          readScope: notify.read
+          adminScope: notify.admin
+
+        api:
+          basePath: "/api/v1/notify"
+          internalBasePath: "/internal/notify"
+          tenantHeader: "X-StellaOps-Tenant"
+
+        plugins:
+          baseDirectory: "/var/opt/stellaops"
+          directory: "plugins/notify"
+          searchPatterns:
+            - "StellaOps.Notify.Connectors.*.dll"
+          orderedPlugins:
+            - StellaOps.Notify.Connectors.Slack
+            - StellaOps.Notify.Connectors.Teams
+            - StellaOps.Notify.Connectors.Email
+            - StellaOps.Notify.Connectors.Webhook
+
+        telemetry:
+          enableRequestLogging: true
+          minimumLogLevel: Warning
 services:
  authority:
    image: registry.stella-ops.org/stellaops/authority@sha256:5551a3269b7008cd5aceecf45df018c67459ed519557ccbe48b093b926a39bcc
@@ -68,6 +111,17 @@ services:
      SCANNER__STORAGE__S3__ACCESSKEYID: "stellaops-airgap"
      SCANNER__STORAGE__S3__SECRETACCESSKEY: "airgap-minio-secret"
      SCANNER__QUEUE__BROKER: "nats://stellaops-nats:4222"
+  notify-web:
+    image: registry.stella-ops.org/stellaops/notify-web:2025.09.2
+    service:
+      port: 8446
+    env:
+      DOTNET_ENVIRONMENT: Production
+    configMounts:
+      - name: notify-config
+        mountPath: /app/etc/notify.yaml
+        subPath: notify.yaml
+        configMap: notify-config
  excititor:
    image: registry.stella-ops.org/stellaops/excititor@sha256:65c0ee13f773efe920d7181512349a09d363ab3f3e177d276136bd2742325a68
    env: