stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

license switch agpl -> busl1, sprints work, new product advisories

Browse Source
This commit is contained in:
master
2026-01-20 15:32:20 +02:00
parent 4903395618
commit c32fff8f86
1835 changed files with 38630 additions and 4359 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docs/operations/devops/architecture.md
View File

@@ -313,7 +313,7 @@ rustfs://stellaops/
### 7.5 PostgreSQL server baseline
* **Minimum supported server:** PostgreSQL **16+**. Earlier versions lack required features (e.g., enhanced JSON functions, performance improvements).
* **Deploy images:** Compose/Helm defaults stay on `postgres:16`. For air-gapped installs, refresh Offline Kit bundles so the packaged PostgreSQL image matches ≥16.
* **Deploy images:** Compose/Helm defaults stay on `postgres:18.1`. For air-gapped installs, refresh Offline Kit bundles so the packaged PostgreSQL image matches ≥18.1.
* **Upgrade guard:** During rollout, verify PostgreSQL major version ≥16 before applying schema migrations; automation should hard-stop if version check fails.
---
@@ -440,13 +440,22 @@ services:
web-ui:
image: registry.stella-ops.org/stellaops/web-ui@sha256:...
postgres:
image: postgres:16
image: postgres:18.1
valkey:
image: valkey/valkey:8.0
image: valkey/valkey:9.0.1
rustfs:
image: registry.stella-ops.org/stellaops/rustfs:2025.10.0-edge
image: registry.stella-ops.org/stellaops/rustfs:2025.09.2
rekor-cli:
image: ghcr.io/sigstore/rekor-cli:v1.4.3
profiles: ["sigstore"]
cosign:
image: ghcr.io/sigstore/cosign:v3.0.4
profiles: ["sigstore"]
```
Sigstore tool containers are optional; enable with `docker compose --profile sigstore`.
Rekor v2 overlay lives at `devops/compose/docker-compose.rekor-v2.yaml`; enable the same profile and point `REKOR_SERVER_URL` to the `rekor-v2` service.
---
## 14) Governance & keys (who owns the trust root)
@@ -487,3 +496,4 @@ services:
---
**End — component_architecture_devops.md**

3
docs/operations/devops/runbooks/deployment-upgrade.md
View File

@@ -49,7 +49,8 @@ Infrastructure components (PostgreSQL, Valkey, MinIO, RustFS) are pinned in the
Archive the resulting `out/offline-kit/metadata/debug-store.json` alongside the kit bundle.
5. **Review compatibility matrix**
Confirm PostgreSQL, Valkey, and RustFS versions in the release manifest match platform SLOs. The default targets are `postgres:16-alpine`, `valkey:8.0`, `rustfs:2025.10.0-edge`.
Confirm PostgreSQL, Valkey, and RustFS versions in the release manifest match platform SLOs. The default targets are `postgres:18.1-alpine`, `valkey:9.0.1`, `rustfs:2025.09.2`.
If the Sigstore tools profile is enabled, verify `rekor-cli:v1.4.3` and `cosign:v3.0.4`.
6. **Create a rollback bookmark**
Record the current Helm revision (`helm history stellaops -n stellaops`) and compose tag (`git describe --tags`) before applying changes.