global: profile: prod release: version: "2025.09.2" channel: stable manifestSha256: "dc3c8fe1ab83941c838ccc5a8a5862f7ddfa38c2078e580b5649db26554565b7" image: pullPolicy: IfNotPresent labels: stellaops.io/channel: stable stellaops.io/profile: prod configMaps: notify-config: data: notify.yaml: | storage: driver: mongo connectionString: "mongodb://stellaops-mongo:27017" database: "stellaops_notify_prod" commandTimeoutSeconds: 45 authority: enabled: true issuer: "https://authority.prod.stella-ops.org" metadataAddress: "https://authority.prod.stella-ops.org/.well-known/openid-configuration" requireHttpsMetadata: true allowAnonymousFallback: false backchannelTimeoutSeconds: 30 tokenClockSkewSeconds: 60 audiences: - notify readScope: notify.read adminScope: notify.admin api: basePath: "/api/v1/notify" internalBasePath: "/internal/notify" tenantHeader: "X-StellaOps-Tenant" plugins: baseDirectory: "/opt/stellaops" directory: "plugins/notify" searchPatterns: - "StellaOps.Notify.Connectors.*.dll" orderedPlugins: - StellaOps.Notify.Connectors.Slack - StellaOps.Notify.Connectors.Teams - StellaOps.Notify.Connectors.Email - StellaOps.Notify.Connectors.Webhook telemetry: enableRequestLogging: true minimumLogLevel: Information services: authority: image: registry.stella-ops.org/stellaops/authority@sha256:b0348bad1d0b401cc3c71cb40ba034c8043b6c8874546f90d4783c9dbfcc0bf5 service: port: 8440 env: STELLAOPS_AUTHORITY__ISSUER: "https://authority.prod.stella-ops.org" STELLAOPS_AUTHORITY__PLUGINDIRECTORIES__0: "/app/plugins" STELLAOPS_AUTHORITY__PLUGINS__CONFIGURATIONDIRECTORY: "/app/etc/authority.plugins" envFrom: - secretRef: name: stellaops-prod-core signer: image: registry.stella-ops.org/stellaops/signer@sha256:8ad574e61f3a9e9bda8a58eb2700ae46813284e35a150b1137bc7c2b92ac0f2e service: port: 8441 env: SIGNER__AUTHORITY__BASEURL: "https://stellaops-authority:8440" SIGNER__POE__INTROSPECTURL: "https://licensing.prod.stella-ops.org/introspect" envFrom: - secretRef: name: stellaops-prod-core attestor: image: registry.stella-ops.org/stellaops/attestor@sha256:0534985f978b0b5d220d73c96fddd962cd9135f616811cbe3bff4666c5af568f service: port: 8442 env: ATTESTOR__SIGNER__BASEURL: "https://stellaops-signer:8441" envFrom: - secretRef: name: stellaops-prod-core concelier: image: registry.stella-ops.org/stellaops/concelier@sha256:c58cdcaee1d266d68d498e41110a589dd204b487d37381096bd61ab345a867c5 service: port: 8445 env: CONCELIER__STORAGE__S3__ENDPOINT: "http://stellaops-minio:9000" CONCELIER__AUTHORITY__BASEURL: "https://stellaops-authority:8440" envFrom: - secretRef: name: stellaops-prod-core volumeMounts: - name: concelier-jobs mountPath: /var/lib/concelier/jobs volumeClaims: - name: concelier-jobs claimName: stellaops-concelier-jobs scanner-web: image: registry.stella-ops.org/stellaops/scanner-web@sha256:14b23448c3f9586a9156370b3e8c1991b61907efa666ca37dd3aaed1e79fe3b7 service: port: 8444 env: SCANNER__ARTIFACTSTORE__DRIVER: "rustfs" SCANNER__ARTIFACTSTORE__ENDPOINT: "http://stellaops-rustfs:8080/api/v1" SCANNER__ARTIFACTSTORE__BUCKET: "scanner-artifacts" SCANNER__ARTIFACTSTORE__TIMEOUTSECONDS: "30" SCANNER__QUEUE__BROKER: "nats://stellaops-nats:4222" SCANNER__EVENTS__ENABLED: "true" SCANNER__EVENTS__DRIVER: "redis" SCANNER__EVENTS__DSN: "" SCANNER__EVENTS__STREAM: "stella.events" SCANNER__EVENTS__PUBLISHTIMEOUTSECONDS: "5" SCANNER__EVENTS__MAXSTREAMLENGTH: "10000" envFrom: - secretRef: name: stellaops-prod-core scanner-worker: image: registry.stella-ops.org/stellaops/scanner-worker@sha256:32e25e76386eb9ea8bee0a1ad546775db9a2df989fab61ac877e351881960dab replicas: 3 env: SCANNER__ARTIFACTSTORE__DRIVER: "rustfs" SCANNER__ARTIFACTSTORE__ENDPOINT: "http://stellaops-rustfs:8080/api/v1" SCANNER__ARTIFACTSTORE__BUCKET: "scanner-artifacts" SCANNER__ARTIFACTSTORE__TIMEOUTSECONDS: "30" SCANNER__QUEUE__BROKER: "nats://stellaops-nats:4222" SCANNER__EVENTS__ENABLED: "true" SCANNER__EVENTS__DRIVER: "redis" SCANNER__EVENTS__DSN: "" SCANNER__EVENTS__STREAM: "stella.events" SCANNER__EVENTS__PUBLISHTIMEOUTSECONDS: "5" SCANNER__EVENTS__MAXSTREAMLENGTH: "10000" envFrom: - secretRef: name: stellaops-prod-core notify-web: image: registry.stella-ops.org/stellaops/notify-web:2025.09.2 service: port: 8446 env: DOTNET_ENVIRONMENT: Production envFrom: - secretRef: name: stellaops-prod-notify configMounts: - name: notify-config mountPath: /app/etc/notify.yaml subPath: notify.yaml configMap: notify-config excititor: image: registry.stella-ops.org/stellaops/excititor@sha256:59022e2016aebcef5c856d163ae705755d3f81949d41195256e935ef40a627fa env: EXCITITOR__CONCELIER__BASEURL: "https://stellaops-concelier:8445" envFrom: - secretRef: name: stellaops-prod-core web-ui: image: registry.stella-ops.org/stellaops/web-ui@sha256:10d924808c48e4353e3a241da62eb7aefe727a1d6dc830eb23a8e181013b3a23 service: port: 8443 env: STELLAOPS_UI__BACKEND__BASEURL: "https://stellaops-scanner-web:8444" mongo: class: infrastructure image: docker.io/library/mongo@sha256:c258b26dbb7774f97f52aff52231ca5f228273a84329c5f5e451c3739457db49 service: port: 27017 command: - mongod - --bind_ip_all envFrom: - secretRef: name: stellaops-prod-mongo volumeMounts: - name: mongo-data mountPath: /data/db volumeClaims: - name: mongo-data claimName: stellaops-mongo-data minio: class: infrastructure image: docker.io/minio/minio@sha256:14cea493d9a34af32f524e538b8346cf79f3321eff8e708c1e2960462bd8936e service: port: 9000 command: - server - /data - --console-address - :9001 envFrom: - secretRef: name: stellaops-prod-minio volumeMounts: - name: minio-data mountPath: /data volumeClaims: - name: minio-data claimName: stellaops-minio-data rustfs: class: infrastructure image: registry.stella-ops.org/stellaops/rustfs:2025.10.0-edge service: port: 8080 command: - serve - --listen - 0.0.0.0:8080 - --root - /data env: RUSTFS__LOG__LEVEL: info RUSTFS__STORAGE__PATH: /data volumeMounts: - name: rustfs-data mountPath: /data volumeClaims: - name: rustfs-data claimName: stellaops-rustfs-data