# Deploy Deployment infrastructure for StellaOps. Clean, consolidated deployment configurations. ## Infrastructure Stack | Component | Technology | Version | |-----------|------------|---------| | Database | PostgreSQL | 18.1 | | Messaging/Cache | Valkey | 9.0.1 | | Object Storage | RustFS | latest | | Transparency Log | Rekor | v2 (tiles) | ## Directory Structure ``` deploy/ ├── compose/ # Docker Compose configurations │ ├── docker-compose.stella-ops.yml # Main stack │ ├── docker-compose.telemetry.yml # Observability (OTEL, Prometheus, Tempo, Loki) │ ├── docker-compose.testing.yml # CI/testing infrastructure │ ├── docker-compose.compliance-*.yml # Regional crypto overlays │ ├── env/ # Environment templates │ └── scripts/ # Compose lifecycle scripts │ ├── helm/ # Kubernetes Helm charts │ └── stellaops/ # Main chart with env-specific values │ ├── values-dev.yaml │ ├── values-stage.yaml │ ├── values-prod.yaml │ └── values-airgap.yaml │ ├── docker/ # Container build infrastructure │ ├── Dockerfile.hardened.template # Multi-stage hardened template │ ├── Dockerfile.console # Angular UI │ ├── build-all.sh # Build matrix │ └── services-matrix.env # Service build args │ ├── database/ # PostgreSQL infrastructure │ ├── migrations/ # Schema migrations │ ├── postgres/ # CloudNativePG configs │ ├── postgres-partitioning/ # Table partitioning │ └── postgres-validation/ # RLS validation │ ├── scripts/ # Operational scripts │ ├── bootstrap-trust.sh # TrustMonger initialization │ ├── rotate-rekor-key.sh # Key rotation │ ├── test-local.sh # Local testing │ └── lib/ # Shared script libraries │ ├── offline/ # Air-gap deployment │ ├── airgap/ # Bundle creation tools │ ├── kit/ # Installation kit │ └── templates/ # Offline config templates │ ├── telemetry/ # Observability (consolidated) │ ├── alerts/ # Prometheus/Alertmanager rules │ ├── dashboards/ # Grafana dashboards │ ├── collectors/ # OTEL collector configs │ └── storage/ # Prometheus/Loki/Tempo configs │ ├── secrets/ # Secret management templates │ └── *.example # Example secret structures │ ├── releases/ # Release manifests │ └── *.yaml # Version pinning per channel │ └── tools/ # Curated operational tools ├── ci/ # Build/CI tools (nuget-prime, determinism) ├── feeds/ # Feed management (concelier, vex) ├── security/ # Security (attest, cosign, crypto) └── validation/ # Validation scripts ``` ## Quick Start ### Local Development (Docker Compose) ```bash # Start full stack docker compose -f deploy/compose/docker-compose.stella-ops.yml up -d # Start with telemetry docker compose -f deploy/compose/docker-compose.stella-ops.yml \ -f deploy/compose/docker-compose.telemetry.yml up -d # Regional compliance overlay (e.g., China SM2/SM3/SM4) docker compose -f deploy/compose/docker-compose.stella-ops.yml \ -f deploy/compose/docker-compose.compliance-china.yml up -d ``` ### Kubernetes (Helm) ```bash # Install to dev environment helm install stellaops deploy/helm/stellaops \ -f deploy/helm/stellaops/values-dev.yaml \ -n stellaops --create-namespace # Install to production helm install stellaops deploy/helm/stellaops \ -f deploy/helm/stellaops/values-prod.yaml \ -n stellaops --create-namespace ``` ### Air-Gapped Installation ```bash # Create offline bundle python deploy/offline/airgap/build_bootstrap_pack.py --version 2026.04 # Import on air-gapped system deploy/offline/airgap/import-bundle.sh stellaops-2026.04-bundle.tar.gz ``` ## Compose Profiles | File | Purpose | Services | |------|---------|----------| | `stella-ops.yml` | Main stack | PostgreSQL, Valkey, RustFS, Rekor, all StellaOps services | | `telemetry.yml` | Observability | OTEL Collector, Prometheus, Tempo, Loki | | `testing.yml` | CI/Testing | postgres-test, valkey-test, mock-registry | | `compliance-china.yml` | China crypto | SM2/SM3/SM4 overlays | | `compliance-russia.yml` | Russia crypto | GOST R 34.10 overlays | | `compliance-eu.yml` | EU crypto | eIDAS overlays | | `dev.yml` | Development | Minimal stack with hot-reload | ## Connection Strings ```bash # PostgreSQL Host=stellaops-postgres;Port=5432;Database=stellaops;Username=stellaops;Password= # Valkey stellaops-valkey:6379 # RustFS (S3-compatible) http://stellaops-rustfs:8080 ``` ## Migration from devops/ This `deploy/` directory is the consolidated replacement for the scattered `devops/` directory. Content has been reorganized: | Old Location | New Location | |--------------|--------------| | `devops/compose/` | `deploy/compose/` | | `devops/helm/` | `deploy/helm/` | | `devops/docker/` | `deploy/docker/` | | `devops/database/` | `deploy/database/` | | `devops/scripts/` | `deploy/scripts/` | | `devops/offline/` | `deploy/offline/` | | `devops/observability/` + `devops/telemetry/` | `deploy/telemetry/` | | `devops/secrets/` | `deploy/secrets/` | | `devops/releases/` | `deploy/releases/` | The following `devops/` content was archived or removed: - `devops/services/` - Scattered service configs (use compose overlays or helm values) - `devops/tools/` - Move operational tools to `tools/` at repo root - `devops/artifacts/` - CI artifacts (transient, should not be committed) - `devops/.nuget/` - Package cache (restore during build) - `devops/docs/` - Move to `docs/operations/` - `devops/gitlab/` - Legacy CI templates (repo uses Gitea)