stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
main
git.stella-ops.org/deploy/helm/stellaops/INSTALL.md
StellaOps Bot f0662dd45f feat: Implement DefaultCryptoHmac for compliance-aware HMAC operations 
- Added DefaultCryptoHmac class implementing ICryptoHmac interface.
- Introduced purpose-based HMAC computation methods.
- Implemented verification methods for HMACs with constant-time comparison.
- Created HmacAlgorithms and HmacPurpose classes for well-known identifiers.
- Added compliance profile support for HMAC algorithms.
- Included asynchronous methods for HMAC computation from streams.
2025-12-06 00:41:04 +02:00

2.8 KiB
Raw Permalink Blame History

StellaOps Helm Install Guide

This guide ships with the stellaops chart and provides deterministic install steps for prod and airgap profiles. All images are pinned by digest from deploy/releases/<channel>.yaml.

Prerequisites

  • Helm ≥ 3.14 and kubectl configured for the target cluster.
  • Pull secrets for registry.stella-ops.org (or your mirrored registry in air-gapped mode).
  • TLS/ingress secrets created if you enable ingress in the values files.

Channels and values

  • Prod/stable: deploy/releases/2025.09-stable.yaml + values-prod.yaml
  • Airgap: deploy/releases/2025.09-airgap.yaml + values-airgap.yaml
  • Mirror (optional): values-mirror.yaml overlays registry endpoints when using a private mirror.

Quick install (prod)

export RELEASE_CHANNEL=2025.09-stable
export NAMESPACE=stellaops

helm upgrade --install stellaops ./deploy/helm/stellaops \
  --namespace "$NAMESPACE" --create-namespace \
  -f deploy/helm/stellaops/values-prod.yaml \
  --set global.release.channel=stable \
  --set global.release.version="2025.09.2" \
  --set global.release.manifestSha256="dc3c8fe1ab83941c838ccc5a8a5862f7ddfa38c2078e580b5649db26554565b7"

Quick install (airgap)

Assumes images are already loaded into your private registry and values-airgap.yaml points to that registry.

export NAMESPACE=stellaops

helm upgrade --install stellaops ./deploy/helm/stellaops \
  --namespace "$NAMESPACE" --create-namespace \
  -f deploy/helm/stellaops/values-airgap.yaml \
  --set global.release.channel=airgap \
  --set global.release.version="2025.09.0-airgap" \
  --set global.release.manifestSha256="d422ae3ea01d5f27ea8b5fdc5b19667cb4e3e2c153a35cb761cb53a6ce4f6ba4"

Mirror overlay

If using a mirrored registry, layer the mirror values:

helm upgrade --install stellaops ./deploy/helm/stellaops \
  --namespace "$NAMESPACE" --create-namespace \
  -f deploy/helm/stellaops/values-prod.yaml \
  -f deploy/helm/stellaops/values-mirror.yaml \
  --set global.release.version="2025.09.2" \
  --set global.release.manifestSha256="dc3c8fe1ab83941c838ccc5a8a5862f7ddfa38c2078e580b5649db26554565b7"

Validate chart and digests

deploy/tools/check-channel-alignment.py --manifest deploy/releases/$RELEASE_CHANNEL.yaml \
  --values deploy/helm/stellaops/values-prod.yaml

helm lint ./deploy/helm/stellaops
helm template stellaops ./deploy/helm/stellaops -f deploy/helm/stellaops/values-prod.yaml >/tmp/stellaops.yaml

Notes

  • Surface.Env and Surface.Secrets defaults are defined in values*.yaml; adjust endpoints, cache roots, and providers before promotion.
  • Keep global.release.* in sync with the chosen release manifest; never deploy with empty version/channel/manifestSha256.
  • For offline clusters, run image preload and secret creation before helm upgrade to avoid pull failures.