Telemetry Storage Stack
Configuration snippets for the default StellaOps observability backends used in staging and production environments. The stack comprises:
- Prometheus for metrics (scraping the collector's Prometheus exporter)
- Tempo for traces (OTLP ingest via mTLS)
- Loki for logs (HTTP ingest with tenant isolation)
Files
| Path | Description |
|---|---|
prometheus.yaml |
Scrape configuration for the collector (mTLS + bearer token placeholder). |
tempo.yaml |
Tempo configuration with multitenancy enabled and local storage paths. |
loki.yaml |
Loki configuration enabling per-tenant overrides and boltdb-shipper storage. |
tenants/tempo-overrides.yaml |
Example tenant overrides for Tempo (retention, limits). |
tenants/loki-overrides.yaml |
Example tenant overrides for Loki (rate limits, retention). |
auth/ |
Placeholder directory for Prometheus bearer token files (e.g., token). |
These configurations are referenced by the Docker Compose overlay
(deploy/compose/docker-compose.telemetry-storage.yaml) and the staging rollout documented in
docs/modules/telemetry/operations/storage.md. Adjust paths, credentials, and overrides before running in
connected environments. Place the Prometheus bearer token in auth/token when using the
Compose overlay (the directory contains a .gitkeep placeholder and is gitignored by default).
Run python ops/devops/telemetry/validate_storage_stack.py after editing any of these files to
ensure TLS, multitenancy, and override references remain intact.
Security
- Both Tempo and Loki require mutual TLS.
- Prometheus uses mTLS plus a bearer token that should be minted by Authority.
- Update the overrides files to enforce per-tenant retention/ingestion limits.
For comprehensive deployment steps see docs/modules/telemetry/operations/storage.md.