stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
main
git.stella-ops.org/ops/devops/docker/health-endpoints.md
StellaOps Bot 885ce86af4
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details
feat: Add VEX Lens CI and Load Testing Plan 
- Introduced a comprehensive CI job structure for VEX Lens, including build, test, linting, and load testing.
- Defined load test parameters and SLOs for VEX Lens API and Issuer Directory.
- Created Grafana dashboards and alerting mechanisms for monitoring API performance and error rates.
- Established offline posture guidelines for CI jobs and load testing.

feat: Implement deterministic projection verification script

- Added `verify_projection.sh` script for verifying the integrity of projection exports against expected hashes.
- Ensured robust error handling for missing files and hash mismatches.

feat: Develop Vuln Explorer CI and Ops Plan

- Created CI jobs for Vuln Explorer, including build, test, and replay verification.
- Implemented backup and disaster recovery strategies for MongoDB and Redis.
- Established Merkle anchoring verification and automation for ledger projector.

feat: Introduce EventEnvelopeHasher for hashing event envelopes

- Implemented `EventEnvelopeHasher` to compute SHA256 hashes for event envelopes.

feat: Add Risk Store and Dashboard components

- Developed `RiskStore` for managing risk data and state.
- Created `RiskDashboardComponent` for displaying risk profiles with filtering capabilities.
- Implemented unit tests for `RiskStore` and `RiskDashboardComponent`.

feat: Enhance Vulnerability Detail Component

- Developed `VulnerabilityDetailComponent` for displaying detailed information about vulnerabilities.
- Implemented error handling for missing vulnerability IDs and loading failures.
2025-12-02 07:18:28 +02:00

2.0 KiB
Raw Permalink Blame History

Health & capability endpoint contract (DOCKER-44-003)

Target services: API, Console, Orchestrator, Task Runner, Concelier, Excititor, Policy, Notify, Export, AdvisoryAI.

HTTP paths

  • GET /health/liveness — fast, dependency-free check; returns 200 and minimal body.
  • GET /health/readiness — may hit critical deps (DB, bus, cache); returns 503 when not ready.
  • GET /version — static payload with service, version, commit, buildTimestamp (ISO-8601 UTC), source (channel).
  • GET /metrics — Prometheus text exposition; reuse existing instrumentation.
  • GET /capabilities — if present for Concelier/Excititor, must include "merge": false.

Minimal ASP.NET 10 wiring (per service)

var builder = WebApplication.CreateBuilder(args);
// health checks; add real checks as needed
builder.Services.AddHealthChecks();
var app = builder.Build();

app.MapHealthChecks("/health/liveness", new() { Predicate = _ => false });
app.MapHealthChecks("/health/readiness");

app.MapGet("/version", () => Results.Json(new {
    service = "StellaOps.Policy", // override per service
    version = ThisAssembly.AssemblyInformationalVersion,
    commit = ThisAssembly.Git.Commit,
    buildTimestamp = ThisAssembly.Git.CommitDate.UtcDateTime,
    source = Environment.GetEnvironmentVariable("STELLA_CHANNEL") ?? "edge"
}));

app.UseHttpMetrics();
app.MapMetrics();

app.Run();
  • Ensure ThisAssembly.* source generators are enabled or substitute build vars.
  • Keep /health/liveness lightweight; /health/readiness should test critical dependencies (Mongo, Redis, message bus) with timeouts.
  • When adding /capabilities, explicitly emit merge = false for Concelier/Excititor.

CI verification

  • After publishing an image, run ops/devops/docker/verify_health_endpoints.sh <image> [port].
  • CI should fail if any required endpoint is missing or non-200.

Deployment

  • Helm/Compose should set readOnlyRootFilesystem: true and wire readiness/liveness probes to these paths/port.