799f787de2
- Implemented PolicyDslValidator with command-line options for strict mode and JSON output. - Created PolicySchemaExporter to generate JSON schemas for policy-related models. - Developed PolicySimulationSmoke tool to validate policy simulations against expected outcomes. - Added project files and necessary dependencies for each tool. - Ensured proper error handling and usage instructions across tools.
222 lines
7.1 KiB
YAML
222 lines
7.1 KiB
YAML
global:
|
|
profile: prod
|
|
release:
|
|
version: "2025.09.2"
|
|
channel: stable
|
|
manifestSha256: "dc3c8fe1ab83941c838ccc5a8a5862f7ddfa38c2078e580b5649db26554565b7"
|
|
image:
|
|
pullPolicy: IfNotPresent
|
|
labels:
|
|
stellaops.io/channel: stable
|
|
stellaops.io/profile: prod
|
|
|
|
configMaps:
|
|
notify-config:
|
|
data:
|
|
notify.yaml: |
|
|
storage:
|
|
driver: mongo
|
|
connectionString: "mongodb://stellaops-mongo:27017"
|
|
database: "stellaops_notify_prod"
|
|
commandTimeoutSeconds: 45
|
|
|
|
authority:
|
|
enabled: true
|
|
issuer: "https://authority.prod.stella-ops.org"
|
|
metadataAddress: "https://authority.prod.stella-ops.org/.well-known/openid-configuration"
|
|
requireHttpsMetadata: true
|
|
allowAnonymousFallback: false
|
|
backchannelTimeoutSeconds: 30
|
|
tokenClockSkewSeconds: 60
|
|
audiences:
|
|
- notify
|
|
readScope: notify.read
|
|
adminScope: notify.admin
|
|
|
|
api:
|
|
basePath: "/api/v1/notify"
|
|
internalBasePath: "/internal/notify"
|
|
tenantHeader: "X-StellaOps-Tenant"
|
|
|
|
plugins:
|
|
baseDirectory: "/opt/stellaops"
|
|
directory: "plugins/notify"
|
|
searchPatterns:
|
|
- "StellaOps.Notify.Connectors.*.dll"
|
|
orderedPlugins:
|
|
- StellaOps.Notify.Connectors.Slack
|
|
- StellaOps.Notify.Connectors.Teams
|
|
- StellaOps.Notify.Connectors.Email
|
|
- StellaOps.Notify.Connectors.Webhook
|
|
|
|
telemetry:
|
|
enableRequestLogging: true
|
|
minimumLogLevel: Information
|
|
services:
|
|
authority:
|
|
image: registry.stella-ops.org/stellaops/authority@sha256:b0348bad1d0b401cc3c71cb40ba034c8043b6c8874546f90d4783c9dbfcc0bf5
|
|
service:
|
|
port: 8440
|
|
env:
|
|
STELLAOPS_AUTHORITY__ISSUER: "https://authority.prod.stella-ops.org"
|
|
STELLAOPS_AUTHORITY__PLUGINDIRECTORIES__0: "/app/plugins"
|
|
STELLAOPS_AUTHORITY__PLUGINS__CONFIGURATIONDIRECTORY: "/app/etc/authority.plugins"
|
|
envFrom:
|
|
- secretRef:
|
|
name: stellaops-prod-core
|
|
signer:
|
|
image: registry.stella-ops.org/stellaops/signer@sha256:8ad574e61f3a9e9bda8a58eb2700ae46813284e35a150b1137bc7c2b92ac0f2e
|
|
service:
|
|
port: 8441
|
|
env:
|
|
SIGNER__AUTHORITY__BASEURL: "https://stellaops-authority:8440"
|
|
SIGNER__POE__INTROSPECTURL: "https://licensing.prod.stella-ops.org/introspect"
|
|
envFrom:
|
|
- secretRef:
|
|
name: stellaops-prod-core
|
|
attestor:
|
|
image: registry.stella-ops.org/stellaops/attestor@sha256:0534985f978b0b5d220d73c96fddd962cd9135f616811cbe3bff4666c5af568f
|
|
service:
|
|
port: 8442
|
|
env:
|
|
ATTESTOR__SIGNER__BASEURL: "https://stellaops-signer:8441"
|
|
envFrom:
|
|
- secretRef:
|
|
name: stellaops-prod-core
|
|
concelier:
|
|
image: registry.stella-ops.org/stellaops/concelier@sha256:c58cdcaee1d266d68d498e41110a589dd204b487d37381096bd61ab345a867c5
|
|
service:
|
|
port: 8445
|
|
env:
|
|
CONCELIER__STORAGE__S3__ENDPOINT: "http://stellaops-minio:9000"
|
|
CONCELIER__AUTHORITY__BASEURL: "https://stellaops-authority:8440"
|
|
envFrom:
|
|
- secretRef:
|
|
name: stellaops-prod-core
|
|
volumeMounts:
|
|
- name: concelier-jobs
|
|
mountPath: /var/lib/concelier/jobs
|
|
volumeClaims:
|
|
- name: concelier-jobs
|
|
claimName: stellaops-concelier-jobs
|
|
scanner-web:
|
|
image: registry.stella-ops.org/stellaops/scanner-web@sha256:14b23448c3f9586a9156370b3e8c1991b61907efa666ca37dd3aaed1e79fe3b7
|
|
service:
|
|
port: 8444
|
|
env:
|
|
SCANNER__ARTIFACTSTORE__DRIVER: "rustfs"
|
|
SCANNER__ARTIFACTSTORE__ENDPOINT: "http://stellaops-rustfs:8080/api/v1"
|
|
SCANNER__ARTIFACTSTORE__BUCKET: "scanner-artifacts"
|
|
SCANNER__ARTIFACTSTORE__TIMEOUTSECONDS: "30"
|
|
SCANNER__QUEUE__BROKER: "nats://stellaops-nats:4222"
|
|
SCANNER__EVENTS__ENABLED: "true"
|
|
SCANNER__EVENTS__DRIVER: "redis"
|
|
SCANNER__EVENTS__DSN: ""
|
|
SCANNER__EVENTS__STREAM: "stella.events"
|
|
SCANNER__EVENTS__PUBLISHTIMEOUTSECONDS: "5"
|
|
SCANNER__EVENTS__MAXSTREAMLENGTH: "10000"
|
|
envFrom:
|
|
- secretRef:
|
|
name: stellaops-prod-core
|
|
scanner-worker:
|
|
image: registry.stella-ops.org/stellaops/scanner-worker@sha256:32e25e76386eb9ea8bee0a1ad546775db9a2df989fab61ac877e351881960dab
|
|
replicas: 3
|
|
env:
|
|
SCANNER__ARTIFACTSTORE__DRIVER: "rustfs"
|
|
SCANNER__ARTIFACTSTORE__ENDPOINT: "http://stellaops-rustfs:8080/api/v1"
|
|
SCANNER__ARTIFACTSTORE__BUCKET: "scanner-artifacts"
|
|
SCANNER__ARTIFACTSTORE__TIMEOUTSECONDS: "30"
|
|
SCANNER__QUEUE__BROKER: "nats://stellaops-nats:4222"
|
|
SCANNER__EVENTS__ENABLED: "true"
|
|
SCANNER__EVENTS__DRIVER: "redis"
|
|
SCANNER__EVENTS__DSN: ""
|
|
SCANNER__EVENTS__STREAM: "stella.events"
|
|
SCANNER__EVENTS__PUBLISHTIMEOUTSECONDS: "5"
|
|
SCANNER__EVENTS__MAXSTREAMLENGTH: "10000"
|
|
envFrom:
|
|
- secretRef:
|
|
name: stellaops-prod-core
|
|
notify-web:
|
|
image: registry.stella-ops.org/stellaops/notify-web:2025.09.2
|
|
service:
|
|
port: 8446
|
|
env:
|
|
DOTNET_ENVIRONMENT: Production
|
|
envFrom:
|
|
- secretRef:
|
|
name: stellaops-prod-notify
|
|
configMounts:
|
|
- name: notify-config
|
|
mountPath: /app/etc/notify.yaml
|
|
subPath: notify.yaml
|
|
configMap: notify-config
|
|
excititor:
|
|
image: registry.stella-ops.org/stellaops/excititor@sha256:59022e2016aebcef5c856d163ae705755d3f81949d41195256e935ef40a627fa
|
|
env:
|
|
EXCITITOR__CONCELIER__BASEURL: "https://stellaops-concelier:8445"
|
|
envFrom:
|
|
- secretRef:
|
|
name: stellaops-prod-core
|
|
web-ui:
|
|
image: registry.stella-ops.org/stellaops/web-ui@sha256:10d924808c48e4353e3a241da62eb7aefe727a1d6dc830eb23a8e181013b3a23
|
|
service:
|
|
port: 8443
|
|
env:
|
|
STELLAOPS_UI__BACKEND__BASEURL: "https://stellaops-scanner-web:8444"
|
|
mongo:
|
|
class: infrastructure
|
|
image: docker.io/library/mongo@sha256:c258b26dbb7774f97f52aff52231ca5f228273a84329c5f5e451c3739457db49
|
|
service:
|
|
port: 27017
|
|
command:
|
|
- mongod
|
|
- --bind_ip_all
|
|
envFrom:
|
|
- secretRef:
|
|
name: stellaops-prod-mongo
|
|
volumeMounts:
|
|
- name: mongo-data
|
|
mountPath: /data/db
|
|
volumeClaims:
|
|
- name: mongo-data
|
|
claimName: stellaops-mongo-data
|
|
minio:
|
|
class: infrastructure
|
|
image: docker.io/minio/minio@sha256:14cea493d9a34af32f524e538b8346cf79f3321eff8e708c1e2960462bd8936e
|
|
service:
|
|
port: 9000
|
|
command:
|
|
- server
|
|
- /data
|
|
- --console-address
|
|
- :9001
|
|
envFrom:
|
|
- secretRef:
|
|
name: stellaops-prod-minio
|
|
volumeMounts:
|
|
- name: minio-data
|
|
mountPath: /data
|
|
volumeClaims:
|
|
- name: minio-data
|
|
claimName: stellaops-minio-data
|
|
rustfs:
|
|
class: infrastructure
|
|
image: registry.stella-ops.org/stellaops/rustfs:2025.10.0-edge
|
|
service:
|
|
port: 8080
|
|
command:
|
|
- serve
|
|
- --listen
|
|
- 0.0.0.0:8080
|
|
- --root
|
|
- /data
|
|
env:
|
|
RUSTFS__LOG__LEVEL: info
|
|
RUSTFS__STORAGE__PATH: /data
|
|
volumeMounts:
|
|
- name: rustfs-data
|
|
mountPath: /data
|
|
volumeClaims:
|
|
- name: rustfs-data
|
|
claimName: stellaops-rustfs-data
|