stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
7b5bdcf4d3bee4e6f398d0226ba8cd3c2754e07a
git.stella-ops.org/deploy/telemetry/storage/README.md
master 7b5bdcf4d3 feat(docs): Add comprehensive documentation for Vexer, Vulnerability Explorer, and Zastava modules 
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes.
- Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes.
- Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables.
- Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
2025-10-30 00:09:39 +02:00

1.7 KiB
Raw Blame History

Telemetry Storage Stack

Configuration snippets for the default StellaOps observability backends used in staging and production environments. The stack comprises:

  • Prometheus for metrics (scraping the collector's Prometheus exporter)
  • Tempo for traces (OTLP ingest via mTLS)
  • Loki for logs (HTTP ingest with tenant isolation)

Files

Path Description
prometheus.yaml Scrape configuration for the collector (mTLS + bearer token placeholder).
tempo.yaml Tempo configuration with multitenancy enabled and local storage paths.
loki.yaml Loki configuration enabling per-tenant overrides and boltdb-shipper storage.
tenants/tempo-overrides.yaml Example tenant overrides for Tempo (retention, limits).
tenants/loki-overrides.yaml Example tenant overrides for Loki (rate limits, retention).
auth/ Placeholder directory for Prometheus bearer token files (e.g., token).

These configurations are referenced by the Docker Compose overlay (deploy/compose/docker-compose.telemetry-storage.yaml) and the staging rollout documented in docs/modules/telemetry/operations/storage.md. Adjust paths, credentials, and overrides before running in connected environments. Place the Prometheus bearer token in auth/token when using the Compose overlay (the directory contains a .gitkeep placeholder and is gitignored by default).

Security

  • Both Tempo and Loki require mutual TLS.
  • Prometheus uses mTLS plus a bearer token that should be minted by Authority.
  • Update the overrides files to enforce per-tenant retention/ingestion limits.

For comprehensive deployment steps see docs/modules/telemetry/operations/storage.md.