stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
96d52884e86650452c9c998d343469ea00fafdce
git.stella-ops.org/deploy/helm/stellaops/values-mirror.yaml

283 lines
11 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

global:
profile: mirror-managed
release:
version: "2025.10.0-edge"
channel: edge
manifestSha256: "822f82987529ea38d2321dbdd2ef6874a4062a117116a20861c26a8df1807beb"
image:
pullPolicy: IfNotPresent
labels:
stellaops.io/channel: edge
configMaps:
mirror-gateway:
data:
mirror.conf: |
proxy_cache_path /var/cache/nginx/mirror levels=1:2 keys_zone=mirror_cache:100m max_size=10g inactive=12h use_temp_path=off;
map $request_uri $mirror_cache_key {
default $scheme$request_method$host$request_uri;
}
upstream concelier_backend {
server stellaops-concelier:8445;
keepalive 32;
}
upstream excititor_backend {
server stellaops-excititor:8448;
keepalive 32;
}
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name mirror-primary.stella-ops.org;
ssl_certificate /etc/nginx/tls/mirror-primary.crt;
ssl_certificate_key /etc/nginx/tls/mirror-primary.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
auth_basic "StellaOps Mirror primary";
auth_basic_user_file /etc/nginx/secrets/mirror-primary.htpasswd;
include /etc/nginx/conf.d/mirror-locations.conf;
}
server {
listen 443 ssl http2;
server_name mirror-community.stella-ops.org;
ssl_certificate /etc/nginx/tls/mirror-community.crt;
ssl_certificate_key /etc/nginx/tls/mirror-community.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
auth_basic "StellaOps Mirror community";
auth_basic_user_file /etc/nginx/secrets/mirror-community.htpasswd;
include /etc/nginx/conf.d/mirror-locations.conf;
}
mirror-locations.conf: |
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
add_header X-Cache-Status $upstream_cache_status always;
location = /healthz {
default_type application/json;
return 200 '{"status":"ok"}';
}
location /concelier/exports/ {
proxy_pass http://concelier_backend/concelier/exports/;
proxy_cache mirror_cache;
proxy_cache_key $mirror_cache_key;
proxy_cache_valid 200 5m;
proxy_cache_valid 404 1m;
add_header Cache-Control "public, max-age=300, immutable" always;
}
location /concelier/ {
proxy_pass http://concelier_backend/concelier/;
proxy_cache off;
}
location /excititor/mirror/ {
proxy_pass http://excititor_backend/excititor/mirror/;
proxy_cache mirror_cache;
proxy_cache_key $mirror_cache_key;
proxy_cache_valid 200 5m;
proxy_cache_valid 404 1m;
add_header Cache-Control "public, max-age=300, immutable" always;
}
location /excititor/ {
proxy_pass http://excititor_backend/excititor/;
proxy_cache off;
}
location / {
return 404;
}
services:
concelier:
image: registry.stella-ops.org/stellaops/concelier@sha256:dafef3954eb4b837e2c424dd2d23e1e4d60fa83794840fac9cd3dea1d43bd085
service:
port: 8445
env:
ASPNETCORE_URLS: "http://+:8445"
CONCELIER__STORAGE__MONGO__CONNECTIONSTRING: "mongodb://stellaops_mirror:mirror-password@stellaops-mongo:27017/concelier?authSource=admin"
CONCELIER__STORAGE__S3__ENDPOINT: "http://stellaops-minio:9000"
CONCELIER__STORAGE__S3__ACCESSKEYID: "stellaops-mirror"
CONCELIER__STORAGE__S3__SECRETACCESSKEY: "mirror-minio-secret"
CONCELIER__TELEMETRY__SERVICENAME: "stellaops-concelier-mirror"
CONCELIER__MIRROR__ENABLED: "true"
CONCELIER__MIRROR__EXPORTROOT: "/exports/json"
CONCELIER__MIRROR__LATESTDIRECTORYNAME: "latest"
CONCELIER__MIRROR__MIRRORDIRECTORYNAME: "mirror"
CONCELIER__MIRROR__REQUIREAUTHENTICATION: "true"
CONCELIER__MIRROR__MAXINDEXREQUESTSPERHOUR: "600"
CONCELIER__MIRROR__DOMAINS__0__ID: "primary"
CONCELIER__MIRROR__DOMAINS__0__DISPLAYNAME: "Primary Mirror"
CONCELIER__MIRROR__DOMAINS__0__REQUIREAUTHENTICATION: "true"
CONCELIER__MIRROR__DOMAINS__0__MAXDOWNLOADREQUESTSPERHOUR: "3600"
CONCELIER__MIRROR__DOMAINS__1__ID: "community"
CONCELIER__MIRROR__DOMAINS__1__DISPLAYNAME: "Community Mirror"
CONCELIER__MIRROR__DOMAINS__1__REQUIREAUTHENTICATION: "false"
CONCELIER__MIRROR__DOMAINS__1__MAXDOWNLOADREQUESTSPERHOUR: "1800"
CONCELIER__AUTHORITY__ENABLED: "true"
CONCELIER__AUTHORITY__ALLOWANONYMOUSFALLBACK: "false"
CONCELIER__AUTHORITY__ISSUER: "https://authority.stella-ops.org"
CONCELIER__AUTHORITY__METADATAADDRESS: ""
CONCELIER__AUTHORITY__CLIENTID: "stellaops-concelier-mirror"
CONCELIER__AUTHORITY__CLIENTSECRETFILE: "/run/secrets/concelier-authority-client"
CONCELIER__AUTHORITY__CLIENTSCOPES__0: "concelier.mirror.read"
CONCELIER__AUTHORITY__AUDIENCES__0: "api://concelier.mirror"
CONCELIER__AUTHORITY__BYPASSNETWORKS__0: "10.0.0.0/8"
CONCELIER__AUTHORITY__BYPASSNETWORKS__1: "127.0.0.1/32"
CONCELIER__AUTHORITY__BYPASSNETWORKS__2: "::1/128"
CONCELIER__AUTHORITY__RESILIENCE__ENABLERETRIES: "true"
CONCELIER__AUTHORITY__RESILIENCE__RETRYDELAYS__0: "00:00:01"
CONCELIER__AUTHORITY__RESILIENCE__RETRYDELAYS__1: "00:00:02"
CONCELIER__AUTHORITY__RESILIENCE__RETRYDELAYS__2: "00:00:05"
CONCELIER__AUTHORITY__RESILIENCE__ALLOWOFFLINECACHEFALLBACK: "true"
CONCELIER__AUTHORITY__RESILIENCE__OFFLINECACHETOLERANCE: "00:10:00"
volumeMounts:
- name: concelier-jobs
mountPath: /var/lib/concelier/jobs
- name: concelier-exports
mountPath: /exports/json
- name: concelier-secrets
mountPath: /run/secrets
readOnly: true
volumes:
- name: concelier-jobs
persistentVolumeClaim:
claimName: concelier-mirror-jobs
- name: concelier-exports
persistentVolumeClaim:
claimName: concelier-mirror-exports
- name: concelier-secrets
secret:
secretName: concelier-mirror-auth
excititor:
image: registry.stella-ops.org/stellaops/excititor@sha256:d9bd5cadf1eab427447ce3df7302c30ded837239771cc6433b9befb895054285
env:
ASPNETCORE_URLS: "http://+:8448"
EXCITITOR__STORAGE__MONGO__CONNECTIONSTRING: "mongodb://stellaops_mirror:mirror-password@stellaops-mongo:27017/excititor?authSource=admin"
EXCITITOR__STORAGE__MONGO__DATABASENAME: "excititor"
EXCITITOR__ARTIFACTS__FILESYSTEM__ROOT: "/exports"
EXCITITOR__ARTIFACTS__FILESYSTEM__OVERWRITEEXISTING: "false"
EXCITITOR__MIRROR__DOMAINS__0__ID: "primary"
EXCITITOR__MIRROR__DOMAINS__0__DISPLAYNAME: "Primary Mirror"
EXCITITOR__MIRROR__DOMAINS__0__REQUIREAUTHENTICATION: "true"
EXCITITOR__MIRROR__DOMAINS__0__MAXINDEXREQUESTSPERHOUR: "300"
EXCITITOR__MIRROR__DOMAINS__0__MAXDOWNLOADREQUESTSPERHOUR: "2400"
EXCITITOR__MIRROR__DOMAINS__0__EXPORTS__0__KEY: "consensus-json"
EXCITITOR__MIRROR__DOMAINS__0__EXPORTS__0__FORMAT: "json"
EXCITITOR__MIRROR__DOMAINS__0__EXPORTS__0__VIEW: "consensus"
EXCITITOR__MIRROR__DOMAINS__0__EXPORTS__1__KEY: "consensus-openvex"
EXCITITOR__MIRROR__DOMAINS__0__EXPORTS__1__FORMAT: "openvex"
EXCITITOR__MIRROR__DOMAINS__0__EXPORTS__1__VIEW: "consensus"
EXCITITOR__MIRROR__DOMAINS__1__ID: "community"
EXCITITOR__MIRROR__DOMAINS__1__DISPLAYNAME: "Community Mirror"
EXCITITOR__MIRROR__DOMAINS__1__REQUIREAUTHENTICATION: "false"
EXCITITOR__MIRROR__DOMAINS__1__MAXINDEXREQUESTSPERHOUR: "120"
EXCITITOR__MIRROR__DOMAINS__1__MAXDOWNLOADREQUESTSPERHOUR: "600"
EXCITITOR__MIRROR__DOMAINS__1__EXPORTS__0__KEY: "community-consensus"
EXCITITOR__MIRROR__DOMAINS__1__EXPORTS__0__FORMAT: "json"
EXCITITOR__MIRROR__DOMAINS__1__EXPORTS__0__VIEW: "consensus"
volumeMounts:
- name: excititor-exports
mountPath: /exports
- name: excititor-secrets
mountPath: /run/secrets
readOnly: true
volumes:
- name: excititor-exports
persistentVolumeClaim:
claimName: excititor-mirror-exports
- name: excititor-secrets
secret:
secretName: excititor-mirror-auth
mongo:
class: infrastructure
image: docker.io/library/mongo@sha256:c258b26dbb7774f97f52aff52231ca5f228273a84329c5f5e451c3739457db49
service:
port: 27017
command:
- mongod
- --bind_ip_all
env:
MONGO_INITDB_ROOT_USERNAME: "stellaops_mirror"
MONGO_INITDB_ROOT_PASSWORD: "mirror-password"
volumeMounts:
- name: mongo-data
mountPath: /data/db
volumeClaims:
- name: mongo-data
claimName: mirror-mongo-data
minio:
class: infrastructure
image: docker.io/minio/minio@sha256:14cea493d9a34af32f524e538b8346cf79f3321eff8e708c1e2960462bd8936e
service:
port: 9000
command:
- server
- /data
- --console-address
- :9001
env:
MINIO_ROOT_USER: "stellaops-mirror"
MINIO_ROOT_PASSWORD: "mirror-minio-secret"
volumeMounts:
- name: minio-data
mountPath: /data
volumeClaims:
- name: minio-data
claimName: mirror-minio-data
mirror-gateway:
image: docker.io/library/nginx@sha256:208b70eefac13ee9be00e486f79c695b15cef861c680527171a27d253d834be9
service:
type: LoadBalancer
port: 443
portName: https
targetPort: 443
configMounts:
- name: mirror-gateway-conf
mountPath: /etc/nginx/conf.d
configMap: mirror-gateway
volumeMounts:
- name: mirror-gateway-tls
mountPath: /etc/nginx/tls
readOnly: true
- name: mirror-gateway-secrets
mountPath: /etc/nginx/secrets
readOnly: true
- name: mirror-cache
mountPath: /var/cache/nginx
volumes:
- name: mirror-gateway-tls
secret:
secretName: mirror-gateway-tls
- name: mirror-gateway-secrets
secret:
secretName: mirror-gateway-htpasswd
- name: mirror-cache
emptyDir: {}
Reference in New Issue View Git Blame Copy Permalink