stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
96d52884e86650452c9c998d343469ea00fafdce
git.stella-ops.org/deploy/telemetry/storage/README.md
master 96d52884e8
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Add Policy DSL Validator, Schema Exporter, and Simulation Smoke tools 
- Implemented PolicyDslValidator with command-line options for strict mode and JSON output.
- Created PolicySchemaExporter to generate JSON schemas for policy-related models.
- Developed PolicySimulationSmoke tool to validate policy simulations against expected outcomes.
- Added project files and necessary dependencies for each tool.
- Ensured proper error handling and usage instructions across tools.
2025-10-27 08:00:11 +02:00

1.6 KiB
Raw Blame History

Telemetry Storage Stack

Configuration snippets for the default StellaOps observability backends used in staging and production environments. The stack comprises:

  • Prometheus for metrics (scraping the collector's Prometheus exporter)
  • Tempo for traces (OTLP ingest via mTLS)
  • Loki for logs (HTTP ingest with tenant isolation)

Files

Path Description
prometheus.yaml Scrape configuration for the collector (mTLS + bearer token placeholder).
tempo.yaml Tempo configuration with multitenancy enabled and local storage paths.
loki.yaml Loki configuration enabling per-tenant overrides and boltdb-shipper storage.
tenants/tempo-overrides.yaml Example tenant overrides for Tempo (retention, limits).
tenants/loki-overrides.yaml Example tenant overrides for Loki (rate limits, retention).
auth/ Placeholder directory for Prometheus bearer token files (e.g., token).

These configurations are referenced by the Docker Compose overlay (deploy/compose/docker-compose.telemetry-storage.yaml) and the staging rollout documented in docs/ops/telemetry-storage.md. Adjust paths, credentials, and overrides before running in connected environments. Place the Prometheus bearer token in auth/token when using the Compose overlay (the directory contains a .gitkeep placeholder and is gitignored by default).

Security

  • Both Tempo and Loki require mutual TLS.
  • Prometheus uses mTLS plus a bearer token that should be minted by Authority.
  • Update the overrides files to enforce per-tenant retention/ingestion limits.

For comprehensive deployment steps see docs/ops/telemetry-storage.md.