stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity
Files
9e5e958d42ecddbe3e5a321ea0c0d31d1088ce20
git.stella-ops.org/deploy/telemetry/storage/README.md
master 9e5e958d42
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Document completed tasks for KMS, Cryptography, and Plugin Libraries 
- Added detailed task completion records for KMS interface implementation and CLI support for file-based keys.
- Documented security enhancements including Argon2id password hashing, audit event contracts, and rate limiting configurations.
- Included scoped service support and integration updates for the Plugin platform, ensuring proper DI handling and testing coverage.
2025-10-31 14:33:05 +02:00

1.8 KiB
Raw Blame History

Telemetry Storage Stack

Configuration snippets for the default StellaOps observability backends used in staging and production environments. The stack comprises:

  • Prometheus for metrics (scraping the collector's Prometheus exporter)
  • Tempo for traces (OTLP ingest via mTLS)
  • Loki for logs (HTTP ingest with tenant isolation)

Files

Path Description
prometheus.yaml Scrape configuration for the collector (mTLS + bearer token placeholder).
tempo.yaml Tempo configuration with multitenancy enabled and local storage paths.
loki.yaml Loki configuration enabling per-tenant overrides and boltdb-shipper storage.
tenants/tempo-overrides.yaml Example tenant overrides for Tempo (retention, limits).
tenants/loki-overrides.yaml Example tenant overrides for Loki (rate limits, retention).
auth/ Placeholder directory for Prometheus bearer token files (e.g., token).

These configurations are referenced by the Docker Compose overlay (deploy/compose/docker-compose.telemetry-storage.yaml) and the staging rollout documented in docs/modules/telemetry/operations/storage.md. Adjust paths, credentials, and overrides before running in connected environments. Place the Prometheus bearer token in auth/token when using the Compose overlay (the directory contains a .gitkeep placeholder and is gitignored by default).

Run python ops/devops/telemetry/validate_storage_stack.py after editing any of these files to ensure TLS, multitenancy, and override references remain intact.

Security

  • Both Tempo and Loki require mutual TLS.
  • Prometheus uses mTLS plus a bearer token that should be minted by Authority.
  • Update the overrides files to enforce per-tenant retention/ingestion limits.

For comprehensive deployment steps see docs/modules/telemetry/operations/storage.md.