stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
a50bbb38ef90988fb3b57553aa8bf12f186980d6
git.stella-ops.org/deploy/README.md
master a50bbb38ef devops folders consolidate
2026-01-25 23:27:41 +02:00

6.4 KiB
Raw Blame History

Deploy

Deployment infrastructure for StellaOps. Clean, consolidated deployment configurations.

Infrastructure Stack

Component Technology Version
Database PostgreSQL 18.1
Messaging/Cache Valkey 9.0.1
Object Storage RustFS latest
Transparency Log Rekor v2 (tiles)

Directory Structure

deploy/
├── compose/              # Docker Compose configurations
│   ├── docker-compose.stella-ops.yml      # Main stack
│   ├── docker-compose.telemetry.yml       # Observability (OTEL, Prometheus, Tempo, Loki)
│   ├── docker-compose.testing.yml         # CI/testing infrastructure
│   ├── docker-compose.compliance-*.yml    # Regional crypto overlays
│   ├── env/                               # Environment templates
│   └── scripts/                           # Compose lifecycle scripts
│
├── helm/                 # Kubernetes Helm charts
│   └── stellaops/                         # Main chart with env-specific values
│       ├── values-dev.yaml
│       ├── values-stage.yaml
│       ├── values-prod.yaml
│       └── values-airgap.yaml
│
├── docker/               # Container build infrastructure
│   ├── Dockerfile.hardened.template       # Multi-stage hardened template
│   ├── Dockerfile.console                 # Angular UI
│   ├── build-all.sh                       # Build matrix
│   └── services-matrix.env                # Service build args
│
├── database/             # PostgreSQL infrastructure
│   ├── migrations/                        # Schema migrations
│   ├── postgres/                          # CloudNativePG configs
│   ├── postgres-partitioning/             # Table partitioning
│   └── postgres-validation/               # RLS validation
│
├── scripts/              # Operational scripts
│   ├── bootstrap-trust.sh                 # TrustMonger initialization
│   ├── rotate-rekor-key.sh                # Key rotation
│   ├── test-local.sh                      # Local testing
│   └── lib/                               # Shared script libraries
│
├── offline/              # Air-gap deployment
│   ├── airgap/                            # Bundle creation tools
│   ├── kit/                               # Installation kit
│   └── templates/                         # Offline config templates
│
├── telemetry/            # Observability (consolidated)
│   ├── alerts/                            # Prometheus/Alertmanager rules
│   ├── dashboards/                        # Grafana dashboards
│   ├── collectors/                        # OTEL collector configs
│   └── storage/                           # Prometheus/Loki/Tempo configs
│
├── secrets/              # Secret management templates
│   └── *.example                          # Example secret structures
│
├── releases/             # Release manifests
│   └── *.yaml                             # Version pinning per channel
│
└── tools/                # Curated operational tools
    ├── ci/                                # Build/CI tools (nuget-prime, determinism)
    ├── feeds/                             # Feed management (concelier, vex)
    ├── security/                          # Security (attest, cosign, crypto)
    └── validation/                        # Validation scripts

Quick Start

Local Development (Docker Compose)

# Start full stack
docker compose -f deploy/compose/docker-compose.stella-ops.yml up -d

# Start with telemetry
docker compose -f deploy/compose/docker-compose.stella-ops.yml \
               -f deploy/compose/docker-compose.telemetry.yml up -d

# Regional compliance overlay (e.g., China SM2/SM3/SM4)
docker compose -f deploy/compose/docker-compose.stella-ops.yml \
               -f deploy/compose/docker-compose.compliance-china.yml up -d

Kubernetes (Helm)

# Install to dev environment
helm install stellaops deploy/helm/stellaops \
  -f deploy/helm/stellaops/values-dev.yaml \
  -n stellaops --create-namespace

# Install to production
helm install stellaops deploy/helm/stellaops \
  -f deploy/helm/stellaops/values-prod.yaml \
  -n stellaops --create-namespace

Air-Gapped Installation

# Create offline bundle
python deploy/offline/airgap/build_bootstrap_pack.py --version 2026.04

# Import on air-gapped system
deploy/offline/airgap/import-bundle.sh stellaops-2026.04-bundle.tar.gz

Compose Profiles

File Purpose Services
stella-ops.yml Main stack PostgreSQL, Valkey, RustFS, Rekor, all StellaOps services
telemetry.yml Observability OTEL Collector, Prometheus, Tempo, Loki
testing.yml CI/Testing postgres-test, valkey-test, mock-registry
compliance-china.yml China crypto SM2/SM3/SM4 overlays
compliance-russia.yml Russia crypto GOST R 34.10 overlays
compliance-eu.yml EU crypto eIDAS overlays
dev.yml Development Minimal stack with hot-reload

Connection Strings

# PostgreSQL
Host=stellaops-postgres;Port=5432;Database=stellaops;Username=stellaops;Password=<secret>

# Valkey
stellaops-valkey:6379

# RustFS (S3-compatible)
http://stellaops-rustfs:8080

Migration from devops/

This deploy/ directory is the consolidated replacement for the scattered devops/ directory. Content has been reorganized:

Old Location New Location
devops/compose/ deploy/compose/
devops/helm/ deploy/helm/
devops/docker/ deploy/docker/
devops/database/ deploy/database/
devops/scripts/ deploy/scripts/
devops/offline/ deploy/offline/
devops/observability/ + devops/telemetry/ deploy/telemetry/
devops/secrets/ deploy/secrets/
devops/releases/ deploy/releases/

The following devops/ content was archived or removed:

  • devops/services/ - Scattered service configs (use compose overlays or helm values)
  • devops/tools/ - Move operational tools to tools/ at repo root
  • devops/artifacts/ - CI artifacts (transient, should not be committed)
  • devops/.nuget/ - Package cache (restore during build)
  • devops/docs/ - Move to docs/operations/
  • devops/gitlab/ - Legacy CI templates (repo uses Gitea)