stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
a50bbb38ef90988fb3b57553aa8bf12f186980d6
git.stella-ops.org/deploy/README.md
master a50bbb38ef devops folders consolidate
2026-01-25 23:27:41 +02:00

165 lines
6.4 KiB
Markdown
Raw Blame History

# Deploy
Deployment infrastructure for StellaOps. Clean, consolidated deployment configurations.
## Infrastructure Stack
| Component | Technology | Version |
|-----------|------------|---------|
| Database | PostgreSQL | 18.1 |
| Messaging/Cache | Valkey | 9.0.1 |
| Object Storage | RustFS | latest |
| Transparency Log | Rekor | v2 (tiles) |
## Directory Structure
```
deploy/
├── compose/ # Docker Compose configurations
│ ├── docker-compose.stella-ops.yml # Main stack
│ ├── docker-compose.telemetry.yml # Observability (OTEL, Prometheus, Tempo, Loki)
│ ├── docker-compose.testing.yml # CI/testing infrastructure
│ ├── docker-compose.compliance-*.yml # Regional crypto overlays
│ ├── env/ # Environment templates
│ └── scripts/ # Compose lifecycle scripts
├── helm/ # Kubernetes Helm charts
│ └── stellaops/ # Main chart with env-specific values
│ ├── values-dev.yaml
│ ├── values-stage.yaml
│ ├── values-prod.yaml
│ └── values-airgap.yaml
├── docker/ # Container build infrastructure
│ ├── Dockerfile.hardened.template # Multi-stage hardened template
│ ├── Dockerfile.console # Angular UI
│ ├── build-all.sh # Build matrix
│ └── services-matrix.env # Service build args
├── database/ # PostgreSQL infrastructure
│ ├── migrations/ # Schema migrations
│ ├── postgres/ # CloudNativePG configs
│ ├── postgres-partitioning/ # Table partitioning
│ └── postgres-validation/ # RLS validation
├── scripts/ # Operational scripts
│ ├── bootstrap-trust.sh # TrustMonger initialization
│ ├── rotate-rekor-key.sh # Key rotation
│ ├── test-local.sh # Local testing
│ └── lib/ # Shared script libraries
├── offline/ # Air-gap deployment
│ ├── airgap/ # Bundle creation tools
│ ├── kit/ # Installation kit
│ └── templates/ # Offline config templates
├── telemetry/ # Observability (consolidated)
│ ├── alerts/ # Prometheus/Alertmanager rules
│ ├── dashboards/ # Grafana dashboards
│ ├── collectors/ # OTEL collector configs
│ └── storage/ # Prometheus/Loki/Tempo configs
├── secrets/ # Secret management templates
│ └── *.example # Example secret structures
├── releases/ # Release manifests
│ └── *.yaml # Version pinning per channel
└── tools/ # Curated operational tools
├── ci/ # Build/CI tools (nuget-prime, determinism)
├── feeds/ # Feed management (concelier, vex)
├── security/ # Security (attest, cosign, crypto)
└── validation/ # Validation scripts
```
## Quick Start
### Local Development (Docker Compose)
```bash
# Start full stack
docker compose -f deploy/compose/docker-compose.stella-ops.yml up -d
# Start with telemetry
docker compose -f deploy/compose/docker-compose.stella-ops.yml \
-f deploy/compose/docker-compose.telemetry.yml up -d
# Regional compliance overlay (e.g., China SM2/SM3/SM4)
docker compose -f deploy/compose/docker-compose.stella-ops.yml \
-f deploy/compose/docker-compose.compliance-china.yml up -d
```
### Kubernetes (Helm)
```bash
# Install to dev environment
helm install stellaops deploy/helm/stellaops \
-f deploy/helm/stellaops/values-dev.yaml \
-n stellaops --create-namespace
# Install to production
helm install stellaops deploy/helm/stellaops \
-f deploy/helm/stellaops/values-prod.yaml \
-n stellaops --create-namespace
```
### Air-Gapped Installation
```bash
# Create offline bundle
python deploy/offline/airgap/build_bootstrap_pack.py --version 2026.04
# Import on air-gapped system
deploy/offline/airgap/import-bundle.sh stellaops-2026.04-bundle.tar.gz
```
## Compose Profiles
| File | Purpose | Services |
|------|---------|----------|
| `stella-ops.yml` | Main stack | PostgreSQL, Valkey, RustFS, Rekor, all StellaOps services |
| `telemetry.yml` | Observability | OTEL Collector, Prometheus, Tempo, Loki |
| `testing.yml` | CI/Testing | postgres-test, valkey-test, mock-registry |
| `compliance-china.yml` | China crypto | SM2/SM3/SM4 overlays |
| `compliance-russia.yml` | Russia crypto | GOST R 34.10 overlays |
| `compliance-eu.yml` | EU crypto | eIDAS overlays |
| `dev.yml` | Development | Minimal stack with hot-reload |
## Connection Strings
```bash
# PostgreSQL
Host=stellaops-postgres;Port=5432;Database=stellaops;Username=stellaops;Password=<secret>
# Valkey
stellaops-valkey:6379
# RustFS (S3-compatible)
http://stellaops-rustfs:8080
```
## Migration from devops/
This `deploy/` directory is the consolidated replacement for the scattered `devops/` directory.
Content has been reorganized:
| Old Location | New Location |
|--------------|--------------|
| `devops/compose/` | `deploy/compose/` |
| `devops/helm/` | `deploy/helm/` |
| `devops/docker/` | `deploy/docker/` |
| `devops/database/` | `deploy/database/` |
| `devops/scripts/` | `deploy/scripts/` |
| `devops/offline/` | `deploy/offline/` |
| `devops/observability/` + `devops/telemetry/` | `deploy/telemetry/` |
| `devops/secrets/` | `deploy/secrets/` |
| `devops/releases/` | `deploy/releases/` |
The following `devops/` content was archived or removed:
- `devops/services/` - Scattered service configs (use compose overlays or helm values)
- `devops/tools/` - Move operational tools to `tools/` at repo root
- `devops/artifacts/` - CI artifacts (transient, should not be committed)
- `devops/.nuget/` - Package cache (restore during build)
- `devops/docs/` - Move to `docs/operations/`
- `devops/gitlab/` - Legacy CI templates (repo uses Gitea)
Reference in New Issue View Git Blame Copy Permalink