master
791e12baab
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Created SignerEndpointsTests to validate the SignDsse and VerifyReferrers endpoints. - Implemented StubBearerAuthenticationDefaults and StubBearerAuthenticationHandler for token-based authentication. - Developed ConcelierExporterClient for managing Trivy DB settings and export operations. - Added TrivyDbSettingsPageComponent for UI interactions with Trivy DB settings, including form handling and export triggering. - Implemented styles and HTML structure for Trivy DB settings page. - Created NotifySmokeCheck tool for validating Redis event streams and Notify deliveries.
200 lines
7.6 KiB
YAML
200 lines
7.6 KiB
YAML
global:
|
|
profile: airgap
|
|
release:
|
|
version: "2025.09.2-airgap"
|
|
channel: airgap
|
|
manifestSha256: "b787b833dddd73960c31338279daa0b0a0dce2ef32bd32ef1aaf953d66135f94"
|
|
image:
|
|
pullPolicy: IfNotPresent
|
|
labels:
|
|
stellaops.io/channel: airgap
|
|
|
|
configMaps:
|
|
notify-config:
|
|
data:
|
|
notify.yaml: |
|
|
storage:
|
|
driver: mongo
|
|
connectionString: "mongodb://notify-mongo.prod.svc.cluster.local:27017"
|
|
database: "stellaops_notify"
|
|
commandTimeoutSeconds: 60
|
|
|
|
authority:
|
|
enabled: true
|
|
issuer: "https://authority.stella-ops.org"
|
|
metadataAddress: "https://authority.stella-ops.org/.well-known/openid-configuration"
|
|
requireHttpsMetadata: true
|
|
allowAnonymousFallback: false
|
|
backchannelTimeoutSeconds: 30
|
|
tokenClockSkewSeconds: 60
|
|
audiences:
|
|
- notify
|
|
readScope: notify.read
|
|
adminScope: notify.admin
|
|
|
|
api:
|
|
basePath: "/api/v1/notify"
|
|
internalBasePath: "/internal/notify"
|
|
tenantHeader: "X-StellaOps-Tenant"
|
|
|
|
plugins:
|
|
baseDirectory: "/var/opt/stellaops"
|
|
directory: "plugins/notify"
|
|
searchPatterns:
|
|
- "StellaOps.Notify.Connectors.*.dll"
|
|
orderedPlugins:
|
|
- StellaOps.Notify.Connectors.Slack
|
|
- StellaOps.Notify.Connectors.Teams
|
|
- StellaOps.Notify.Connectors.Email
|
|
- StellaOps.Notify.Connectors.Webhook
|
|
|
|
telemetry:
|
|
enableRequestLogging: true
|
|
minimumLogLevel: Warning
|
|
services:
|
|
authority:
|
|
image: registry.stella-ops.org/stellaops/authority@sha256:5551a3269b7008cd5aceecf45df018c67459ed519557ccbe48b093b926a39bcc
|
|
service:
|
|
port: 8440
|
|
env:
|
|
STELLAOPS_AUTHORITY__ISSUER: "https://stellaops-authority:8440"
|
|
STELLAOPS_AUTHORITY__MONGO__CONNECTIONSTRING: "mongodb://stellaops-airgap:stellaops-airgap@stellaops-mongo:27017"
|
|
STELLAOPS_AUTHORITY__ALLOWANONYMOUSFALLBACK: "false"
|
|
signer:
|
|
image: registry.stella-ops.org/stellaops/signer@sha256:ddbbd664a42846cea6b40fca6465bc679b30f72851158f300d01a8571c5478fc
|
|
service:
|
|
port: 8441
|
|
env:
|
|
SIGNER__AUTHORITY__BASEURL: "https://stellaops-authority:8440"
|
|
SIGNER__POE__INTROSPECTURL: "file:///offline/poe/introspect.json"
|
|
SIGNER__STORAGE__MONGO__CONNECTIONSTRING: "mongodb://stellaops-airgap:stellaops-airgap@stellaops-mongo:27017"
|
|
attestor:
|
|
image: registry.stella-ops.org/stellaops/attestor@sha256:1ff0a3124d66d3a2702d8e421df40fbd98cc75cb605d95510598ebbae1433c50
|
|
service:
|
|
port: 8442
|
|
env:
|
|
ATTESTOR__SIGNER__BASEURL: "https://stellaops-signer:8441"
|
|
ATTESTOR__MONGO__CONNECTIONSTRING: "mongodb://stellaops-airgap:stellaops-airgap@stellaops-mongo:27017"
|
|
concelier:
|
|
image: registry.stella-ops.org/stellaops/concelier@sha256:29e2e1a0972707e092cbd3d370701341f9fec2aa9316fb5d8100480f2a1c76b5
|
|
service:
|
|
port: 8445
|
|
env:
|
|
CONCELIER__STORAGE__MONGO__CONNECTIONSTRING: "mongodb://stellaops-airgap:stellaops-airgap@stellaops-mongo:27017"
|
|
CONCELIER__STORAGE__S3__ENDPOINT: "http://stellaops-minio:9000"
|
|
CONCELIER__STORAGE__S3__ACCESSKEYID: "stellaops-airgap"
|
|
CONCELIER__STORAGE__S3__SECRETACCESSKEY: "airgap-minio-secret"
|
|
CONCELIER__AUTHORITY__BASEURL: "https://stellaops-authority:8440"
|
|
CONCELIER__AUTHORITY__RESILIENCE__ALLOWOFFLINECACHEFALLBACK: "true"
|
|
CONCELIER__AUTHORITY__RESILIENCE__OFFLINECACHETOLERANCE: "00:45:00"
|
|
volumeMounts:
|
|
- name: concelier-jobs
|
|
mountPath: /var/lib/concelier/jobs
|
|
volumeClaims:
|
|
- name: concelier-jobs
|
|
claimName: stellaops-concelier-jobs
|
|
scanner-web:
|
|
image: registry.stella-ops.org/stellaops/scanner-web@sha256:3df8ca21878126758203c1a0444e39fd97f77ddacf04a69685cda9f1e5e94718
|
|
service:
|
|
port: 8444
|
|
env:
|
|
SCANNER__STORAGE__MONGO__CONNECTIONSTRING: "mongodb://stellaops-airgap:stellaops-airgap@stellaops-mongo:27017"
|
|
SCANNER__STORAGE__S3__ENDPOINT: "http://stellaops-minio:9000"
|
|
SCANNER__STORAGE__S3__ACCESSKEYID: "stellaops-airgap"
|
|
SCANNER__STORAGE__S3__SECRETACCESSKEY: "airgap-minio-secret"
|
|
SCANNER__QUEUE__BROKER: "nats://stellaops-nats:4222"
|
|
SCANNER__EVENTS__ENABLED: "false"
|
|
SCANNER__EVENTS__DRIVER: "redis"
|
|
SCANNER__EVENTS__DSN: ""
|
|
SCANNER__EVENTS__STREAM: "stella.events"
|
|
SCANNER__EVENTS__PUBLISHTIMEOUTSECONDS: "5"
|
|
SCANNER__EVENTS__MAXSTREAMLENGTH: "10000"
|
|
scanner-worker:
|
|
image: registry.stella-ops.org/stellaops/scanner-worker@sha256:eea5d6cfe7835950c5ec7a735a651f2f0d727d3e470cf9027a4a402ea89c4fb5
|
|
env:
|
|
SCANNER__STORAGE__MONGO__CONNECTIONSTRING: "mongodb://stellaops-airgap:stellaops-airgap@stellaops-mongo:27017"
|
|
SCANNER__STORAGE__S3__ENDPOINT: "http://stellaops-minio:9000"
|
|
SCANNER__STORAGE__S3__ACCESSKEYID: "stellaops-airgap"
|
|
SCANNER__STORAGE__S3__SECRETACCESSKEY: "airgap-minio-secret"
|
|
SCANNER__QUEUE__BROKER: "nats://stellaops-nats:4222"
|
|
SCANNER__EVENTS__ENABLED: "false"
|
|
SCANNER__EVENTS__DRIVER: "redis"
|
|
SCANNER__EVENTS__DSN: ""
|
|
SCANNER__EVENTS__STREAM: "stella.events"
|
|
SCANNER__EVENTS__PUBLISHTIMEOUTSECONDS: "5"
|
|
SCANNER__EVENTS__MAXSTREAMLENGTH: "10000"
|
|
notify-web:
|
|
image: registry.stella-ops.org/stellaops/notify-web:2025.09.2
|
|
service:
|
|
port: 8446
|
|
env:
|
|
DOTNET_ENVIRONMENT: Production
|
|
configMounts:
|
|
- name: notify-config
|
|
mountPath: /app/etc/notify.yaml
|
|
subPath: notify.yaml
|
|
configMap: notify-config
|
|
excititor:
|
|
image: registry.stella-ops.org/stellaops/excititor@sha256:65c0ee13f773efe920d7181512349a09d363ab3f3e177d276136bd2742325a68
|
|
env:
|
|
EXCITITOR__CONCELIER__BASEURL: "https://stellaops-concelier:8445"
|
|
EXCITITOR__STORAGE__MONGO__CONNECTIONSTRING: "mongodb://stellaops-airgap:stellaops-airgap@stellaops-mongo:27017"
|
|
web-ui:
|
|
image: registry.stella-ops.org/stellaops/web-ui@sha256:bee9668011ff414572131dc777faab4da24473fe12c230893f161cabee092a1d
|
|
service:
|
|
port: 9443
|
|
targetPort: 8443
|
|
env:
|
|
STELLAOPS_UI__BACKEND__BASEURL: "https://stellaops-scanner-web:8444"
|
|
mongo:
|
|
class: infrastructure
|
|
image: docker.io/library/mongo@sha256:c258b26dbb7774f97f52aff52231ca5f228273a84329c5f5e451c3739457db49
|
|
service:
|
|
port: 27017
|
|
command:
|
|
- mongod
|
|
- --bind_ip_all
|
|
env:
|
|
MONGO_INITDB_ROOT_USERNAME: stellaops-airgap
|
|
MONGO_INITDB_ROOT_PASSWORD: stellaops-airgap
|
|
volumeMounts:
|
|
- name: mongo-data
|
|
mountPath: /data/db
|
|
volumeClaims:
|
|
- name: mongo-data
|
|
claimName: stellaops-mongo-data
|
|
minio:
|
|
class: infrastructure
|
|
image: docker.io/minio/minio@sha256:14cea493d9a34af32f524e538b8346cf79f3321eff8e708c1e2960462bd8936e
|
|
service:
|
|
port: 9000
|
|
command:
|
|
- server
|
|
- /data
|
|
- --console-address
|
|
- :9001
|
|
env:
|
|
MINIO_ROOT_USER: stellaops-airgap
|
|
MINIO_ROOT_PASSWORD: airgap-minio-secret
|
|
volumeMounts:
|
|
- name: minio-data
|
|
mountPath: /data
|
|
volumeClaims:
|
|
- name: minio-data
|
|
claimName: stellaops-minio-data
|
|
nats:
|
|
class: infrastructure
|
|
image: docker.io/library/nats@sha256:c82559e4476289481a8a5196e675ebfe67eea81d95e5161e3e78eccfe766608e
|
|
service:
|
|
port: 4222
|
|
command:
|
|
- -js
|
|
- -sd
|
|
- /data
|
|
volumeMounts:
|
|
- name: nats-data
|
|
mountPath: /data
|
|
volumeClaims:
|
|
- name: nats-data
|
|
claimName: stellaops-nats-data
|