master
daa6a4ae8c
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Build Test Deploy / build-test (push) Has been cancelled
Build Test Deploy / authority-container (push) Has been cancelled
Build Test Deploy / docs (push) Has been cancelled
Build Test Deploy / deploy (push) Has been cancelled
31 lines
1.5 KiB
Markdown
31 lines
1.5 KiB
Markdown
# Stella Ops Compose Profiles
|
||
|
||
These Compose bundles ship the minimum services required to exercise the scanner pipeline plus control-plane dependencies. Every profile is pinned to immutable image digests sourced from `deploy/releases/*.yaml` and is linted via `docker compose config` in CI.
|
||
|
||
## Layout
|
||
|
||
| Path | Purpose |
|
||
| ---- | ------- |
|
||
| `docker-compose.dev.yaml` | Edge/nightly stack tuned for laptops and iterative work. |
|
||
| `docker-compose.stage.yaml` | Stable channel stack mirroring pre-production clusters. |
|
||
| `docker-compose.airgap.yaml` | Stable stack with air-gapped defaults (no outbound hostnames). |
|
||
| `env/*.env.example` | Seed `.env` files that document required secrets and ports per profile. |
|
||
|
||
## Usage
|
||
|
||
```bash
|
||
cp env/dev.env.example dev.env
|
||
docker compose --env-file dev.env -f docker-compose.dev.yaml config
|
||
docker compose --env-file dev.env -f docker-compose.dev.yaml up -d
|
||
```
|
||
|
||
The stage and airgap variants behave the same way—swap the file names accordingly. All profiles expose 443/8443 for the UI and REST APIs, and they share a `stellaops` Docker network scoped to the compose project.
|
||
|
||
### Updating to a new release
|
||
|
||
1. Import the new manifest into `deploy/releases/` (see `deploy/README.md`).
|
||
2. Update image digests in the relevant Compose file(s).
|
||
3. Re-run `docker compose config` to confirm the bundle is deterministic.
|
||
|
||
Keep digests synchronized between Compose, Helm, and the release manifest to preserve reproducibility guarantees. `deploy/tools/validate-profiles.sh` performs a quick audit.
|