stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
de6f3f0c33c5a9c5ca060681b4a6500c57fce896
git.stella-ops.org/devops/compose/docker-compose.stella-infra.yml
master b3198a66c7 refactor(compose): split monolith into stella-infra + stella-services 
- Extract infrastructure (postgres, valkey, rustfs, zot, rekor) to docker-compose.stella-infra.yml
- Move application services to docker-compose.stella-services.yml
- Convert scalar YAML anchors to .env variables for cross-file compatibility
- Duplicate structural anchors locally in services file
- Remove cross-file depends_on (services already have connection retry)
- Legacy monolith retained for backwards compatibility

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-08 13:11:47 +03:00

189 lines
5.2 KiB
YAML
Raw Blame History

# =============================================================================
# STELLA OPS - INFRASTRUCTURE SERVICES
# =============================================================================
# PostgreSQL, Valkey, SeaweedFS (S3-compatible), Zot (OCI registry), Rekor v2.
#
# This file provides the shared infrastructure layer. Application services
# are defined in docker-compose.stella-services.yml and connect via the
# "stellaops" network created here.
#
# Usage (infra only):
# docker compose -f docker-compose.stella-infra.yml up -d
#
# Usage (full stack):
# docker compose \
# -f docker-compose.stella-infra.yml \
# -f docker-compose.stella-services.yml up -d
#
# With overlays (e.g., telemetry, compliance):
# docker compose \
# -f docker-compose.stella-infra.yml \
# -f docker-compose.stella-services.yml \
# -f docker-compose.telemetry.yml up -d
#
# =============================================================================
x-release-labels: &release-labels
com.stellaops.release.version: "2025.10.0"
com.stellaops.release.channel: "stable"
com.stellaops.profile: "default"
networks:
stellaops:
driver: bridge
name: stellaops
frontdoor:
external: true
name: ${FRONTDOOR_NETWORK:-stellaops_frontdoor}
volumes:
postgres-data:
valkey-data:
rustfs-data:
rekor-tiles-data:
registry-data:
services:
# ===========================================================================
# INFRASTRUCTURE SERVICES
# ===========================================================================
postgres:
image: docker.io/library/postgres:18.1
container_name: stellaops-postgres
restart: unless-stopped
environment:
POSTGRES_USER: "${POSTGRES_USER:-stellaops}"
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD:-stellaops}"
POSTGRES_DB: "${POSTGRES_DB:-stellaops_platform}"
PGDATA: /var/lib/postgresql/data/pgdata
volumes:
- postgres-data:/var/lib/postgresql/data
- ./postgres-init:/docker-entrypoint-initdb.d:ro
ports:
- "127.1.1.1:${POSTGRES_PORT:-5432}:5432"
networks:
stellaops:
aliases:
- db.stella-ops.local
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-stellaops} -d ${POSTGRES_DB:-stellaops_platform}"]
interval: 10s
timeout: 5s
retries: 5
start_period: 10s
labels: *release-labels
valkey:
image: docker.io/valkey/valkey:9.0.1
container_name: stellaops-valkey
restart: unless-stopped
command: ["valkey-server", "--appendonly", "yes"]
volumes:
- valkey-data:/data
ports:
- "127.1.1.2:${VALKEY_PORT:-6379}:6379"
networks:
stellaops:
aliases:
- cache.stella-ops.local
healthcheck:
test: ["CMD", "valkey-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
labels: *release-labels
rustfs:
image: chrislusf/seaweedfs:latest
container_name: stellaops-rustfs
command: ["server", "-s3", "-s3.port=8333", "-volume.port=8080", "-dir=/data"]
restart: unless-stopped
volumes:
- rustfs-data:/data
ports:
- "127.1.1.3:${RUSTFS_HTTP_PORT:-8333}:8333"
networks:
stellaops:
aliases:
- s3.stella-ops.local
healthcheck:
test: ["CMD-SHELL", "wget -q --spider http://127.0.0.1:8333/status || exit 1"]
interval: 30s
timeout: 10s
retries: 3
labels: *release-labels
registry:
image: ghcr.io/project-zot/zot-linux-amd64:v2.1.3
container_name: stellaops-registry
restart: unless-stopped
volumes:
- registry-data:/var/lib/registry
- ./zot-config.json:/etc/zot/config.json:ro
ports:
- "127.1.1.5:80:5000"
networks:
stellaops:
aliases:
- registry.stella-ops.local
healthcheck:
disable: true
labels: *release-labels
rekor-v2:
image: ${REKOR_TILES_IMAGE:-ghcr.io/sigstore/rekor-tiles:latest}
container_name: stellaops-rekor
restart: on-failure:5
command:
- rekor-server
- serve
- --http-address
- 0.0.0.0
- --http-port
- "3322"
- --grpc-address
- 0.0.0.0
- --grpc-port
- "3323"
- --signer-filepath
- /etc/rekor/signer.pem
- --gcp-bucket
- ${REKOR_GCP_BUCKET:-stellaops-rekor-dev}
- --gcp-spanner
- ${REKOR_GCP_SPANNER:-projects/stellaops-dev/instances/rekor/databases/rekor}
volumes:
- rekor-tiles-data:/var/lib/rekor-tiles
- ../../etc/authority/keys/signing-dev.pem:/etc/rekor/signer.pem:ro
ports:
- "127.1.1.4:${REKOR_PORT:-3322}:3322"
networks:
stellaops:
aliases:
- rekor.stella-ops.local
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3322/api/v1/log"]
interval: 30s
timeout: 10s
retries: 3
profiles: ["sigstore-local"]
labels:
<<: *release-labels
com.stellaops.component: "rekor-v2"
rekor-cli:
image: ghcr.io/sigstore/rekor-cli:v1.4.3
entrypoint: ["rekor-cli"]
command: ["version"]
profiles: ["sigstore"]
networks: [stellaops]
labels: *release-labels
cosign:
image: ghcr.io/sigstore/cosign:v3.0.4
entrypoint: ["cosign"]
command: ["version"]
profiles: ["sigstore"]
networks: [stellaops]
labels: *release-labels
Reference in New Issue View Git Blame Copy Permalink