Installation & Quick-Start
This page condenses the docs/21_INSTALL_GUIDE.md for a browser-friendly read.
It covers Docker Compose in 5 min; jump to the full Markdown for Helm, TLS, upgrades & roll-backs.
0 Audience & prerequisites
| Item | Minimum | Notes |
|---|---|---|
| OS | Ubuntu 22.04 / Alma 9 | x86-64 or ARM-64 |
| CPU / RAM | 2 vCPU / 2 GB | Dev-laptop baseline |
| Disk | 10 GB SSD | SBOM + cache |
| Docker | Engine 24 + Compose v2 | docker -v |
1 Choose your path
| Path | When to pick | Section |
|---|---|---|
| Docker Compose | Single VM, PoC, laptop | § 2 |
| Kubernetes (Helm β) | Existing K3s, RKE2, EKS | § 6 |
2 Quick-start — Docker Compose (5 minutes)
2.1 Download signed stack file
curl -LO https://get.stellaops.org/compose-core.yml
curl -LO https://get.stellaops.org/compose-core.yml.sig
cosign verify-blob \
--key https://stella-ops.org/keys/cosign.pub \
--signature compose-core.yml.sig \
compose-core.yml
curl -LO https://get.stellaops.org/compose-core.yml.sig
cosign verify-blob \
--key https://stella-ops.org/keys/cosign.pub \
--signature compose-core.yml.sig \
compose-core.yml
2.2 Set secrets
export REDIS_PASS=$(openssl rand -base64 18)
echo "REDIS_PASS=$REDIS_PASS" >> .env
echo "REDIS_PASS=$REDIS_PASS" >> .env
2.3 Launch
docker compose --env-file .env -f compose-core.yml pull
docker compose --env-file .env -f compose-core.yml up -d
docker compose --env-file .env -f compose-core.yml up -d
2.4 Health check
curl -k https://localhost:8080/health
# → {"redis":"OK","version":"1.5.0","commit":"5a1b7d3"}
# → {"redis":"OK","version":"1.5.0","commit":"5a1b7d3"}
Open https://localhost:8080 (accept self-signed cert).
3 Verify image signatures & SBOM (optional)
BACKEND_DIGEST=sha256:… # copy from
cosign verify \
ghcr.io/stellaops/backend@$BACKEND_DIGEST \
--key https://stella-ops.org/keys/cosign.pub
docker images --digestscosign verify \
ghcr.io/stellaops/backend@$BACKEND_DIGEST \
--key https://stella-ops.org/keys/cosign.pub
The SBOM is embedded at /usr/share/stellaops/sbom.spdx.json inside the image.
4 First login & API token
- Sign in with default admin / changeme.
- Navigate Settings → API Tokens → Generate.
- Each token inherits the 333 scans/day quota.
- Store the token securely in your CI secret vault.
5 Understanding the 333-scan free-tier quota
- 200 scans — yellow banner warns of limit.
- 333 – 363 — API returns
429withRetry-After: 5. - >363 — hard 60 s wait-wall (
Retry-After: 60). - Counter resets 00:00 UTC; Plus/Pro licences remove limit.
6 Kubernetes (Helm chart β)
helm repo add stella https://charts.stella-ops.org
helm install stella-core stella/core \
--set redis.password=$REDIS_PASS \
--set ingress.host=stella.example.com
helm install stella-core stella/core \
--set redis.password=$REDIS_PASS \
--set ingress.host=stella.example.com
Includes NetworkPolicy, PodSecurity and CosignVerify admission controller.