mosaicstack/stack
1
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects Releases 13 Wiki Activity

feat(deploy): portainer stack template for federation test instances [DEPLOY-02] #485

Merged
jason.woltje merged 1 commits from feat/federation-deploy-stack-template into main 2026-04-22 01:34:45 +00:00
Conversation 0 Commits 1 Files Changed 2 +217
jason.woltje commented 2026-04-22 01:23:01 +00:00
Owner
Copy Link

Summary

  • Adds deploy/portainer/federated-test.stack.yml: a Docker Swarm-compatible Compose file (version 3.9) for Portainer that boots a federated-tier Mosaic gateway alongside Postgres 17 (pgvector) and Valkey 8.
  • Gateway image is digest-pinned to fed-v0.1.0-m1 (sha256:9b72e202a...) per the immutable-image policy verified in DEPLOY-01.
  • Traefik HTTPS labels parameterised via STACK_NAME and HOST_FQDN so the same template deploys both mos-test-1.woltje.com (DEPLOY-03) and mos-test-2.woltje.com (DEPLOY-04).
  • Adds deploy/portainer/README.md with deployment instructions, required env vars table, external resource prerequisites, and per-instance mapping.

Changes

  • deploy/portainer/federated-test.stack.yml — Swarm stack template (new)
  • deploy/portainer/README.md — operator guide (new)

Required env vars per stack

Variable Description
STACK_NAME Unique Traefik router/service name (e.g. mos-test-1)
HOST_FQDN FQDN to serve (e.g. mos-test-1.woltje.com)
POSTGRES_PASSWORD Database password — set per stack in Portainer
BETTER_AUTH_SECRET 32-char random string for BetterAuth
BETTER_AUTH_URL Public gateway base URL

Notes

  • No Step-CA or federation grant config — those are M2-02/M2-04+ scope.
  • This template boots a vanilla M1-baseline gateway in federated tier.
  • traefik-public overlay network and letsencrypt cert resolver must exist on the Swarm before deploying.

Test plan

  • Deploy to mos-test-1.woltje.com via Portainer (DEPLOY-03)
  • Deploy to mos-test-2.woltje.com via Portainer (DEPLOY-04)
  • Confirm GET /health returns 200 on both instances
  • Confirm Traefik routes HTTPS traffic correctly with valid TLS cert

🤖 Generated with Claude Code

## Summary - Adds `deploy/portainer/federated-test.stack.yml`: a Docker Swarm-compatible Compose file (version 3.9) for Portainer that boots a federated-tier Mosaic gateway alongside Postgres 17 (pgvector) and Valkey 8. - Gateway image is digest-pinned to `fed-v0.1.0-m1` (`sha256:9b72e202a...`) per the immutable-image policy verified in DEPLOY-01. - Traefik HTTPS labels parameterised via `STACK_NAME` and `HOST_FQDN` so the same template deploys both `mos-test-1.woltje.com` (DEPLOY-03) and `mos-test-2.woltje.com` (DEPLOY-04). - Adds `deploy/portainer/README.md` with deployment instructions, required env vars table, external resource prerequisites, and per-instance mapping. ## Changes - `deploy/portainer/federated-test.stack.yml` — Swarm stack template (new) - `deploy/portainer/README.md` — operator guide (new) ## Required env vars per stack | Variable | Description | |---|---| | `STACK_NAME` | Unique Traefik router/service name (e.g. `mos-test-1`) | | `HOST_FQDN` | FQDN to serve (e.g. `mos-test-1.woltje.com`) | | `POSTGRES_PASSWORD` | Database password — set per stack in Portainer | | `BETTER_AUTH_SECRET` | 32-char random string for BetterAuth | | `BETTER_AUTH_URL` | Public gateway base URL | ## Notes - No Step-CA or federation grant config — those are M2-02/M2-04+ scope. - This template boots a vanilla M1-baseline gateway in federated tier. - `traefik-public` overlay network and `letsencrypt` cert resolver must exist on the Swarm before deploying. ## Test plan - [ ] Deploy to `mos-test-1.woltje.com` via Portainer (DEPLOY-03) - [ ] Deploy to `mos-test-2.woltje.com` via Portainer (DEPLOY-04) - [ ] Confirm `GET /health` returns 200 on both instances - [ ] Confirm Traefik routes HTTPS traffic correctly with valid TLS cert 🤖 Generated with [Claude Code](https://claude.com/claude-code)
jason.woltje added 1 commit 2026-04-22 01:23:02 +00:00
feat(deploy): portainer stack template for federation test instances [FED-M2-DEPLOY-02]
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
560e33e313 
Add deploy/portainer/federated-test.stack.yml — a Docker Swarm-compatible
Compose file for Portainer that boots a federated-tier gateway (gateway +
pgvector/pg17 + valkey:8-alpine) with Traefik HTTPS labels and digest-pinned
image (fed-v0.1.0-m1). Parameterised via STACK_NAME/HOST_FQDN for reuse
across mos-test-1 and mos-test-2 in DEPLOY-03/04. Add deploy/portainer/README.md
with deployment instructions, required env vars, and external resource notes.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
jason.woltje force-pushed feat/federation-deploy-stack-template from 560e33e313 to c7d0663de6 2026-04-22 01:28:30 +00:00 Compare
jason.woltje merged commit 4dbd429203 into main 2026-04-22 01:34:45 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
jason.woltje
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: mosaicstack/stack#485
Delete Branch "feat/federation-deploy-stack-template"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?