# values.yaml.example — zddc-server-prod
#
# Copy to values.yaml (or pass via --values) and customize for your
# environment. Contains NO secrets — secrets like the .zddc admin email
# list, TLS certs (if used), and image-pull credentials must be
# materialised from your secret-management system (sealed-secrets,
# external-secrets, kubectl create secret, etc.) and referenced by name
# below.

# Source-build configuration. The init container clones the repo at
# `gitRef` and compiles cmd/zddc-server. Pin gitRef to a stable tag
# (zddc-server-vX.Y.Z) for production; trying main HEAD risks pulling
# unreleased changes.
zddc:
  gitRepo: https://codeberg.org/VARASYS/ZDDC.git
  gitRef:  zddc-server-v0.0.7  # pin to a stable tag

  # ZDDC environment-variable contract — see zddc/README.md
  env:
    # Path inside the container where ZDDC_ROOT data is mounted.
    # The chart wires the data PVC to this path automatically.
    rootPath: /srv

    # Listening address (plain HTTP — ingress terminates TLS).
    addr: ":8080"

    # Email-header convention from your authenticating reverse proxy.
    emailHeader: X-Auth-Request-Email

    # Comma-separated CORS allowlist. Empty (default) disables CORS —
    # appropriate for the embedded-tools install path where tools are
    # served same-origin by zddc-server itself. Set to a specific origin
    # only if browser-loaded pages from a different host call back into
    # this server (e.g. self-hosted tools at https://tools.acme.com,
    # or the CDN-bootstrap pattern from https://zddc.varasys.io).
    corsOrigin: ""

    # info / warn / error / debug. Production stays on info; debug logs
    # every request's full header map (includes cookies/auth tokens).
    logLevel: info

    # Index URL segment for the virtual archive index. Default fits
    # most deployments; only change if you have a tracking-number
    # collision with a real directory named ".archive".
    indexPath: ".archive"

    # Skip ACL enforcement entirely on this instance. Anyone hitting
    # the port reads everything in scope. Only enable for genuinely-
    # public archives (and even then, only behind an authenticating
    # ingress that doesn't gate on identity for /). Distinct from
    # --insecure (which gates the startup check requiring a root .zddc).
    # Default false.
    noAuth: false

  # Bearer-token system. Master automatically self-issues tokens via
  # /.tokens (browser) and /.api/tokens (JSON). The token store lives
  # at <ZDDC_ROOT>/.zddc.d/tokens/<sha256> on the data PVC; no Helm
  # configuration required. Operators sign in via the upstream auth
  # proxy, visit /.tokens, copy the displayed token into a 0600 file,
  # and pass --bearer-file to any CLI / cache / mirror that needs to
  # authenticate against this master. See zddc/README.md "Bearer
  # tokens" for the full lifecycle.

# Persistent storage for ZDDC_ROOT. Operators provide their own PVC,
# typically backed by a shared filesystem (NFS, CephFS, SMB) so multiple
# replicas of zddc-server (and your sync tooling) see the same tree.
# This chart does NOT create the PVC — it only references it by name.
data:
  pvcName: zddc-root      # name of an existing PersistentVolumeClaim
  subPath: ""             # optional subPath within the PVC

# Service exposure. zddc-server listens on a plain HTTP port; ingress
# (or whatever reverse proxy you put in front) terminates TLS and
# enforces authentication, then forwards to this service.
service:
  type: ClusterIP
  port: 8080

# Ingress is optional — disabled by default since most deployments wire
# zddc-server into an existing ingress / auth-proxy stack. Enable here
# only if this chart is the only thing in front of the pod.
ingress:
  enabled: false
  className: ""
  host: zddc.example.com
  tls:
    enabled: false
    secretName: zddc-tls  # secret you create separately

# Pod resource limits. Sized for a small/medium archive (~10k files).
resources:
  requests:
    cpu: 100m
    memory: 128Mi
  limits:
    cpu: 500m
    memory: 512Mi

# Replicas. zddc-server is read-only stateless given a shared filesystem
# behind it, so multiple replicas are safe.
replicaCount: 1

# Build-stage Go image (init container). Pinned digest is recommended
# in production for reproducibility; using a tag means upstream changes
# break your deploy.
buildImage:
  repository: docker.io/golang
  tag: 1.24-alpine
  # digest: sha256:...

# Runtime image (main container). Must contain a basic shell + libc;
# the static binary is copied in by the init container. Alpine is fine.
runtimeImage:
  repository: docker.io/alpine
  tag: "3.19"
  # digest: sha256:...

# Image pull credentials, if your registry requires them. Reference a
# secret you've created separately; do not put credentials in values.
imagePullSecrets: []
# - name: regcred