VARASYS/ZDDC
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ZDDC/helm/zddc-server-dev/values.yaml.example
ZDDC 6b973906c3 feat(server): refuse to start without root .zddc; default CORS to empty 
Two safe-by-default flips, both opt-out via explicit acknowledgement.

1. --insecure / ZDDC_INSECURE=1: zddc-server now refuses to start when
   no <ZDDC_ROOT>/.zddc exists. With no .zddc anywhere in the chain,
   AllowedWithChain falls through to "HasAnyFile=false → allow" and
   the tree is publicly accessible to anonymous callers — almost never
   what an operator wants on a fresh deployment, and previously a
   silent footgun. The flag is the escape hatch for deliberately-
   public archives (no .zddc anywhere by design).

2. ZDDC_CORS_ORIGIN now defaults to empty (CORS disabled) instead of
   the canonical "https://zddc.varasys.io". The embedded-tools install
   path serves tools and data same-origin, so the default never needed
   to permit cross-origin XHRs from a third-party host. Every deployment
   was implicitly trusting zddc.varasys.io to make authenticated XHRs
   on behalf of every logged-in user; if that origin were ever
   compromised, the blast radius extended to every customer server.
   Operators who deliberately use the CDN-bootstrap pattern or self-
   hosted tools at a different host now set the value explicitly.

Helm chart values updated accordingly: prod default is empty; dev
keeps localhost:8000 for tool-iteration workflows. Existing deployments
that depended on the old defaults will need to either set the value
explicitly or pass --insecure.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-04 17:40:34 -05:00

70 lines
2 KiB
Text
Raw Blame History

# values.yaml.example — zddc-server-dev
#
# Copy to values.yaml (or pass via --values) and customize for your
# environment. Same as the prod chart's example, but defaults are
# tuned for active development:
#
# - gitRef defaults to "main" (rebuilt on every pod restart)
# - ZDDC_LOG_LEVEL=debug (every request's full header map gets logged
# — this includes auth tokens and cookies; debug builds belong in
# trusted/private namespaces only)
# - Faster liveness/readiness probes
# - Smaller resource limits (single-developer test cluster)
#
# Contains NO secrets — see helm/zddc-server-prod/values.yaml.example
# for the secrets-management note.
zddc:
gitRepo: https://codeberg.org/VARASYS/ZDDC.git
gitRef: main # tracks the latest commit; rebuilt on pod restart
env:
rootPath: /srv
addr: ":8080"
emailHeader: X-Auth-Request-Email
# Empty (default) disables CORS — fine for embedded-tools / same-origin.
# Dev typically keeps localhost in here for the iterate-on-tool-builds
# workflow where you load a tool from `./dev-server start` (8000) and
# point it at this server. Add other tool-host origins as needed.
corsOrigin: "http://localhost:8000"
logLevel: debug # full request headers logged; sensitive!
indexPath: ".archive"
data:
pvcName: zddc-root-dev # name of an existing PVC in your dev namespace
subPath: ""
service:
type: ClusterIP
port: 8080
ingress:
enabled: false
className: ""
host: zddc-dev.example.com
tls:
enabled: false
secretName: zddc-dev-tls
# Smaller than prod — dev clusters are usually resource-constrained.
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 250m
memory: 256Mi
# Dev runs single-replica. The init container always pulls main HEAD,
# so two replicas would race on different SHAs.
replicaCount: 1
buildImage:
repository: docker.io/golang
tag: 1.24-alpine
runtimeImage:
repository: docker.io/alpine
tag: "3.19"
imagePullSecrets: []
Reference in a new issue View git blame Copy permalink