VARASYS/ZDDC
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ZDDC/helm/zddc-server-dev/values.yaml.example
ZDDC 607121a9ea feat: example helm charts for zddc-server (production + dev) 
Two charts under helm/, both compile zddc-server from source via an
init container — no container image registry, no pre-built binary.
The init container clones the repo at a configured git ref, runs
`go build`, and writes the binary into a shared emptyDir; the main
container is alpine + the freshly built static binary.

helm/zddc-server-prod/  Production-shaped:
                        - gitRef pinned to a stable tag in
                          values.yaml.example (zddc-server-v0.0.7).
                        - imagePullPolicy IfNotPresent.
                        - Slower probe cadence (30s liveness, 10s
                          readiness).
                        - ZDDC_LOG_LEVEL=info.
                        - replicaCount: 1 (operators raise as needed
                          when backed by a shared filesystem).

helm/zddc-server-dev/   Dev/soak-shaped:
                        - gitRef defaults to "main" (rebuilt every pod
                          restart). build-time annotation forces
                          recreate on every helm upgrade.
                        - imagePullPolicy Always on the build image
                          so the latest golang:1.24-alpine is pulled.
                        - Faster probe cadence (10s liveness, 5s
                          readiness) — fail-fast in dev.
                        - ZDDC_LOG_LEVEL=debug. NOTE: debug logs every
                          request's full header map (includes auth
                          tokens / cookies) — this chart is for
                          private dev namespaces only.
                        - Strategy: Recreate (single replica racing
                          on different SHAs would be a mess).

Both charts:

- Wire the ZDDC_* env-var contract (ZDDC_ROOT, ZDDC_ADDR,
  ZDDC_TLS_CERT=none, ZDDC_INSECURE_DIRECT=1, ZDDC_EMAIL_HEADER,
  ZDDC_CORS_ORIGIN, ZDDC_LOG_LEVEL, ZDDC_INDEX_PATH).
- Mount a caller-supplied PVC at ZDDC_ROOT (chart does not create the
  PVC; operators provision storage themselves).
- Optional Ingress (ingress.enabled: true). TLS is expected to be
  terminated upstream of the pod; the pod listens on plain HTTP.
- No secrets in values.yaml.example. ACL email lists go in .zddc files
  inside the data volume; image-pull and TLS secrets are referenced by
  name only.

helm/README.md documents the design rationale (why build from source
instead of using a registry image), a quick-start example, and the
explicit list of what the charts do and don't do.

Note: `helm lint` cannot be run in this dev environment (helm isn't
installed). YAML syntax of Chart.yaml and values.yaml.example
verified via `python3 -c "yaml.safe_load(...)"`. Operators should
run `helm lint` and `helm template` before installing.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-30 09:48:02 -05:00

66 lines
1.7 KiB
Text
Raw Blame History

# values.yaml.example — zddc-server-dev
#
# Copy to values.yaml (or pass via --values) and customize for your
# environment. Same as the prod chart's example, but defaults are
# tuned for active development:
#
# - gitRef defaults to "main" (rebuilt on every pod restart)
# - ZDDC_LOG_LEVEL=debug (every request's full header map gets logged
# — this includes auth tokens and cookies; debug builds belong in
# trusted/private namespaces only)
# - Faster liveness/readiness probes
# - Smaller resource limits (single-developer test cluster)
#
# Contains NO secrets — see helm/zddc-server-prod/values.yaml.example
# for the secrets-management note.
zddc:
gitRepo: https://codeberg.org/VARASYS/ZDDC.git
gitRef: main # tracks the latest commit; rebuilt on pod restart
env:
rootPath: /srv
addr: ":8080"
emailHeader: X-Auth-Request-Email
corsOrigin: "https://zddc.varasys.io,http://localhost:8000"
logLevel: debug # full request headers logged; sensitive!
indexPath: ".archive"
data:
pvcName: zddc-root-dev # name of an existing PVC in your dev namespace
subPath: ""
service:
type: ClusterIP
port: 8080
ingress:
enabled: false
className: ""
host: zddc-dev.example.com
tls:
enabled: false
secretName: zddc-dev-tls
# Smaller than prod — dev clusters are usually resource-constrained.
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 250m
memory: 256Mi
# Dev runs single-replica. The init container always pulls main HEAD,
# so two replicas would race on different SHAs.
replicaCount: 1
buildImage:
repository: docker.io/golang
tag: 1.24-alpine
runtimeImage:
repository: docker.io/alpine
tag: "3.19"
imagePullSecrets: []
Reference in a new issue View git blame Copy permalink