VARASYS/ZDDC
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ZDDC/helm/zddc-server-cache/Chart.yaml
ZDDC 55852a9efb helm: add zddc-server-cache example chart + ZDDC_NO_AUTH on prod/dev 
New chart helm/zddc-server-cache/ deploys zddc-server in client mode
against an upstream master. Mirrors the prod chart's source-build-via-
init-container pattern but with:

- ZDDC_UPSTREAM, ZDDC_MODE, ZDDC_BEARER_FILE, ZDDC_NO_AUTH,
  ZDDC_SKIP_TLS_VERIFY, ZDDC_MIRROR_SUBTREE, ZDDC_MIRROR_MIN_INTERVAL
  wired from values.yaml. Mirror-only env vars conditionally rendered
  (only when mode=mirror) to keep the rendered manifest minimal.
- Bearer token mounted from a separately-created Kubernetes Secret
  (defaultMode 0400) at /etc/zddc/bearer/token. values.yaml.example
  documents the secret-creation flow but contains no token. Secret
  reference can be set to "" to disable bearer auth (only valid for
  upstreams running --no-auth).
- Recreate strategy + replicaCount: 1 (multiple replicas would race
  the cache directory and double the upstream walker traffic).
- TCP-socket probes instead of HTTP — HTTP probes against / would
  fail when both upstream is unreachable AND the cache is empty
  (the cache layer returns 503 + offline header in that state),
  causing crashloops. TCP verifies process liveness without depending
  on upstream reachability or cache contents.
- Mounts a separate cache PVC (operator-provided, like the master's
  data PVC). Sized to the working set you expect to mirror; can be
  much smaller than the master's data volume.

Existing prod and dev charts gain optional ZDDC_NO_AUTH wired from
zddc.env.noAuth (default false → no change to existing rendered
manifests). Useful for trusted-LAN or genuinely-public master
deployments.

Updated docs: helm/README.md gains the cache row in the chart table,
the cache-install quickstart with the secret-creation flow, and the
cache-specific structural notes (Recreate / TCP probes / single-
instance). CLAUDE.md and ARCHITECTURE.md updated to reflect three
charts instead of two.

Verified with helm template rendering: ZDDC_NO_AUTH only renders
when noAuth: true; ZDDC_MIRROR_SUBTREE / ZDDC_MIRROR_MIN_INTERVAL
only render when mode: mirror; bearer volume + ZDDC_BEARER_FILE
only render when bearer.secretName is non-empty.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-08 08:33:01 -05:00

32 lines
1.1 KiB
YAML
Raw Blame History

apiVersion: v2
name: zddc-server-cache
description: |
Downstream cache / mirror deployment of zddc-server. Compiles from
source via an init container at deploy time (no image pull from a
registry); the main container is alpine + the freshly-built binary.
Runs in client mode against an upstream zddc-server master, caching
every accessed file (and, in mirror mode, proactively walking
configured subtrees).
Use cases: corporate-master → DR-mirror, vendor-scoped mirror in a
vendor's own cluster, regional edge cache, dev/staging environment
that mirrors prod. Distinct from `zddc-server-prod` (which IS a
master) and `zddc-server-dev` (a master with overlay isolation).
TLS upstream is verified by default (set --skip-tls-verify only for
self-signed dev masters or internal CAs you haven't yet added to
the trust store).
type: application
version: 0.1.0
appVersion: "0.0.7" # zddc-server git tag this chart was last verified against
home: https://zddc.varasys.io/
sources:
- https://codeberg.org/VARASYS/ZDDC
maintainers:
- name: VARASYS
keywords:
- zddc
- cache
- mirror
- file-server
- document-control
Reference in a new issue View git blame Copy permalink