add kubernetes template

README.md

@@ -280,6 +280,10 @@ docker run \
   k8r.eu/justjanne/quassel-docker:v0.13.1
 ```
 
+## Kubernetes
+
+You can find a demo configuration file for kubernetes in [kubernetes-template.yaml](kubernetes-template.yaml)
+
 ## SSL
 
 You can use the core with SSL, in this case you should either put a

kubernetes-template.yaml

+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: quassel-core
+  labels:
+    app: quassel-core
+data:
+  # Specify the directory holding configuration files, the SQlite database and the SSL certificate.
+  CONFIG_DIR: "/config"
+
+  # The address(es) quasselcore will listen on.
+  QUASSEL_LISTEN: "::,0.0.0.0"
+  # The port quasselcore will listen at.
+  QUASSEL_PORT: "4242"
+
+  # Don't restore last core's state.
+  NORESTORE: "false"
+
+  # Use users' quasselcore username as ident reply. Ignores each user's configured ident setting.
+  STRICT_IDENT: "false"
+
+  # Enable internal ident daemon.
+  IDENT_ENABLED: "false"
+  # The address(es) quasselcore will listen on for ident requests. Same format as --listen.
+  IDENT_LISTEN: "::1,127.0.0.1"
+  # The port quasselcore will listen at for ident requests. Only meaningful with --ident-daemon.
+  IDENT_PORT: "10113"
+
+  # Enable oidentd integration. In most cases you should also enable --strict-ident.
+  OIDENTD_ENABLED: "false"
+  # Set path to oidentd configuration file.
+  OIDENTD_CONF_FILE: ""
+
+  # Require SSL for remote (non-loopback) client connections.
+  SSL_REQUIRED: "false"
+  # Specify the path to the SSL certificate.
+  SSL_CERT_FILE: ""
+  # Specify the path to the SSL key.
+  SSL_KEY_FILE: ""
+
+  # Enable metrics API.
+  METRICS_ENABLED: "false"
+  # The address(es) quasselcore will listen on for metrics requests. Same format as --listen.
+  METRICS_LISTEN: "::1,127.0.0.1"
+  # The port quasselcore will listen at for metrics requests. Only meaningful with --metrics-daemon.
+  METRICS_PORT: "9558"
+
+  # Supports one of Debug|Info|Warning|Error; default is Info.
+  LOGLEVEL: "Info"
+
+  # Enable logging of all SQL queries to debug log, also sets --loglevel Debug automatically
+  DEBUG_ENABLED: "false"
+  # Enable logging of all raw IRC messages to debug log, including passwords!  In most cases you should also set --loglevel Debug
+  DEBUG_IRC_ENABLED: "false"
+  # Limit raw IRC logging to this network ID.  Implies --debug-irc
+  DEBUG_IRC_ID: ""
+  # Enable logging of all parsed IRC messages to debug log, including passwords!  In most cases you should also set --loglevel Debug
+  DEBUG_IRC_PARSED_ENABLED: "false"
+  # Limit parsed IRC logging to this network ID.  Implies --debug-irc-parsed
+  DEBUG_IRC_PARSED_ID: ""
+
+  # Load configuration from environment variables.
+  CONFIG_FROM_ENVIRONMENT: "false"
+
+  # Specify the database backend.  Allowed values: SQLite or PostgreSQL
+  DB_BACKEND: "SQLite"
+  # If the backend is PostgreSQL, specify the database user username
+  DB_PGSQL_USERNAME: "quassel"
+  # If the backend is PostgreSQL, specify the hostname of the database
+  DB_PGSQL_HOSTNAME: "localhost"
+  # If the backend is PostgreSQL, specify the port of the database
+  DB_PGSQL_PORT: "5432"
+  # If the backend is PostgreSQL, specify the database of the PostgreSQL cluster
+  DB_PGSQL_DATABASE: "quassel"
+
+  # Specify the authenticator backend.  Allowed values: Database or Ldap
+  AUTH_AUTHENTICATOR: "Database"
+  # If the authenticator is Ldap, specify the hostname of the directory server
+  AUTH_LDAP_HOSTNAME: "ldap://localhost"
+  # If the authenticator is Ldap, specify the port of the directory server
+  AUTH_LDAP_PORT: "389"
+  # If the authenticator is Ldap, specify the bind dn
+  AUTH_LDAP_BIND_DN: ""
+  # If the authenticator is Ldap, specify the base dn
+  AUTH_LDAP_BASE_DN: ""
+  # If the authenticator is Ldap, specify the filter query
+  AUTH_LDAP_FILTER: ""
+  # If the authenticator is Ldap, specify the attribute to be used as userid
+  AUTH_LDAP_UID_ATTRIBUTE: "uid"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: quassel-core
+  labels:
+    app: quassel-core
+data:
+  # If the backend is PostgreSQL, specify the database user password
+  DB_PGSQL_PASSWORD: ""
+  
+  # If the authenticator is Ldap, specify the bind password
+  AUTH_LDAP_BIND_PASSWORD: ""
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: quassel-core
+  labels:
+    app: quassel-core
+spec:
+  selector:
+    matchLabels:
+      app: quassel-core
+  strategy:
+    rollingUpdate:
+      maxSurge: 0%
+      maxUnavailable: 100%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: quassel-core
+    spec:
+      containers:
+        envFrom:
+          configMapRef:
+            name: quassel-core
+        env:
+        - name: DB_PGSQL_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: quassel-core
+              key: DB_PGSQL_PASSWORD
+        - name: AUTH_LDAP_BIND_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: quassel-core
+              key: AUTH_LDAP_BIND_PASSWORD
+        image: k8r.eu/justjanne/quassel-docker:v0.13.1
+        imagePullPolicy: Always
+        name: core
+        ports:
+        - containerPort: 4242
+          name: quassel
+          protocol: TCP
+        #- containerPort: 10113
+        #  name: identd
+        #  protocol: TCP
+        volumeMounts:
+        - mountPath: /certs
+          name: tls
+      #volumes:
+      #- name: tls
+      #  secret:
+      #    secretName: wildcard-tls
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: quassel-core
+  labels:
+    app: quassel-core
+spec:
+  ports:
+  - name: quassel
+    port: 4242
+    protocol: TCP
+    targetPort: quassel
+  #- name: identd
+  #  port: 113
+  #  protocol: TCP
+  #  targetPort: identd
+  selector:
+    app: quassel-core
+  type: ClusterIP