diff --git a/README.md b/README.md index ea0dcbee5ca9f55d3255624058f0d52e7070a72b..ad520facbb1e91d2f95bf94fb1cbbecfadbb44fe 100644 --- a/README.md +++ b/README.md @@ -280,6 +280,10 @@ docker run \ k8r.eu/justjanne/quassel-docker:v0.13.1 ``` +## Kubernetes + +You can find a demo configuration file for kubernetes in [kubernetes-template.yaml](kubernetes-template.yaml) + ## SSL You can use the core with SSL, in this case you should either put a diff --git a/kubernetes-template.yaml b/kubernetes-template.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c8789013dcf8660fe008a7b38a306506abf2b18a --- /dev/null +++ b/kubernetes-template.yaml @@ -0,0 +1,175 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: quassel-core + labels: + app: quassel-core +data: + # Specify the directory holding configuration files, the SQlite database and the SSL certificate. + CONFIG_DIR: "/config" + + # The address(es) quasselcore will listen on. + QUASSEL_LISTEN: "::,0.0.0.0" + # The port quasselcore will listen at. + QUASSEL_PORT: "4242" + + # Don't restore last core's state. + NORESTORE: "false" + + # Use users' quasselcore username as ident reply. Ignores each user's configured ident setting. + STRICT_IDENT: "false" + + # Enable internal ident daemon. + IDENT_ENABLED: "false" + # The address(es) quasselcore will listen on for ident requests. Same format as --listen. + IDENT_LISTEN: "::1,127.0.0.1" + # The port quasselcore will listen at for ident requests. Only meaningful with --ident-daemon. + IDENT_PORT: "10113" + + # Enable oidentd integration. In most cases you should also enable --strict-ident. + OIDENTD_ENABLED: "false" + # Set path to oidentd configuration file. + OIDENTD_CONF_FILE: "" + + # Require SSL for remote (non-loopback) client connections. + SSL_REQUIRED: "false" + # Specify the path to the SSL certificate. + SSL_CERT_FILE: "" + # Specify the path to the SSL key. + SSL_KEY_FILE: "" + + # Enable metrics API. + METRICS_ENABLED: "false" + # The address(es) quasselcore will listen on for metrics requests. Same format as --listen. + METRICS_LISTEN: "::1,127.0.0.1" + # The port quasselcore will listen at for metrics requests. Only meaningful with --metrics-daemon. + METRICS_PORT: "9558" + + # Supports one of Debug|Info|Warning|Error; default is Info. + LOGLEVEL: "Info" + + # Enable logging of all SQL queries to debug log, also sets --loglevel Debug automatically + DEBUG_ENABLED: "false" + # Enable logging of all raw IRC messages to debug log, including passwords! In most cases you should also set --loglevel Debug + DEBUG_IRC_ENABLED: "false" + # Limit raw IRC logging to this network ID. Implies --debug-irc + DEBUG_IRC_ID: "" + # Enable logging of all parsed IRC messages to debug log, including passwords! In most cases you should also set --loglevel Debug + DEBUG_IRC_PARSED_ENABLED: "false" + # Limit parsed IRC logging to this network ID. Implies --debug-irc-parsed + DEBUG_IRC_PARSED_ID: "" + + # Load configuration from environment variables. + CONFIG_FROM_ENVIRONMENT: "false" + + # Specify the database backend. Allowed values: SQLite or PostgreSQL + DB_BACKEND: "SQLite" + # If the backend is PostgreSQL, specify the database user username + DB_PGSQL_USERNAME: "quassel" + # If the backend is PostgreSQL, specify the hostname of the database + DB_PGSQL_HOSTNAME: "localhost" + # If the backend is PostgreSQL, specify the port of the database + DB_PGSQL_PORT: "5432" + # If the backend is PostgreSQL, specify the database of the PostgreSQL cluster + DB_PGSQL_DATABASE: "quassel" + + # Specify the authenticator backend. Allowed values: Database or Ldap + AUTH_AUTHENTICATOR: "Database" + # If the authenticator is Ldap, specify the hostname of the directory server + AUTH_LDAP_HOSTNAME: "ldap://localhost" + # If the authenticator is Ldap, specify the port of the directory server + AUTH_LDAP_PORT: "389" + # If the authenticator is Ldap, specify the bind dn + AUTH_LDAP_BIND_DN: "" + # If the authenticator is Ldap, specify the base dn + AUTH_LDAP_BASE_DN: "" + # If the authenticator is Ldap, specify the filter query + AUTH_LDAP_FILTER: "" + # If the authenticator is Ldap, specify the attribute to be used as userid + AUTH_LDAP_UID_ATTRIBUTE: "uid" +--- +apiVersion: v1 +kind: Secret +metadata: + name: quassel-core + labels: + app: quassel-core +data: + # If the backend is PostgreSQL, specify the database user password + DB_PGSQL_PASSWORD: "" + + # If the authenticator is Ldap, specify the bind password + AUTH_LDAP_BIND_PASSWORD: "" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: quassel-core + labels: + app: quassel-core +spec: + selector: + matchLabels: + app: quassel-core + strategy: + rollingUpdate: + maxSurge: 0% + maxUnavailable: 100% + type: RollingUpdate + template: + metadata: + labels: + app: quassel-core + spec: + containers: + envFrom: + configMapRef: + name: quassel-core + env: + - name: DB_PGSQL_PASSWORD + valueFrom: + secretKeyRef: + name: quassel-core + key: DB_PGSQL_PASSWORD + - name: AUTH_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + name: quassel-core + key: AUTH_LDAP_BIND_PASSWORD + image: k8r.eu/justjanne/quassel-docker:v0.13.1 + imagePullPolicy: Always + name: core + ports: + - containerPort: 4242 + name: quassel + protocol: TCP + #- containerPort: 10113 + # name: identd + # protocol: TCP + volumeMounts: + - mountPath: /certs + name: tls + #volumes: + #- name: tls + # secret: + # secretName: wildcard-tls +--- +apiVersion: v1 +kind: Service +metadata: + name: quassel-core + labels: + app: quassel-core +spec: + ports: + - name: quassel + port: 4242 + protocol: TCP + targetPort: quassel + #- name: identd + # port: 113 + # protocol: TCP + # targetPort: identd + selector: + app: quassel-core + type: ClusterIP