apiVersion: v1
kind: ConfigMap
metadata:
  name: quassel-core
  labels:
    app: quassel-core
data:
  # Specify the directory holding configuration files, the SQlite database and the SSL certificate.
  CONFIG_DIR: "/config"

  # The address(es) quasselcore will listen on.
  QUASSEL_LISTEN: "::,0.0.0.0"
  # The port quasselcore will listen at.
  QUASSEL_PORT: "4242"

  # Don't restore last core's state.
  NORESTORE: "false"

  # Use users' quasselcore username as ident reply. Ignores each user's configured ident setting.
  STRICT_IDENT: "false"

  # Enable internal ident daemon.
  IDENT_ENABLED: "false"
  # The address(es) quasselcore will listen on for ident requests. Same format as --listen.
  IDENT_LISTEN: "::1,127.0.0.1"
  # The port quasselcore will listen at for ident requests. Only meaningful with --ident-daemon.
  IDENT_PORT: "10113"

  # Enable oidentd integration. In most cases you should also enable --strict-ident.
  OIDENTD_ENABLED: "false"
  # Set path to oidentd configuration file.
  OIDENTD_CONF_FILE: ""

  # Require SSL for remote (non-loopback) client connections.
  SSL_REQUIRED: "false"
  # Specify the path to the SSL certificate.
  SSL_CERT_FILE: ""
  # Specify the path to the SSL key.
  SSL_KEY_FILE: ""

  # Enable metrics API.
  METRICS_ENABLED: "false"
  # The address(es) quasselcore will listen on for metrics requests. Same format as --listen.
  METRICS_LISTEN: "::1,127.0.0.1"
  # The port quasselcore will listen at for metrics requests. Only meaningful with --metrics-daemon.
  METRICS_PORT: "9558"

  # Supports one of Debug|Info|Warning|Error; default is Info.
  LOGLEVEL: "Info"

  # Enable logging of all SQL queries to debug log, also sets --loglevel Debug automatically
  DEBUG_ENABLED: "false"
  # Enable logging of all raw IRC messages to debug log, including passwords!  In most cases you should also set --loglevel Debug
  DEBUG_IRC_ENABLED: "false"
  # Limit raw IRC logging to this network ID.  Implies --debug-irc
  DEBUG_IRC_ID: ""
  # Enable logging of all parsed IRC messages to debug log, including passwords!  In most cases you should also set --loglevel Debug
  DEBUG_IRC_PARSED_ENABLED: "false"
  # Limit parsed IRC logging to this network ID.  Implies --debug-irc-parsed
  DEBUG_IRC_PARSED_ID: ""

  # Load configuration from environment variables.
  CONFIG_FROM_ENVIRONMENT: "false"

  # Specify the database backend.  Allowed values: SQLite or PostgreSQL
  DB_BACKEND: "SQLite"
  # If the backend is PostgreSQL, specify the database user username
  DB_PGSQL_USERNAME: "quassel"
  # If the backend is PostgreSQL, specify the hostname of the database
  DB_PGSQL_HOSTNAME: "localhost"
  # If the backend is PostgreSQL, specify the port of the database
  DB_PGSQL_PORT: "5432"
  # If the backend is PostgreSQL, specify the database of the PostgreSQL cluster
  DB_PGSQL_DATABASE: "quassel"

  # Specify the authenticator backend.  Allowed values: Database or Ldap
  AUTH_AUTHENTICATOR: "Database"
  # If the authenticator is Ldap, specify the hostname of the directory server
  AUTH_LDAP_HOSTNAME: "ldap://localhost"
  # If the authenticator is Ldap, specify the port of the directory server
  AUTH_LDAP_PORT: "389"
  # If the authenticator is Ldap, specify the bind dn
  AUTH_LDAP_BIND_DN: ""
  # If the authenticator is Ldap, specify the base dn
  AUTH_LDAP_BASE_DN: ""
  # If the authenticator is Ldap, specify the filter query
  AUTH_LDAP_FILTER: ""
  # If the authenticator is Ldap, specify the attribute to be used as userid
  AUTH_LDAP_UID_ATTRIBUTE: "uid"
---
apiVersion: v1
kind: Secret
metadata:
  name: quassel-core
  labels:
    app: quassel-core
data:
  # If the backend is PostgreSQL, specify the database user password
  DB_PGSQL_PASSWORD: ""
  
  # If the authenticator is Ldap, specify the bind password
  AUTH_LDAP_BIND_PASSWORD: ""
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: quassel-core
  labels:
    app: quassel-core
spec:
  selector:
    matchLabels:
      app: quassel-core
  strategy:
    rollingUpdate:
      maxSurge: 0%
      maxUnavailable: 100%
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: quassel-core
    spec:
      containers:
      - envFrom:
        - configMapRef:
            name: quassel-core
        env:
        - name: DB_PGSQL_PASSWORD
          valueFrom:
            secretKeyRef:
              name: quassel-core
              key: DB_PGSQL_PASSWORD
        - name: AUTH_LDAP_BIND_PASSWORD
          valueFrom:
            secretKeyRef:
              name: quassel-core
              key: AUTH_LDAP_BIND_PASSWORD
        image: k8r.eu/justjanne/quassel-docker:v0.13.1
        imagePullPolicy: Always
        name: core
        ports:
        - containerPort: 4242
          name: quassel
          protocol: TCP
        #- containerPort: 10113
        #  name: identd
        #  protocol: TCP
        volumeMounts:
        - mountPath: /certs
          name: tls
      #volumes:
      #- name: tls
      #  secret:
      #    secretName: wildcard-tls
---
apiVersion: v1
kind: Service
metadata:
  name: quassel-core
  labels:
    app: quassel-core
spec:
  ports:
  - name: quassel
    port: 4242
    protocol: TCP
    targetPort: quassel
  #- name: identd
  #  port: 113
  #  protocol: TCP
  #  targetPort: identd
  selector:
    app: quassel-core
  type: ClusterIP