From 4b981a0c5a78b872f6c3c73e4d6c6cb9e25aa5f1 Mon Sep 17 00:00:00 2001 From: titver968 Date: Tue, 7 Oct 2025 08:59:03 +0200 Subject: [PATCH] openproject started --- argocd/apps/openproject/openproject-ns.yaml | 8 + argocd/apps/openproject/postgresql-auth.yaml | 6 +- .../apps/openproject/values-openproject.yaml | 192 +++++++++--------- 3 files changed, 103 insertions(+), 103 deletions(-) create mode 100644 argocd/apps/openproject/openproject-ns.yaml diff --git a/argocd/apps/openproject/openproject-ns.yaml b/argocd/apps/openproject/openproject-ns.yaml new file mode 100644 index 0000000..0c0a8ea --- /dev/null +++ b/argocd/apps/openproject/openproject-ns.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: openproject + labels: + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/warn: privileged diff --git a/argocd/apps/openproject/postgresql-auth.yaml b/argocd/apps/openproject/postgresql-auth.yaml index 78368fb..b34ed52 100644 --- a/argocd/apps/openproject/postgresql-auth.yaml +++ b/argocd/apps/openproject/postgresql-auth.yaml @@ -5,7 +5,5 @@ metadata: namespace: openproject type: Opaque stringData: - postgres-password: InnoPG_2025 - password: InnoDB_2025 - username: openproject - database: openproject + postgres-password: InnoPG2025 + password: InnoDB2025 diff --git a/argocd/apps/openproject/values-openproject.yaml b/argocd/apps/openproject/values-openproject.yaml index 86c18df..bb8f5ef 100644 --- a/argocd/apps/openproject/values-openproject.yaml +++ b/argocd/apps/openproject/values-openproject.yaml @@ -1,99 +1,93 @@ -#apiVersion: argoproj.io/v1alpha1 -#kind: Application -#metadata: -# name: openproject -# finalizers: -# - resources-finalizer.argocd.argoproj.io -#spec: -# project: default -# source: -# repoURL: 'https://charts.openproject.org' -# chart: openproject -# targetRevision: 11.*.* -# helm: -# values: | -# develop: false -# -# ingress: -# enabled: true -# ingressClassName: traefik -# annotations: -# kubernetes.io/ingress.class: traefik -# traefik.ingress.kubernetes.io/router.entrypoints: websecure -# traefik.ingress.kubernetes.io/router.tls: "true" -# cert-manager.io/cluster-issuer: lets-encrypt-staging -# host: "openproject.innovation-hub-niedersachsen.de" -# path: / -# pathType: "Prefix" -# tls: -# enabled: true -# secretName: openproject-tls -# -# openproject: -# https: true -# hsts: true -# seed_locale: "en" -# useTmpVolumes: "false" -# admin_user: -# password: "admin" -# password_reset: true -# name: "OpenProject Admin" -# mail: "inno-netz@innovation-hub-niedersachsen.de" -# -# memcached: -# global: -# readOnlyRootFilesystem: false -# -# containerSecurityContext: -# readOnlyRootFilesystem: false -# -# persistence: -# enabled: false -# accessModes: -# - "ReadWriteOnce" -# -# s3: -# enabled: true -# auth: -# accessKeyId: "K7mNpQ2vRxL9wYtH3Zc8" -# secretAccessKey: "jX9fK2mP5nQ8rT1vW4yZ7bN0cM3hL6gF9dS2aE5k" -# host: "sws3.innovation-hub-niedersachsen.de" -# port: 443 -# bucket: "openproject" -# # Add region if required by your S3 provider -# # region: "us-east-1" -# -# postgresql: -# bundled: true -# auth: -# # Option 1: Use existingSecret (recommended for production) -# existingSecret: "postgresql-auth" -# # The secret must contain these keys: -# # - postgres-password (PostgreSQL superuser password) -# # - password (openproject user password) -# -# # Option 2: Set passwords directly (not recommended for production) -# username: "openproject" -# # password: "openproject123" -# # postgresPassword: "postgres123" -# database: "openproject" -# global: -# readOnlyRootFilesystem: false -# primary: -# persistence: -# enabled: true -# size: 8Gi -# -# destination: -# server: 'https://kubernetes.default.svc' -# namespace: openproject -# -# syncPolicy: -# managedNamespaceMetadata: -# labels: -# pod-security.kubernetes.io/enforce: "privileged" -# automated: -# selfHeal: true -# prune: true -# syncOptions: -# - CreateNamespace=true +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: openproject + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: 'https://charts.openproject.org' + chart: openproject + targetRevision: 11.*.* + helm: + values: | + develop: false + + ingress: + enabled: true + ingressClassName: traefik + annotations: + kubernetes.io/ingress.class: traefik + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: lets-encrypt-staging + host: "openproject.innovation-hub-niedersachsen.de" + path: / + pathType: "Prefix" + tls: + enabled: true + secretName: openproject-tls + + openproject: + https: true + hsts: true + seed_locale: "en" + useTmpVolumes: "false" + admin_user: + password: "admin" + password_reset: true + name: "OpenProject Admin" + mail: "inno-netz@innovation-hub-niedersachsen.de" + + memcached: + global: + readOnlyRootFilesystem: false + + containerSecurityContext: + readOnlyRootFilesystem: false + + persistence: + enabled: false + accessModes: + - "ReadWriteOnce" + + s3: + enabled: true + auth: + accessKeyId: "K7mNpQ2vRxL9wYtH3Zc8" + secretAccessKey: "jX9fK2mP5nQ8rT1vW4yZ7bN0cM3hL6gF9dS2aE5k" + host: "sws3.innovation-hub-niedersachsen.de" + port: 443 + bucket: "openproject" + # Add region if required by your S3 provider + # region: "us-east-1" + + postgresql: + bundled: true + auth: + existingSecret: "postgresql-auth" + username: "openproject" + # password: "openproject123" + # postgresPassword: "postgres123" + database: "openproject" + global: + readOnlyRootFilesystem: false + primary: + persistence: + enabled: true + size: 8Gi + + destination: + server: 'https://kubernetes.default.svc' + namespace: openproject + + syncPolicy: + managedNamespaceMetadata: + labels: + pod-security.kubernetes.io/enforce: "privileged" + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true