#apiVersion: argoproj.io/v1alpha1
#kind: Application
#metadata:
#  name: openproject
#  finalizers:
#    - resources-finalizer.argocd.argoproj.io
#spec:
#  project: default
#  source:
#    repoURL: 'https://charts.openproject.org'
#    chart: openproject
#    targetRevision: 11.*.*
#    helm:
#      values: |
#        develop: false
#        
#        ingress:
#          enabled: true
#          ingressClassName: traefik
#          annotations:
#            kubernetes.io/ingress.class: traefik
#            traefik.ingress.kubernetes.io/router.entrypoints: websecure
#            traefik.ingress.kubernetes.io/router.tls: "true"
#            cert-manager.io/cluster-issuer: lets-encrypt-staging
#          host: "openproject.innovation-hub-niedersachsen.de"
#          path: /
#          pathType: "Prefix"
#          tls:
#            enabled: true
#            secretName: openproject-tls
#        
#        openproject:
#          https: true
#          hsts: true
#          seed_locale: "en"
#          useTmpVolumes: "false"
#          admin_user:
#            password: "admin"
#            password_reset: true
#            name: "OpenProject Admin"
#            mail: "inno-netz@innovation-hub-niedersachsen.de"
#        
#        memcached:
#          global:
#            readOnlyRootFilesystem: false
#        
#        containerSecurityContext:
#          readOnlyRootFilesystem: false
#
#        persistence:
#          enabled: false
#          accessModes:
#            - "ReadWriteOnce"
#
#        s3:
#          enabled: true
#          auth:
#            accessKeyId: "K7mNpQ2vRxL9wYtH3Zc8"
#            secretAccessKey: "jX9fK2mP5nQ8rT1vW4yZ7bN0cM3hL6gF9dS2aE5k"
#          host: "sws3.innovation-hub-niedersachsen.de"
#          port: 443
#          bucket: "openproject"
#          # Add region if required by your S3 provider
#          # region: "us-east-1"
#        
#        postgresql:
#          bundled: true
#          auth:
#            # Option 1: Use existingSecret (recommended for production)
#            existingSecret: "postgresql-auth"
#            # The secret must contain these keys:
#            # - postgres-password (PostgreSQL superuser password)
#            # - password (openproject user password)
#            
#            # Option 2: Set passwords directly (not recommended for production)
#            username: "openproject"
#            # password: "openproject123"
#            # postgresPassword: "postgres123"
#            database: "openproject"
#          global:
#            readOnlyRootFilesystem: false
#          primary:
#            persistence:
#              enabled: true
#              size: 8Gi
#  
#  destination:
#    server: 'https://kubernetes.default.svc'
#    namespace: openproject
#  
#  syncPolicy:
#    managedNamespaceMetadata:
#      labels:
#        pod-security.kubernetes.io/enforce: "privileged"
#    automated:
#      selfHeal: true
#      prune: true
#    syncOptions:
#      - CreateNamespace=true