apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: openproject
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  source:
    repoURL: 'https://charts.openproject.org'
    chart: openproject
    targetRevision: 11.*.*
    helm:
      values: |
        develop: false
        
        ingress:
          enabled: true
          ingressClassName: traefik
          annotations:
            kubernetes.io/ingress.class: traefik
            traefik.ingress.kubernetes.io/router.entrypoints: websecure
            traefik.ingress.kubernetes.io/router.tls: "true"
            cert-manager.io/cluster-issuer: lets-encrypt-staging
          host: "openproject.innovation-hub-niedersachsen.de"
          path: /
          pathType: "Prefix"
          tls:
            enabled: true
            secretName: openproject-tls
        
        openproject:
          https: true
          hsts: true
          seed_locale: "en"
          useTmpVolumes: "false"
          admin_user:
            password: "admin"
            password_reset: true
            name: "OpenProject Admin"
            mail: "inno-netz@zpd.polizei.niedersachsen.de"

          # Explizite Datenbank-Konfiguration  
          # extraEnvVars:
          #   - name: DATABASE_URL
          #     value: "postgres://openproject:$(POSTGRES_PASSWORD)@openproject-postgresql:5432/openproject"
          #   - name: POSTGRES_PASSWORD
          #     valueFrom:
          #       secretKeyRef:
          #         name: postgresql-auth
          #         key: password    
        
        memcached:
          global:
            readOnlyRootFilesystem: false
        
        containerSecurityContext:
          readOnlyRootFilesystem: false

        persistence:
          enabled: false
          accessModes:
            - "ReadWriteOnce"

        s3:
          enabled: true
          auth:
            accessKeyId: "K7mNpQ2vRxL9wYtH3Zc8"
            secretAccessKey: "jX9fK2mP5nQ8rT1vW4yZ7bN0cM3hL6gF9dS2aE5k"
          host: "sws3.innovation-hub-niedersachsen.de"
          port: 443
          bucket: "openproject"
          # Add region if required by your S3 provider
          # region: "us-east-1"
        
        postgresql:
          bundled: true
          auth:
            existingSecret: "postgresql-auth"
            username: "openproject"
            # password: "openproject123"
            # postgresPassword: "postgres123"
            database: "openproject"
          global:
            readOnlyRootFilesystem: false
          primary:
            persistence:
              enabled: true
              size: 8Gi
            service:
              type: ClusterIP
              ports:
                postgresql: 5432
  
  destination:
    server: 'https://kubernetes.default.svc'
    namespace: openproject
  
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        pod-security.kubernetes.io/enforce: "privileged"
    automated:
      selfHeal: true
      prune: true
    syncOptions:
      - CreateNamespace=true