apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: mattermost-postgres spec: project: default source: repoURL: 'https://charts.bitnami.com/bitnami' targetRevision: 16.*.* chart: postgresql helm: valuesObject: auth: postgresPassword: "mmROOT12345" database: "mattermost" username: "mmdbuser" password: "mmdbpwd" primary: persistence: enabled: true storageClass: "longhorn" size: 10Gi fullnameOverride: "mattermost-postgresql" destination: server: 'https://kubernetes.default.svc' namespace: mattermost syncPolicy: automated: selfHeal: true prune: true syncOptions: - CreateNamespace=true --- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: mattermost spec: project: default source: repoURL: 'https://helm.mattermost.com' targetRevision: 6.*.* chart: mattermost-team-edition helm: valuesObject: # Persistence für Mattermost Daten persistence: data: enabled: true size: 10Gi storageClass: "longhorn" accessMode: ReadWriteOnce plugins: enabled: true size: 1Gi storageClass: "longhorn" accessMode: ReadWriteOnce # MySQL SubChart DEAKTIVIEREN mysql: enabled: false # PostgreSQL als externe Datenbank externalDB: enabled: true externalDriverType: "postgres" externalConnectionString: "mmdbuser:mmdbpwd@mattermost-postgresql:5432/mattermost?sslmode=disable&connect_timeout=10" # WICHTIG: Security Context für korrekte Volume-Berechtigungen # Mattermost läuft als UID 2000, GID 2000 securityContext: fsGroup: 2000 runAsUser: 2000 runAsGroup: 2000 # Ingress Konfiguration ingress: enabled: true hosts: - mattermost.innovation-hub-niedersachsen.de tls: - hosts: - mattermost.innovation-hub-niedersachsen.de secretName: mattermost-tls annotations: kubernetes.io/ingress.class: traefik cert-manager.io/cluster-issuer: lets-encrypt-staging destination: server: 'https://kubernetes.default.svc' namespace: mattermost syncPolicy: managedNamespaceMetadata: labels: pod-security.kubernetes.io/enforce: "privileged" automated: selfHeal: true prune: true syncOptions: - CreateNamespace=true