apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: openproject finalizers: - resources-finalizer.argocd.argoproj.io spec: project: default source: repoURL: 'https://charts.openproject.org' chart: openproject targetRevision: 11.*.* helm: values: | ## Define additional environment variables. ## ## You can get a list of all environment variables when executing: ## "RAILS_ENV=production bundle exec rake setting:available_envs" ## ## environment: ## OPENPROJECT_ATTACHMENT__MAX__SIZE: 5120 # environment: {} ## # Override the cluster domain name used in templating clusterDomain: "cluster.local" ## Define and create Kubernetes Service. ## ## Ref.: https://kubernetes.io/docs/concepts/services-networking/ingress/ # ingress: enabled: true annotations: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" cert-manager.io/cluster-issuer: lets-encrypt host: "openproject.innovation-hub-niedersachsen.de" tls: enabled: true secretName: openproject-tls # hosts: # - openproject.innovation-hub-niedersachsen.de # host: "openproject.example.com" # path: / # pathType: "Prefix" openproject: ## Enable https in backend response. # https: true ## Define the host, defaults to value of "ingress.host" when ingress is enabled. # host: "openproject.innovation-hub-niedersachsen.de" ## Enable HSTS. # hsts: true ## Define Cache settings. # cache: store: "memcache" extraEnvVarsSecret: "" ## Define the language to seed the instance in # seed_locale: "en" ## Define admin user details # only applicable on first installation # c.f. https://www.openproject.org/docs/installation-and-operations/configuration/#initial-admin-user-creation admin_user: password: "InnoHubADMIN_2025!" password_reset: "false" name: "OpenProject Admin" mail: "inno-netz@innovation-hub-niedersachsen.de" s3: enabled: false auth: # Provide the accessKeyId and secret in plain values # We recommend to use the existingSecret option instead accessKeyId: secretAccessKey: ## To avoid having sensitive credentials in your values.yaml, the preferred way is to ## use an existing secret containing the S3 compatible access credentials. ## Specify the name of this existing secret here. # if using an existing secret, use the following keys for your access key and secret. # OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID # OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY # note there are double underscores on these keys existingSecret: region: bucketName: ## Remove or leave empty to use default AWS S3 endpoint # endpoint: host: port: pathStyle: false signatureVersion: 4 useIamProfile: false # Some providers do not properly support signature v4 streaming (e.g. Scaleway) enableSignatureV4Streaming: true ## If enabled, upload files directly to S3 from the browser instead of going through OpenProject. ## May not be supported by providers other than AWS S3 itself. ## ## Ref.: https://www.openproject.org/docs/installation-and-operations/configuration/#direct-uploads # directUploads: true ## Configure PostgreSQL settings. # postgresql: bundled: true auth: # existingSecret: "" username: "openproject" database: "openproject" password: "InnoProjectDB_2025!" postgresPassword: "InnoHubPostgres_2025!" destination: server: 'https://kubernetes.default.svc' namespace: openproject syncPolicy: managedNamespaceMetadata: labels: pod-security.kubernetes.io/enforce: "privileged" automated: selfHeal: true prune: true syncOptions: - CreateNamespace=true