apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: openproject
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  source:
    repoURL: 'https://charts.openproject.org'
    chart: openproject
    targetRevision: 11.*.*
    helm:
      values: |
        develop: false
        
        environment:
          EMAIL_DELIVERY_METHOD: "smtp"
          SMTP_ADDRESS: "smtp.innohub.local"
          SMTP_PORT: "25"
          SMTP_DOMAIN: "innovation-hub-niedersachsen.de"
          SMTP_AUTHENTICATION: "none"
          SMTP_ENABLE_STARTTLS_AUTO: "false"

        cron:
          enabled: false
          environment:
            IMAP_HOST: "smtp.innovation-hub-niedersachsen.de"
            IMAP_PORT: 993
            IMAP_SSL: "true"
            IMAP_USERNAME: "openproject"
            IMAP_PASSWORD: "openproject-imap-password"
          schedule: "*/5 * * * *"  
        ingress:
          enabled: true
          ingressClassName: traefik
          annotations:
            kubernetes.io/ingress.class: traefik
            traefik.ingress.kubernetes.io/router.entrypoints: websecure
            traefik.ingress.kubernetes.io/router.tls: "true"
            cert-manager.io/cluster-issuer: lets-encrypt
          host: "openproject.innovation-hub-niedersachsen.de"
          path: /
          pathType: "Prefix"
          tls:
            enabled: true
            secretName: openproject-tls
        
        openproject:
          https: true
          hsts: true
          seed_locale: "de"
          useTmpVolumes: "false"
          admin_user:
            password: "admin"
            password_reset: true
            name: "OpenProject Admin"
            mail: "inno-netz@zpd.polizei.niedersachsen.de"

        resources:
          requests:
            memory: "1Gi"
          limits:
            memory: "2Gi"

        appInit:
          resources:
            requests:
              memory: "512Mi"
            limits:
              memory: "1Gi"       

        memcached:
          global:
            readOnlyRootFilesystem: false
        
        containerSecurityContext:
          readOnlyRootFilesystem: false

        persistence:
          enabled: false
          accessModes:
            - "ReadWriteOnce"

        s3:
          enabled: true
          auth:
            accessKeyId: "K7mNpQ2vRxL9wYtH3Zc8"
            secretAccessKey: "jX9fK2mP5nQ8rT1vW4yZ7bN0cM3hL6gF9dS2aE5k"
          host: "sws3.innovation-hub-niedersachsen.de"
          port: 443
          bucketName: "openproject"
          region: "eu-central-1"
        
        postgresql:
          bundled: true
          auth:
            existingSecret: "postgresql-auth"
            username: "openproject"
            # password: "openproject123"
            # postgresPassword: "postgres123"
            database: "openproject"
          global:
            readOnlyRootFilesystem: false
          primary:
            persistence:
              enabled: true
              size: 8Gi
            service:
              type: ClusterIP
              ports:
                postgresql: 5432
  
  destination:
    server: 'https://kubernetes.default.svc'
    namespace: openproject
  
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        pod-security.kubernetes.io/enforce: "privileged"
    automated:
      selfHeal: true
      prune: true
    syncOptions:
      - CreateNamespace=true