k3s/argocd/apps/wekan/values-wekan.yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: wekan
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  source:
    repoURL: 'https://wekan.github.io/charts/'
    chart: wekan
    targetRevision: 7.97.0
    helm:
      values: |
        replicaCount: 1
        dbname: wekan
        env:
          - name: MONGO_URL
            value: mongodb://wekan-mongodb:27017/wekan
          - name: MAIL_URL
            value: smtp://192.168.4.125:25?ignoreTLS=true&tls={rejectUnauthorized:false}&secure=false
          - name: MAIL_FROM
            value: Noreplay admin@innovation-hub-niedersachsen.de
          - name: OAUTH2_ENABLED
            value: "true"
          - name: OAUTH2_LOGIN_STYLE
            value: "redirect"
          - name: OAUTH2_CLIENT_ID
            value: "wekan"
          - name: OAUTH2_SERVER_URL
            value: "https://keycloak.innovation-hub-niedersachsen.de"
          - name: OAUTH2_AUTH_ENDPOINT
            value: "/realms/innohub/protocol/openid-connect/auth"
          - name: OAUTH2_USERINFO_ENDPOINT
            value: "/realms/innohub/protocol/openid-connect/userinfo"
          - name: OAUTH2_TOKEN_ENDPOINT
            value: "/realms/innohub/protocol/openid-connect/token"
          - name: OAUTH2_SECRET
            value: "vp1kG3WgUdPCUAWvECZbAmBdST6Vgm0I"
          - name: OAUTH2_ID_MAP
            value: "sub"
          - name: OAUTH2_USERNAME_MAP
            value: "preferred_username"
          - name: OAUTH2_EMAIL_MAP
            value: "email"
          - name: OAUTH2_FULLNAME_MAP
            value: "name"
          - name: OAUTH2_ADFS_ENABLED
            value: "false"
          - name: OAUTH2_B2C_ENABLED
            value: "false"
          - name: OAUTH2_REQUEST_PERMISSIONS
            value: "openid profile email"        

        end_point: wekan.innovation-hub-niedersachsen.de
        root_url: https://wekan.innovation-hub-niedersachsen.de
        
        # Probe-Einstellungen anpassen
        livenessProbe:
          enabled: true
          initialDelaySeconds: 60
          periodSeconds: 15
          timeoutSeconds: 10
          failureThreshold: 5
        
        readinessProbe:
          enabled: true
          initialDelaySeconds: 20
          periodSeconds: 15
          timeoutSeconds: 10
          failureThreshold: 3
        
        ingress:
          enabled: true
          annotations: 
            kubernetes.io/ingress.class: traefik
            traefik.ingress.kubernetes.io/router.entrypoints: websecure
            traefik.ingress.kubernetes.io/router.tls: "true"
            cert-manager.io/cluster-issuer: lets-encrypt
          hosts:
            - wekan.innovation-hub-niedersachsen.de
          tls:
            - secretName: wekan-tls
              hosts:
                - wekan.innovation-hub-niedersachsen.de
        route:
          enabled: false

        sharedDataFolder:
          enabled: true
          storageClass: longhorn
      
        mongodb:
          enabled: true
          image:
            tag: 7.0.28
          storage:
            className: longhorn
          nodeSelector:
            kubernetes.io/hostname: k3s-prod

  destination:
    server: 'https://kubernetes.default.svc'
    namespace: wekan
  syncPolicy:
    managedNamespaceMetadata:
      labels: 
        pod-security.kubernetes.io/enforce: "privileged"
    automated:
      prune: true
    syncOptions:
      - CreateNamespace=true