diff --git a/flux2/apps/wekan/kustomization.yaml b/flux2/apps/wekan/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..277eff44794571e7100fb4f2ef9c69ed795d94ba
--- /dev/null
+++ b/flux2/apps/wekan/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: oas-apps
+resources:
+  - pvc.yaml
+  - release.yaml
\ No newline at end of file
diff --git a/flux2/apps/wekan/pvc.yaml b/flux2/apps/wekan/pvc.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..71433b596223a7b7b19fc70cea189ef508f4d383
--- /dev/null
+++ b/flux2/apps/wekan/pvc.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: wekan
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 2Gi
+  storageClassName: local-path
diff --git a/flux2/apps/wekan/release.yaml b/flux2/apps/wekan/release.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..59ba3edae0191c2c3bdc7b4f76cf056a25f32776
--- /dev/null
+++ b/flux2/apps/wekan/release.yaml
@@ -0,0 +1,121 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: wekan
+  namespace: oas-apps
+spec:
+  releaseName: wekan
+  chart:
+    spec:
+      chart: .
+      # NOTE: Change the GitRepository yaml file if you want a different version
+      sourceRef:
+        kind: GitRepository
+        name: wekan
+        namespace: flux-system
+  interval: 1h
+  install:
+    timeout: 30m
+  # https://github.com/wekan/wekan/blob/master/helm/wekan/values.yaml
+  values:
+    # https://quay.io/repository/wekan/wekan?tab=tags
+    # https://hub.docker.com/r/wekanteam/wekan
+    image:
+      repository: quay.io/wekan/wekan
+      tag: v5.41
+    # Default env vars in container image: https://github.com/wekan/wekan/blob/master/Dockerfile
+    # Env vars explained: https://github.com/wekan/wekan/blob/master/docker-compose.yml
+    env:
+      - name: "PASSWORD_LOGIN_ENABLED"
+        value: "false"
+      # Debug OIDC OAuth2 etc
+      - name: "DEBUG"
+        value: "true"
+      - name: "ROOT_URL"
+        value: "wekan.${domain}"
+      - name: "MAIL_FROM"
+        value: "Wekan notifications <${outgoing_mail_from_address}>"
+      # - name: "MONGO_URL"
+      #  value: "mongodb://wekandb:27017/wekan"
+      - name: "OAUTH2_ENABLED"
+        value: "TRUE"
+      - name: "OAUTH2_CLIENT_ID"
+        value: "wekan"
+      - name: "OAUTH2_SERVER_URL"
+        value: "https://sso.${domain}"
+      - name: "OAUTH2_AUTH_ENDPOINT"
+        value: "/oauth2/auth"
+      - name: "OAUTH2_USERINFO_ENDPOINT"
+        value: "/userinfo"
+      - name: "OAUTH2_TOKEN_ENDPOINT"
+        value: "/oauth2/token"
+      - name: "OAUTH2_REQUEST_PERMISSIONS"
+        value: "email profile openid openappstack_roles offline_access"
+      # - name: "OAUTH2_ID_MAP"
+      #   value: "preferred_username"
+      # - name: "OAUTH2_USERNAME_MAP"
+      #   value: "preferred_username"
+      # - name: "OAUTH2_FULLNAME_MAP"
+      #   value: "name"
+      # - name: "OAUTH2_EMAIL_MAP"
+      #   value: "email"
+    ## Specify additional secret environmental variables for the
+    ## Deployment. These can e.g. be provided by a Secret and allow
+    ## to store passwords separately
+    ##
+    secretEnv:
+      # https://github.com/wekan/wekan/wiki/Troubleshooting-Mail
+      # NOTE: Special characters need to be url-encoded in MAIL_URL.
+      - name: "MAIL_URL"
+        value: "smtps://${outgoing_mail_smtp_user}:${outgoing_mail_smtp_password}@${outgoing_mail_smtp_host}:${outgoing_mail_smtp_port}"
+      - name: "OAUTH2_SECRET"
+        value: "${wekan_oauth_client_secret}"
+    service:
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "8000"
+        prometheus.io/path: "/_/monitoring/metrics"
+    endpoint: "wekan.${domain}"
+    ingress:
+      enabled: true
+      annotations:
+        kubernetes.io/tls-acme: "true"
+      path: /*
+      hosts:
+        - wekan.${domain}
+      tls:
+        - hosts:
+            - "wekan.${domain}"
+          secretName: oas-wekan
+    autoscaling:
+      enabled: false
+    # https://docs.bitnami.com/kubernetes/infrastructure/mongodb/
+    # https://github.com/bitnami/charts/tree/master/bitnami/mongodb#parameters
+    mongodb:
+      enabled: true
+      architecture: standalone
+      auth:
+        existingSecret: oas-wekan-variables
+      podAnnotations:
+        # Let the backup system include rocketchat data stored in mongodb.
+        backup.velero.io/backup-volumes: "datadir"
+      persistence:
+        enabled: true
+        # FIXME: This value is ignored by the chart currently in use
+        existingClaim: "wekan"
+      resources:
+        limits:
+          cpu: 600m
+          memory: 1024Mi
+        requests:
+          cpu: 300m
+          memory: 768Mi
+  # Allow custom values either by configMap or by secret
+  valuesFrom:
+    - kind: ConfigMap
+      name: oas-wekan-override
+      optional: true
+    - kind: Secret
+      name: oas-wekan-override
+      optional: true