---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: wekan
  namespace: oas-apps
spec:
  releaseName: wekan
  chart:
    spec:
      chart: helm/wekan
      # NOTE: Change the GitRepository yaml file if you want a different version
      sourceRef:
        kind: GitRepository
        name: wekan
        namespace: flux-system
  interval: 1h
  install:
    timeout: 30m
  # https://github.com/wekan/wekan/blob/master/helm/wekan/values.yaml
  values:
    # https://quay.io/repository/wekan/wekan?tab=tags
    # https://hub.docker.com/r/wekanteam/wekan
    image:
      repository: quay.io/wekan/wekan
      tag: v5.41
    # Default env vars in container image: https://github.com/wekan/wekan/blob/master/Dockerfile
    # Env vars explained: https://github.com/wekan/wekan/blob/master/docker-compose.yml
    env:
      # Debug OIDC OAuth2 etc
      - name: "DEBUG"
        value: "true"
      - name: "MAIL_FROM"
        value: "Wekan notifications <${outgoing_mail_from_address}>"
      # Authentication
      - name: "PASSWORD_LOGIN_ENABLED"
        value: "false"
      - name: "OAUTH2_ENABLED"
        value: "true"
      - name: "OAUTH2_CLIENT_ID"
        value: "wekan"
      - name: "OAUTH2_SERVER_URL"
        value: "https://sso.${domain}"
      - name: "OAUTH2_AUTH_ENDPOINT"
        value: "/oauth2/auth"
      - name: "OAUTH2_USERINFO_ENDPOINT"
        value: "/userinfo"
      - name: "OAUTH2_TOKEN_ENDPOINT"
        value: "/oauth2/token"
      - name: "OAUTH2_REQUEST_PERMISSIONS"
        value: "email profile openid"
      - name: "OAUTH2_ID_MAP"
        value: "sub"
      - name: "OAUTH2_USERNAME_MAP"
        value: "preferred_username"
      - name: "OAUTH2_FULLNAME_MAP"
        value: "name"
      - name: "OAUTH2_EMAIL_MAP"
        value: "email"
    ## Specify additional secret environmental variables for the
    ## Deployment. These can e.g. be provided by a Secret and allow
    ## to store passwords separately
    ##
    secretEnv:
      # https://github.com/wekan/wekan/wiki/Troubleshooting-Mail
      # NOTE: Special characters need to be url-encoded in MAIL_URL.
      - name: "MAIL_URL"
        value: "smtps://${outgoing_mail_smtp_user}:${outgoing_mail_smtp_password}@${outgoing_mail_smtp_host}:${outgoing_mail_smtp_port}"
      - name: "OAUTH2_SECRET"
        value: "${wekan_oauth_client_secret}"
      - name: "MONGO_URL"
        value: "mongodb://wekan:${mongodb_password}@wekan-mongodb:27017/wekan"
    service:
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "8000"
        prometheus.io/path: "/_/monitoring/metrics"
    endpoint: "wekan.${domain}"
    root_url: "https://wekan.${domain}"
    ingress:
      enabled: true
      annotations:
        kubernetes.io/tls-acme: "true"
      path: /*
      hosts:
        - wekan.${domain}
      tls:
        - hosts:
            - "wekan.${domain}"
          secretName: oas-wekan
    autoscaling:
      enabled: false
    # https://docs.bitnami.com/kubernetes/infrastructure/mongodb/
    # https://github.com/bitnami/charts/tree/master/bitnami/mongodb#parameters
    mongodb:
      enabled: true
      architecture: standalone
      auth:
        enabled: true
        username: wekan
        database: wekan
        # Unfortunatly we can't use existingSecret directly here because
        # kustomize-controller doesn't allow hyphens/dashes in variable
        # substitution names, while mongodb requires hyphens/dashes in the
        # var names. See https://github.com/fluxcd/kustomize-controller/issues/395
        # for more details.
        # existingSecret: oas-wekan-variables
        rootPassword: ${mongodb_root_password}
        password: ${mongodb_password}
      podAnnotations:
        # Let the backup system include rocketchat data stored in mongodb.
        backup.velero.io/backup-volumes: "datadir"
      persistence:
        enabled: true
        # FIXME: This value is ignored by the chart currently in use
        existingClaim: "wekan"
      resources:
        limits:
          cpu: 600m
          memory: 1024Mi
        requests:
          cpu: 300m
          memory: 768Mi
  # Allow custom values either by configMap or by secret
  valuesFrom:
    - kind: ConfigMap
      name: oas-wekan-override
      optional: true
    - kind: Secret
      name: oas-wekan-override
      optional: true