---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: wekan
namespace: oas-apps
spec:
releaseName: wekan
chart:
spec:
chart: helm/wekan
# NOTE: Change the GitRepository yaml file if you want a different version
sourceRef:
kind: GitRepository
name: wekan
namespace: flux-system
interval: 1h
install:
timeout: 30m
# https://github.com/wekan/wekan/blob/master/helm/wekan/values.yaml
values:
# https://quay.io/repository/wekan/wekan?tab=tags
# https://hub.docker.com/r/wekanteam/wekan
image:
repository: quay.io/wekan/wekan
tag: v5.41
# Default env vars in container image: https://github.com/wekan/wekan/blob/master/Dockerfile
# Env vars explained: https://github.com/wekan/wekan/blob/master/docker-compose.yml
env:
# Debug OIDC OAuth2 etc
- name: "DEBUG"
value: "true"
- name: "MAIL_FROM"
value: "Wekan notifications <${outgoing_mail_from_address}>"
# Authentication
- name: "PASSWORD_LOGIN_ENABLED"
value: "false"
- name: "OAUTH2_ENABLED"
value: "true"
- name: "OAUTH2_CLIENT_ID"
value: "wekan"
- name: "OAUTH2_SERVER_URL"
value: "https://sso.${domain}"
- name: "OAUTH2_AUTH_ENDPOINT"
value: "/oauth2/auth"
- name: "OAUTH2_USERINFO_ENDPOINT"
value: "/userinfo"
- name: "OAUTH2_TOKEN_ENDPOINT"
value: "/oauth2/token"
- name: "OAUTH2_REQUEST_PERMISSIONS"
value: "email profile openid"
- name: "OAUTH2_ID_MAP"
value: "sub"
- name: "OAUTH2_USERNAME_MAP"
value: "preferred_username"
- name: "OAUTH2_FULLNAME_MAP"
value: "name"
- name: "OAUTH2_EMAIL_MAP"
value: "email"
## Specify additional secret environmental variables for the
## Deployment. These can e.g. be provided by a Secret and allow
## to store passwords separately
##
secretEnv:
# https://github.com/wekan/wekan/wiki/Troubleshooting-Mail
# NOTE: Special characters need to be url-encoded in MAIL_URL.
- name: "MAIL_URL"
value: "smtps://${outgoing_mail_smtp_user}:${outgoing_mail_smtp_password}@${outgoing_mail_smtp_host}:${outgoing_mail_smtp_port}"
- name: "OAUTH2_SECRET"
value: "${wekan_oauth_client_secret}"
- name: "MONGO_URL"
value: "mongodb://wekan:${mongodb_password}@wekan-mongodb:27017/wekan"
service:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8000"
prometheus.io/path: "/_/monitoring/metrics"
endpoint: "wekan.${domain}"
root_url: "https://wekan.${domain}"
ingress:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
path: /*
hosts:
- wekan.${domain}
tls:
- hosts:
- "wekan.${domain}"
secretName: oas-wekan
autoscaling:
enabled: false
# https://docs.bitnami.com/kubernetes/infrastructure/mongodb/
# https://github.com/bitnami/charts/tree/master/bitnami/mongodb#parameters
mongodb:
enabled: true
architecture: standalone
auth:
enabled: true
username: wekan
database: wekan
# Unfortunatly we can't use existingSecret directly here because
# kustomize-controller doesn't allow hyphens/dashes in variable
# substitution names, while mongodb requires hyphens/dashes in the
# var names. See https://github.com/fluxcd/kustomize-controller/issues/395
# for more details.
# existingSecret: oas-wekan-variables
rootPassword: ${mongodb_root_password}
password: ${mongodb_password}
podAnnotations:
# Let the backup system include rocketchat data stored in mongodb.
backup.velero.io/backup-volumes: "datadir"
persistence:
enabled: true
# FIXME: This value is ignored by the chart currently in use
existingClaim: "wekan"
resources:
limits:
cpu: 600m
memory: 1024Mi
requests:
cpu: 300m
memory: 768Mi
# Allow custom values either by configMap or by secret
valuesFrom:
- kind: ConfigMap
name: oas-wekan-override
optional: true
- kind: Secret
name: oas-wekan-override
optional: true