✨(openproject) Add OpenProject (MinBZK#96)

Add OpenProject integration to mijn-bureau infrastructure

Author: shiroginne

README.md

@@ -44,6 +44,7 @@ MijnBureau already offers a rich set of features, with a strong focus on collabo
 - Team chat
 - Self-hosted AI language models
 - Integrated identity management
+- Project management
 
 We are actively expanding the suite and plan to add even more capabilities, including:
 
@@ -91,6 +92,7 @@ It currently includes the following open-source components
 | File sharing       | Nextcloud            | [v32.0.1](https://github.com/nextcloud/server/tree/v32.0.1)                         | [documentation](https://nextcloud.com/)                                              | AGPL-3.0   |
 | AI LLM             | Ollama               | [v0.12.9](https://github.com/ollama/ollama/tree/v0.12.9)                            | [documentation](https://ollama.com/)                                                 | MIT        |
 | Spreadsheet        | Grist                | [v1.7.5](https://github.com/gristlabs/grist-core/tree/v1.7.5)                       | [documentation](https://support.getgrist.com/self-managed/)                          | Apache-2.0 |
+| Project Management | OpenProject          | [16.6.0](https://github.com/opf/openproject/releases/tag/v16.6.0).                  | [documentation](https://www.openproject.org/docs/)                                   | GPL-3.0    |
 | Office             | Collabora            | [v25.04.6.2.1](https://github.com/CollaboraOnline/online/releases/tag/cp-25.04.6-1) | [documentation](https://sdk.collaboraonline.com/docs/installation/index.html)        | MPL-2.0    |
 | Notes              | Docs                 | [v3.8.21](https://github.com/suitenumerique/docs/releases/tag/v3.8.21)              | [documentation](https://github.com/suitenumerique/docs/tree/main/docs/installation)  | MIT        |
 | Video backend      | Livekit              | [v1.9.3](https://github.com/livekit/livekit/releases/tag/v1.9.3)                    | [documentation](https://livekit.io/)                                                 | Apache-2.0 |

docs/docs/components/openproject.md

@@ -0,0 +1,41 @@
+---
+sidebar_position: 10
+---
+
+# OpenProject
+
+Project management system for MijnBureau.
+
+## Quick Start
+
+```bash
+# Deploy OpenProject
+export MIJNBUREAU_MASTER_PASSWORD="demo-password"
+export MIJNBUREAU_CREATE_NAMESPACES=true
+helmfile -e demo -l name=openproject apply
+```
+
+## Access
+
+- **URL**: `http://openproject.mb.test/`
+- **Login**: `admin@example.com` / `admin123`
+
+## Features
+
+- Project planning with Gantt charts
+- Task management and time tracking
+- Team collaboration and file sharing
+- Project reporting and analytics
+
+## Troubleshooting
+
+```bash
+# Check status
+kubectl get pods -n mijn-bureau | grep openproject
+
+# Check logs
+kubectl logs -n mijn-bureau -l app.kubernetes.io/name=openproject
+
+# Restart if needed
+kubectl rollout restart deployment/openproject-web -n mijn-bureau
+```

docs/docs/features/openproject.md

@@ -0,0 +1,5 @@
+# Project Management
+
+Project management with OpenProject: Gantt charts, task tracking, and team collaboration.
+
+---

helmfile.yaml.gotmpl

@@ -35,6 +35,8 @@ helmfiles:
     values: *appvalues
   - path: "helmfile/apps/nextcloud/helmfile-child.yaml.gotmpl"
     values: *appvalues
+  - path: "helmfile/apps/openproject/helmfile-child.yaml.gotmpl"
+    values: *appvalues
   - path: "helmfile/apps/livekit/helmfile-child.yaml.gotmpl"
     values: *appvalues
   - path: "helmfile/apps/conversations/helmfile-child.yaml.gotmpl"

helmfile/apps/openproject/README.md

@@ -0,0 +1,61 @@
+# OpenProject Application
+
+OpenProject is a web-based project management system for MijnBureau infrastructure.
+
+## Quick Start
+
+### Demo Environment
+
+```bash
+# Deploy OpenProject
+helmfile -e demo -l name=openproject apply
+
+# Access: http://openproject.mb.test/
+# Login: admin@example.com / admin123
+```
+
+### Production Environment
+
+```bash
+# Deploy OpenProject
+helmfile -e production -l name=openproject apply
+
+# Access: https://openproject.yourdomain.com/
+# Authentication: OIDC/SSO via Keycloak
+```
+
+## Configuration
+
+### Environment Variables
+
+```bash
+export MIJNBUREAU_MASTER_PASSWORD="your-secure-password"
+export MIJNBUREAU_CREATE_NAMESPACES=true
+```
+
+### Key Settings
+
+| Environment | Database            | TLS      | SMTP     | Resources   |
+| ----------- | ------------------- | -------- | -------- | ----------- |
+| Demo        | Bundled PostgreSQL  | Disabled | Disabled | 4 CPU / 4Gi |
+| Production  | External PostgreSQL | Enabled  | Enabled  | 8 CPU / 8Gi |
+
+## Files
+
+- `values.yaml.gotmpl` - Main OpenProject configuration
+- `helmfile-child.yaml.gotmpl` - Helmfile deployment configuration
+
+## Troubleshooting
+
+```bash
+# Check pod status
+kubectl get pods -n mijn-bureau | grep openproject
+
+# Check logs
+kubectl logs -n mijn-bureau -l app.kubernetes.io/name=openproject
+```
+
+## Documentation
+
+- [OpenProject Official Docs](https://www.openproject.org/docs/)
+- [OpenProject Helm Chart](https://github.com/opf/helm-charts)

helmfile/apps/openproject/helmfile-child.yaml.gotmpl

@@ -0,0 +1,15 @@
+bases:
+  - "../../bases/default.yaml.gotmpl"
+
+repositories:
+  - name: openproject
+    url: https://charts.openproject.org
+
+releases:
+  - name: openproject
+    chart: openproject/openproject
+    version: "11.3.3"
+    condition: application.openproject.enabled
+    namespace: {{ .Values.application.openproject.namespace }}
+    values:
+      - "values.yaml.gotmpl"

helmfile/apps/openproject/values.yaml.gotmpl

@@ -0,0 +1,131 @@
+# OpenProject Configuration
+# Production-ready configuration with demo optimizations
+
+global:
+  security:
+    allowInsecureImages: false
+
+  imagePullSecrets:
+    - name: {{ (coalesce .Values.container.openproject.imagePullSecret .Values.container.default.imagePullSecret) | quote }}
+
+image:
+  registry: {{ (coalesce .Values.container.openproject.registry .Values.container.default.registry) | quote }}
+  repository: {{ .Values.container.openproject.repository | quote }}
+  tag: {{ .Values.container.openproject.tag | quote }}
+
+openproject:
+  https: {{ .Values.openproject.ingress.tls | default true }}
+  admin_user:
+    password: {{ .Values.openproject.admin_user.password | quote }}
+    password_reset: {{ .Values.openproject.admin_user.password_reset | default true }}
+    name: {{ .Values.openproject.admin_user.name | quote }}
+    mail: {{ .Values.openproject.admin_user.mail | quote }}
+  seed_locale: {{ .Values.openproject.seed_locale | default "en" }}
+  useTmpVolumes: {{ .Values.openproject.useTmpVolumes | default false }}
+
+ingress:
+  enabled: true
+  host: {{ .Values.global.hostname.openproject }}.{{ .Values.global.domain }}
+  ingressClassName: {{ .Values.cluster.ingress.className | quote }}
+  tls:
+    enabled: {{ .Values.global.tls.enabled | default true }}
+    secretName: {{ .Values.openproject.ingress.secretName | default "openproject-tls" }}
+  annotations:
+    {{- if .Values.cluster.ingress.annotations }}
+    {{ .Values.cluster.ingress.annotations | toYaml | nindent 4 }}
+    {{- end }}
+    {{- if eq .Values.cluster.ingress.type "nginx" }}
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    {{- end }}
+
+# PostgreSQL configuration
+postgresql:
+  bundled: {{ eq .Environment.Name "demo" }}
+  image:
+    registry: "registry-1.docker.io"
+    repository: "bitnamilegacy/postgresql"
+    tag: "17-debian-12"
+  auth:
+    postgresPassword: {{ .Values.secret.openproject.postgresPassword | quote }}
+    username: "openproject"
+    password: {{ .Values.secret.openproject.postgresPassword | quote }}
+    database: "openproject"
+  connection:
+    host: {{ .Values.database.openproject.host }}
+    port: {{ .Values.database.openproject.port }}
+    database: {{ .Values.database.openproject.name }}
+    username: {{ .Values.database.openproject.user }}
+    password: {{ .Values.database.openproject.password }}
+
+# Cache configuration
+# Use memcached for demo, Redis for production
+memcached:
+  bundled: {{ eq .Environment.Name "demo" }}
+  image:
+    repository: bitnami/memcached
+    tag: "latest"
+
+# OIDC configuration
+oidc:
+  enabled: {{ .Values.authentication.oidc | default true }}
+  provider:
+    name: "Keycloak"
+    host: {{ .Values.global.hostname.keycloak }}.{{ .Values.global.domain }}
+    identifier: {{ .Values.authentication.client.openproject.client_id }}
+    secret: {{ .Values.authentication.client.openproject.client_secret }}
+    authorization_endpoint: "{{ .Values.authentication.oidc.authorization_endpoint }}"
+    token_endpoint: "{{ .Values.authentication.oidc.token_endpoint }}"
+    userinfo_endpoint: "{{ .Values.authentication.oidc.userinfo_endpoint }}"
+    jwks_uri: "{{ .Values.authentication.oidc.jwks_endpoint }}"
+    scope: ["openid", "profile", "email"]
+
+# Init container resources
+appInit:
+  resources:
+    limits:
+      memory: {{ .Values.openproject.appInit.resources.limits.memory | default "2Gi" | quote }}
+    requests:
+      memory: {{ .Values.openproject.appInit.resources.requests.memory | default "1Gi" | quote }}
+
+dbInit:
+  resources:
+    limits:
+      memory: {{ .Values.openproject.dbInit.resources.limits.memory | default "1Gi" | quote }}
+    requests:
+      memory: {{ .Values.openproject.dbInit.resources.requests.memory | default "512Mi" | quote }}
+
+# Persistence configuration
+persistence:
+  # main data volume (used by OpenProject for assets/uploads, etc.)
+  enabled: {{ .Values.openproject.persistence.enabled | default true }}
+  size: {{ .Values.openproject.persistence.size | default "8Gi" | quote }}
+  accessModes:
+    {{- if .Values.openproject.persistence.accessModes }}
+    {{- range .Values.openproject.persistence.accessModes }}
+    - {{ . | quote }}
+    {{- end }}
+    {{- else }}
+    - "ReadWriteOnce"
+    {{- end }}
+  {{- if .Values.openproject.persistence.storageClass }}
+  storageClass: {{ .Values.openproject.persistence.storageClass | quote }}
+  {{- end }}
+
+  # control the optional separate assets PVC from the upstream chart
+  assets:
+    enabled: {{ ne .Environment.Name "demo" }}
+
+# Security context configuration (optional)
+{{- if and .Values.openproject (hasKey .Values.openproject "securityContext") }}
+securityContext: {{ .Values.openproject.securityContext | toYaml | nindent 2 }}
+{{- end }}
+
+{{- if and .Values.openproject (hasKey .Values.openproject "containerSecurityContext") }}
+containerSecurityContext: {{ .Values.openproject.containerSecurityContext | toYaml | nindent 2 }}
+{{- end }}
+
+# Autoscaling configuration
+{{- if .Values.autoscaling.horizontal.openproject }}
+autoscaling:
+  hpa: {{ .Values.autoscaling.horizontal.openproject | toYaml | nindent 4 }}
+{{- end }}

helmfile/environments/default/application.yaml.gotmpl

@@ -46,6 +46,11 @@ application:
     enabled: true
     namespace: ~
 
+  # OpenProject is a web-based project management system
+  openproject:
+    enabled: true
+    namespace: ~
+
   # livekit is a video conferencing backend system
   livekit:
     enabled: true

helmfile/environments/default/authentication.yaml.gotmpl

@@ -31,10 +31,13 @@ authentication:
       client_secret: {{ derivePassword 1 "long" ( requiredEnv "MIJNBUREAU_MASTER_PASSWORD" ) "keycloak" "synapse_client_secret" | sha1sum | quote }}
     nextcloud:
       client_id: "nextcloud"
-      client_secret: {{ derivePassword 1 "long" ( requiredEnv "MIJNBUREAU_MASTER_PASSWORD" ) "keycloak" "nextcloud_client_secret" | sha1sum | quote }}
+      client_secret: {{ derivePassword 1 "long" ( requiredEnv "MIJNBUREAU_MASTER_PASSWORD" ) "keycloak" "nextcloud_client_secret" | sha1sum | quote}}
+    openproject:
+      client_id: "openproject"
+      client_secret: {{ derivePassword 1 "long" ( requiredEnv "MIJNBUREAU_MASTER_PASSWORD" ) "keycloak" "openproject_client_secret" | sha1sum | quote}}
     conversations:
       client_id: "conversations"
-      client_secret: {{ derivePassword 1 "long" (requiredEnv "MIJNBUREAU_MASTER_PASSWORD" ) "keycloak" "conversations_client_secret" | sha1sum | quote}}
+      client_secret: {{ derivePassword 1 "long" ( requiredEnv "MIJNBUREAU_MASTER_PASSWORD" ) "keycloak" "conversations_client_secret" | sha1sum | quote}}
     docs:
       client_id: "docs"
       client_secret: {{ derivePassword 1 "long" ( requiredEnv "MIJNBUREAU_MASTER_PASSWORD" ) "keycloak" "docs_client_secret" | sha1sum | quote }}

helmfile/environments/default/autoscaling.yaml.gotmpl

@@ -42,6 +42,12 @@ autoscaling:
       maxReplicas: 3
       targetCPU: 75
       targetMemory: ""
+    openproject:
+      enabled: true
+      minReplicas: 1
+      maxReplicas: 3
+      targetCPU: 75
+      targetMemory: ""
     meet:
       enabled: true
       minReplicas: 1