diff --git a/docs/debugging.md b/docs/debugging.md
index d950491e..7dd83fa6 100644
--- a/docs/debugging.md
+++ b/docs/debugging.md
@@ -201,3 +201,6 @@ kubectl patch -n ${NAMESPACE} configmap ${CONFIGMAP_NAME} --type merge -p '{"dat
```
2. Restart the Keycloak Pod(s).
+
+> **Note**
+> As the `ums-keycloak-extensions-handler` is performing frequent (one per second) requests to Keycloak for retrieval of the Keycloak event history, you might want to stop/remove the deployment while debugging/analysing Keycloak to not get your debug output spammed by these requests.
diff --git a/docs/enhanced-configuration.md b/docs/enhanced-configuration.md
index 7dcd8d23..342008ce 100644
--- a/docs/enhanced-configuration.md
+++ b/docs/enhanced-configuration.md
@@ -13,4 +13,5 @@ The following enhanced configuration use cases are described in separate documen
- [Federation with external identity provider](./enhanced-configuration/idp-federation.md)
- [Matrix federation](./enhanced-configuration/matrix-federation.md)
- [Groupware migration from M365 to openDesk](./enhanced-configuration/groupware-migration.md)
-- [Self-signed certificate and custom Certificate Authority (CA)](enhanced-configuration/self-signed-certificates.md)
+- [Self-signed certificate and custom Certificate Authority (CA)](./enhanced-configuration/self-signed-certificates.md)
+- [GitOps deployments using Argo CD](./enhanced-configuration/gitops.md)
diff --git a/docs/enhanced-configuration/gitops.md b/docs/enhanced-configuration/gitops.md
new file mode 100644
index 00000000..04cbda9b
--- /dev/null
+++ b/docs/enhanced-configuration/gitops.md
@@ -0,0 +1,55 @@
+
+
+GitOps Deployment
+
+
+* [Considerations](#considerations)
+* [ArgoCD](#argocd)
+ * [Option 1: Use YAML manifests](#option-1-use-yaml-manifests)
+ * [Option 2: Helmfile plugin](#option-2-helmfile-plugin)
+
+
+The recommended deployment method for openDesk is via Helmfile. This can be done "by hand", via CI/CD (Gitlab) or using
+the [GitOps](https://about.gitlab.com/topics/gitops/) approach with tools like [Argo CD](https://argoproj.github.io/cd/).
+
+This documentation will use Argo CD to explain how to deploy openDesk GitOps-style.
+
+# Considerations
+
+- openDesk consists of multiple applications which have to be deployed in order.
+- During upgrades, migrations have to run before and after applications.
+
+# ArgoCD
+
+We are continuously improving our Argo CD support, please share you experience with Argo CD deployments e.g. by [creating
+at ticket](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/issues).
+
+There are two options to deploy openDesk via Argo CD described in the following sections.
+
+## Option 1: Use YAML manifests
+
+This option requires a preprocessing step before using Argo CD. This step requires you to compile the Helmfile based
+deployment into Kubernetes YAML manifest, to do so you need to execute the helmfile binary:
+
+```shell
+helmfile template > opendesk.yaml
+```
+
+References:
+- [Helmfile CLI documentation](https://helmfile.readthedocs.io/en/latest/#cli-reference)
+- [Generate K8s YAML Manifests for openDesk](https://gitlab.opencode.de/bmi/opendesk/deployment/options/generate-k8s-yaml-manifests)
+
+Afterwards, you can use the resulting manifests within an standard Argo CD workflow.
+
+## Option 2: Helmfile plugin
+
+It is possible to deploy openDesk via Argo CD with community developed
+[Helmfile plugin](https://github.com/travisghansen/argo-cd-helmfile).
+
+You can find an example for this approach in the
+[Argo CD Deployments](https://gitlab.opencode.de/bmi/opendesk/deployment/options/argocd-deploy) repository.
+It contains an example Helm chart (`opendesk-parent`) to create Argo CD Applications via a Helm chart (`opendesk`)
+according to `app of apps pattern` and is using sync waves to follow dependencies.
diff --git a/docs/enhanced-configuration/idp-federation.md b/docs/enhanced-configuration/idp-federation.md
index dec928c8..a3e5cdae 100644
--- a/docs/enhanced-configuration/idp-federation.md
+++ b/docs/enhanced-configuration/idp-federation.md
@@ -7,6 +7,7 @@ SPDX-License-Identifier: Apache-2.0
* [Context](#context)
+* [References](#references)
* [Prerequisites](#prerequisites)
* [User accounts](#user-accounts)
* [External IdP with OIDC](#external-idp-with-oidc)
@@ -24,6 +25,15 @@ Most organizations already have an Identity and Access Management (IAM) system w
This document shows how to configure your organization's IdP and the openDesk IdP to support account federation with openDesk single sign-on based on your organization's login.
+# References
+
+We would like to list successful IdP federation scenarios, so we are also happy about input from the community:
+
+| External IdP | last openDesk version tested |
+| ------------------------------------------------------------------- | ---------------------------- |
+| [EU Login](https://webgate.ec.europa.eu/cas/userdata/myAccount.cgi) | v0.9.0 |
+| [ProConnect](https://www.proconnect.gouv.fr/) | v0.9.0 |
+
# Prerequisites
## User accounts
diff --git a/docs/getting-started.md b/docs/getting-started.md
index 935cd78e..881c3066 100644
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@@ -240,17 +240,7 @@ cluster:
```
### Volumes
-
-When your cluster has a `ReadWriteMany` volume provisioner, you can benefit from the distribution or scaling of apps. By
-default, only `ReadWriteOnce` is enabled. To enable `ReadWriteMany` you can set:
-
-```yaml
-cluster:
- persistence:
- readWriteMany: true
-```
-
-The **StorageClass** can be set by:
+The **StorageClass** must be set by:
```yaml
persistence:
@@ -259,6 +249,18 @@ persistence:
RWO: "my-read-write-once-class"
```
+`RWX` is optional and requires that your cluster has a `ReadWriteMany` volume provisioner. If you can make use
+of it it benefits the distribution or scaling of apps. By default, only `ReadWriteOnce` is enabled.
+To enable `ReadWriteMany` you have to set:
+
+```yaml
+cluster:
+ persistence:
+ readWriteMany: true
+```
+
+
+
## Connectivity
### Ports
diff --git a/helmfile/apps/openproject/values.yaml.gotmpl b/helmfile/apps/openproject/values.yaml.gotmpl
index 39064849..319c8ed1 100644
--- a/helmfile/apps/openproject/values.yaml.gotmpl
+++ b/helmfile/apps/openproject/values.yaml.gotmpl
@@ -40,7 +40,7 @@ dbInit:
environment:
# For more details and more options see
# https://www.openproject.org/docs/installation-and-operations/configuration/environment/
- OPENPROJECT_LOG__LEVEL: {{ if .Values.debug.enabled }}"debug"{{ else }}"warn"{{ end }}
+ OPENPROJECT_LOG__LEVEL: {{ if .Values.debug.enabled }}"debug"{{ else }}"info"{{ end }}
OPENPROJECT_LOGIN__REQUIRED: "true"
OPENPROJECT_USER__DEFAULT__TIMEZONE: "Europe/Berlin"
OPENPROJECT_OAUTH__ALLOW__REMAPPING__OF__EXISTING__USERS: "true"
@@ -84,9 +84,6 @@ environment:
OPENPROJECT_HOME__URL: {{ printf "https://%s.%s/" .Values.global.hosts.nubus .Values.global.domain | quote }}
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ISSUER: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/"
- {{- if .Values.enterprise.openproject.token }}
- OPENPROJECT_ENTERPRISE__TOKEN: {{ .Values.enterprise.openproject.token | quote }}
- {{- end }}
{{- if .Values.certificate.selfSigned }}
SSL_CERT_FILE: "/etc/ssl/certs/ca-certificates.crt"
{{- end }}
diff --git a/helmfile/environments/default/enterprise.yaml b/helmfile/environments/default/enterprise.yaml
deleted file mode 100644
index 169d0dcb..00000000
--- a/helmfile/environments/default/enterprise.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-License-Identifier: Apache-2.0
-# The variables set in this file are required to upgrade components to their "Enterprise" product variant.
----
-enterprise:
- openproject:
- # Enterprise token must match the deployment's OpenProject host name.
- token: ""
-...