fix(docs): Add GitOps / Argo CD documentation

docs/debugging.md

@@ -201,3 +201,6 @@ kubectl patch -n ${NAMESPACE} configmap ${CONFIGMAP_NAME} --type merge -p '{"dat
 ```
 
 2. Restart the Keycloak Pod(s).
+
+> **Note**<br>
+> As the `ums-keycloak-extensions-handler` is performing frequent (one per second) requests to Keycloak for retrieval of the Keycloak event history, you might want to stop/remove the deployment while debugging/analysing Keycloak to not get your debug output spammed by these requests.

docs/enhanced-configuration.md

@@ -13,4 +13,5 @@ The following enhanced configuration use cases are described in separate documen
 - [Federation with external identity provider](./enhanced-configuration/idp-federation.md)
 - [Matrix federation](./enhanced-configuration/matrix-federation.md)
 - [Groupware migration from M365 to openDesk](./enhanced-configuration/groupware-migration.md)
-- [Self-signed certificate and custom Certificate Authority (CA)](enhanced-configuration/self-signed-certificates.md)
+- [Self-signed certificate and custom Certificate Authority (CA)](./enhanced-configuration/self-signed-certificates.md)
+- [GitOps deployments using Argo CD](./enhanced-configuration/gitops.md)

docs/enhanced-configuration/gitops.md

@@ -0,0 +1,55 @@
+<!--
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+-->
+
+<h1>GitOps Deployment</h1>
+
+<!-- TOC -->
+* [Considerations](#considerations)
+* [ArgoCD](#argocd)
+  * [Option 1: Use YAML manifests](#option-1-use-yaml-manifests)
+  * [Option 2: Helmfile plugin](#option-2-helmfile-plugin)
+<!-- TOC -->
+
+The recommended deployment method for openDesk is via Helmfile. This can be done "by hand", via CI/CD (Gitlab) or using
+the [GitOps](https://about.gitlab.com/topics/gitops/) approach with tools like [Argo CD](https://argoproj.github.io/cd/).
+
+This documentation will use Argo CD to explain how to deploy openDesk GitOps-style.
+
+# Considerations
+
+- openDesk consists of multiple applications which have to be deployed in order.
+- During upgrades, migrations have to run before and after applications.
+
+# ArgoCD
+
+We are continuously improving our Argo CD support, please share you experience with Argo CD deployments e.g. by [creating
+at ticket](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/issues).
+
+There are two options to deploy openDesk via Argo CD described in the following sections.
+
+## Option 1: Use YAML manifests
+
+This option requires a preprocessing step before using Argo CD. This step requires you to compile the Helmfile based
+deployment into Kubernetes YAML manifest, to do so you need to execute the helmfile binary:
+
+```shell
+helmfile template > opendesk.yaml
+```
+
+References:
+- [Helmfile CLI documentation](https://helmfile.readthedocs.io/en/latest/#cli-reference)
+- [Generate K8s YAML Manifests for openDesk](https://gitlab.opencode.de/bmi/opendesk/deployment/options/generate-k8s-yaml-manifests)
+
+Afterwards, you can use the resulting manifests within an standard Argo CD workflow.
+
+## Option 2: Helmfile plugin
+
+It is possible to deploy openDesk via Argo CD with community developed
+[Helmfile plugin](https://github.com/travisghansen/argo-cd-helmfile).
+
+You can find an example for this approach in the
+[Argo CD Deployments](https://gitlab.opencode.de/bmi/opendesk/deployment/options/argocd-deploy) repository.
+It contains an example Helm chart (`opendesk-parent`) to create Argo CD Applications via a Helm chart (`opendesk`)
+according to `app of apps pattern` and is using sync waves to follow dependencies.

docs/enhanced-configuration/idp-federation.md

@@ -7,6 +7,7 @@ SPDX-License-Identifier: Apache-2.0
 
 <!-- TOC -->
 * [Context](#context)
+* [References](#references)
 * [Prerequisites](#prerequisites)
   * [User accounts](#user-accounts)
   * [External IdP with OIDC](#external-idp-with-oidc)
@@ -24,6 +25,15 @@ Most organizations already have an Identity and Access Management (IAM) system w
 
 This document shows how to configure your organization's IdP and the openDesk IdP to support account federation with openDesk single sign-on based on your organization's login.
 
+# References
+
+We would like to list successful IdP federation scenarios, so we are also happy about input from the community:
+
+| External IdP                                                        | last openDesk version tested |
+| ------------------------------------------------------------------- | ---------------------------- |
+| [EU Login](https://webgate.ec.europa.eu/cas/userdata/myAccount.cgi) | v0.9.0                       |
+| [ProConnect](https://www.proconnect.gouv.fr/)                       | v0.9.0                       |
+
 # Prerequisites
 
 ## User accounts

docs/getting-started.md

@@ -240,17 +240,7 @@ cluster:
 ```
 
 ### Volumes
-
+The **StorageClass** must be set by:
-When your cluster has a `ReadWriteMany` volume provisioner, you can benefit from the distribution or scaling of apps. By
-default, only `ReadWriteOnce` is enabled. To enable `ReadWriteMany` you can set:
-
-```yaml
-cluster:
-  persistence:
-    readWriteMany: true
-```
-
-The **StorageClass** can be set by:
 
 ```yaml
 persistence:
@@ -259,6 +249,18 @@ persistence:
     RWO: "my-read-write-once-class"
 ```
 
+`RWX` is optional and requires that your cluster has a `ReadWriteMany` volume provisioner. If you can make use
+of it it benefits the distribution or scaling of apps. By default, only `ReadWriteOnce` is enabled.
+To enable `ReadWriteMany` you have to set:
+
+```yaml
+cluster:
+  persistence:
+    readWriteMany: true
+```
+
+
+
 ## Connectivity
 
 ### Ports

helmfile/apps/openproject/values.yaml.gotmpl

@@ -40,7 +40,7 @@ dbInit:
 environment:
 # For more details and more options see
 # https://www.openproject.org/docs/installation-and-operations/configuration/environment/
-  OPENPROJECT_LOG__LEVEL: {{ if .Values.debug.enabled }}"debug"{{ else }}"warn"{{ end }}
+  OPENPROJECT_LOG__LEVEL: {{ if .Values.debug.enabled }}"debug"{{ else }}"info"{{ end }}
   OPENPROJECT_LOGIN__REQUIRED: "true"
   OPENPROJECT_USER__DEFAULT__TIMEZONE: "Europe/Berlin"
   OPENPROJECT_OAUTH__ALLOW__REMAPPING__OF__EXISTING__USERS: "true"
@@ -84,9 +84,6 @@ environment:
   OPENPROJECT_HOME__URL: {{ printf "https://%s.%s/" .Values.global.hosts.nubus .Values.global.domain | quote }}
   OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ISSUER: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
   OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/"
-  {{- if .Values.enterprise.openproject.token }}
-  OPENPROJECT_ENTERPRISE__TOKEN: {{ .Values.enterprise.openproject.token | quote }}
-  {{- end }}
   {{- if .Values.certificate.selfSigned }}
   SSL_CERT_FILE: "/etc/ssl/certs/ca-certificates.crt"
   {{- end }}

helmfile/environments/default/enterprise.yaml

@@ -1,9 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-License-Identifier: Apache-2.0
-# The variables set in this file are required to upgrade components to their "Enterprise" product variant.
----
-enterprise:
-  openproject:
-    # Enterprise token must match the deployment's OpenProject host name.
-    token: ""
-...