mattermost

Deployment of mattermost

Upstream References

Upstream Release Notes

This package has no upstream release note links on file. Please add some to chart/Chart.yaml under annotations.bigbang.dev/upstreamReleaseNotesMarkdown. Example:

annotations:
  bigbang.dev/upstreamReleaseNotesMarkdown: |
    - [Find our upstream chart's CHANGELOG here](https://link-goes-here/CHANGELOG.md)
    - [and our upstream application release notes here](https://another-link-here/RELEASE_NOTES.md)

Learn More

Pre-Requisites

Kubernetes Cluster deployed
Kubernetes config installed in ~/.kube/config
Helm installed

Kubernetes: >=1.12.0-0

Install Helm

https://helm.sh/docs/intro/install/

Deployment

Clone down the repository
cd into directory

helm install mattermost chart/

Values

Key	Type	Default	Description
domain	string	`"bigbang.dev"`
istio.enabled	bool	`false`	Toggle istio integration
istio.hardened.enabled	bool	`false`
istio.hardened.customAuthorizationPolicies	list	`[]`
istio.hardened.outboundTrafficPolicyMode	string	`"REGISTRY_ONLY"`
istio.hardened.customServiceEntries	list	`[]`
istio.hardened.clusterAuditor.enabled	bool	`false`
istio.hardened.clusterAuditor.namespace	string	`"cluster-auditor"`
istio.hardened.minioOperator.enabled	bool	`true`
istio.hardened.minioOperator.namespaces[0]	string	`"minio-operator"`
istio.hardened.minioOperator.principals[0]	string	`"cluster.local/ns/minio-operator/sa/minio-operator"`
istio.hardened.monitoring.enabled	bool	`true`
istio.hardened.monitoring.namespaces[0]	string	`"monitoring"`
istio.hardened.monitoring.principals[0]	string	`"cluster.local/ns/monitoring/sa/monitoring-grafana"`
istio.hardened.monitoring.principals[1]	string	`"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"`
istio.hardened.monitoring.principals[2]	string	`"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"`
istio.hardened.monitoring.principals[3]	string	`"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"`
istio.hardened.monitoring.principals[4]	string	`"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"`
istio.hardened.monitoring.principals[5]	string	`"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"`
istio.hardened.kyvernoReporter.enabled	bool	`false`
istio.hardened.kyvernoReporter.namespace	string	`"kyverno-reporter"`
istio.mtls	object	`{"mode":"STRICT"}`	Default peer authentication
istio.mtls.mode	string	`"STRICT"`	STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic
istio.chat.enabled	bool	`true`
istio.chat.annotations	object	`{}`
istio.chat.labels	object	`{}`
istio.chat.gateways[0]	string	`"istio-system/main"`
istio.chat.hosts[0]	string	`"chat.{{ .Values.domain }}"`
istio.injection	string	`"disabled"`
ingress	object	`{"annotations":{},"enabled":false,"host":"","tlsSecret":""}`	Specification to configure an Ingress with Mattermost
monitoring.enabled	bool	`false`
monitoring.namespace	string	`"monitoring"`
monitoring.serviceMonitor.scheme	string	`"http"`
monitoring.serviceMonitor.tlsConfig	object	`{}`
networkPolicies.enabled	bool	`false`
networkPolicies.ingressLabels.app	string	`"istio-ingressgateway"`
networkPolicies.ingressLabels.istio	string	`"ingressgateway"`
networkPolicies.controlPlaneCidr	string	`"0.0.0.0/0"`
networkPolicies.additionalPolicies	list	`[]`
sso.enabled	bool	`false`
sso.client_id	string	`"platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-mattermost"`
sso.client_secret	string	`"nothing"`
sso.auth_endpoint	string	`"https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/auth"`
sso.token_endpoint	string	`"https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/token"`
sso.user_api_endpoint	string	`"https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/userinfo"`
sso.enable_sign_up_with_email	bool	`false`
sso.enable_sign_in_with_email	bool	`false`
sso.enable_sign_in_with_username	bool	`false`
image.name	string	`"registry1.dso.mil/ironbank/opensource/mattermost/mattermost"`
image.tag	string	`"10.0.1"`
image.imagePullPolicy	string	`"IfNotPresent"`
global.imagePullSecrets[0].name	string	`"private-registry"`
replicaCount	int	`1`
users	string	`nil`
enterprise.enabled	bool	`false`
enterprise.license	string	`""`
nameOverride	string	`""`
updateJob.disabled	bool	`true`	Must be disabled when Istio injected
updateJob.labels	object	`{}`
updateJob.annotations	object	`{}`
resources.limits.cpu	int	`2`
resources.limits.memory	string	`"4Gi"`
resources.requests.cpu	int	`2`
resources.requests.memory	string	`"4Gi"`
affinity	object	`{}`
nodeSelector	object	`{}`
tolerations	object	`{}`
mattermostEnvs	object	`{}`
existingSecretEnvs	object	`{}`
volumes	object	`{}`
volumeMounts	object	`{}`
podLabels	object	`{}`	Pod labels for Mattermost server pods
podAnnotations	object	`{}`	Pod annotations for Mattermost server pods
securityContext	object	`{"runAsGroup":2000,"runAsNonRoot":true,"runAsUser":2000}`	securityContext for Mattermost server pods
containerSecurityContext	object	`{"capabilities":{"drop":["ALL"]},"runAsGroup":2000,"runAsNonRoot":true,"runAsUser":2000}`	containerSecurityContext for Mattermost server containers
minio.install	bool	`false`
minio.bucketCreationImage	string	`"registry1.dso.mil/ironbank/opensource/minio/mc:RELEASE.2024-01-18T07-03-39Z"`
minio.service.nameOverride	string	`"minio.mattermost.svc.cluster.local"`
minio.tenant.configSecret.name	string	`"mattermost-objstore-creds"`
minio.tenant.configSecret.accessKey	string	`"minio"`
minio.tenant.configSecret.secretKey	string	`"minio123"`
minio.tenant.metrics.enabled	bool	`false`
minio.tenant.metrics.port	int	`9000`
minio.tenant.buckets[0].name	string	`"mattermost"`
postgresql.install	bool	`false`
postgresql.image.registry	string	`"registry1.dso.mil/ironbank"`
postgresql.image.repository	string	`"opensource/postgres/postgresql"`
postgresql.image.tag	string	`"16.2"`
postgresql.image.pullSecrets[0]	string	`"private-registry"`
postgresql.auth.username	string	`"mattermost"`
postgresql.auth.password	string	`"bigbang"`
postgresql.auth.database	string	`"mattermost"`
postgresql.fullnameOverride	string	`"mattermost-postgresql"`
postgresql.securityContext.fsGroup	int	`26`
postgresql.containerSecurityContext.runAsUser	int	`26`
postgresql.containerSecurityContext.runAsNonRoot	bool	`true`
postgresql.containerSecurityContext.capabilities.drop[0]	string	`"ALL"`
postgresql.volumePermissions.enabled	bool	`false`
postgresql.volumePermissions.securityContext.capabilities.drop[0]	string	`"ALL"`
postgresql.postgresqlConfiguration.listen_addresses	string	`"*"`
postgresql.pgHbaConfiguration	string	`"local all all md5\nhost all all all md5"`
database.secret	string	`""`
database.readinessCheck.disableDefault	bool	`true`
database.readinessCheck.image	string	`"registry1.dso.mil/ironbank/opensource/postgres/postgresql:16.2"`
database.readinessCheck.command[0]	string	`"/bin/sh"`
database.readinessCheck.command[1]	string	`"-c"`
database.readinessCheck.command[2]	string	`"until pg_isready --dbname=\"$DB_CONNECTION_CHECK_URL\"; do echo waiting for database; sleep 5; done;"`
database.readinessCheck.env[0].name	string	`"DB_CONNECTION_CHECK_URL"`
database.readinessCheck.env[0].valueFrom.secretKeyRef.key	string	`"DB_CONNECTION_CHECK_URL"`
database.readinessCheck.env[0].valueFrom.secretKeyRef.name	string	`"{{ .Values.database.secret \| default (printf \"%s-dbcreds\" (include \"mattermost.fullname\" .)) }}"`
fileStore.secret	string	`""`
fileStore.url	string	`""`
fileStore.bucket	string	`""`
fileStore.roleARN	string	`""`
elasticsearch.enabled	bool	`false`
elasticsearch.connectionurl	string	`"https://logging-ek-es-http.logging.svc.cluster.local:9200"`
elasticsearch.username	string	`""`
elasticsearch.password	string	`""`
elasticsearch.enableindexing	bool	`true`
elasticsearch.indexprefix	string	`"mm-"`
elasticsearch.skiptlsverification	bool	`true`
elasticsearch.bulkindexingtimewindowseconds	int	`3600`
elasticsearch.sniff	bool	`false`
elasticsearch.enablesearching	bool	`true`
elasticsearch.enableautocomplete	bool	`true`
openshift	bool	`false`
resourcePatch	object	`{}`
bbtests.enabled	bool	`false`
bbtests.cypress.artifacts	bool	`true`
bbtests.cypress.envs.cypress_url	string	`"http://mattermost.mattermost.svc.cluster.local:8065"`
bbtests.cypress.envs.cypress_mm_email	string	`"test@bigbang.dev"`
bbtests.cypress.envs.cypress_mm_user	string	`"bigbang"`
bbtests.cypress.envs.cypress_mm_password	string	`"Bigbang#123"`
bbtests.cypress.envs.cypress_waittime	string	`"5000"`
bbtests.cypress.envs.cypress_tnr_username	string	`"cypress"`
bbtests.cypress.envs.cypress_tnr_password	string	`"tnr_w!G33ZyAt@C8"`
bbtests.cypress.resources.requests.cpu	string	`"2"`
bbtests.cypress.resources.requests.memory	string	`"1500M"`
bbtests.cypress.resources.limits.cpu	string	`"2"`
bbtests.cypress.resources.limits.memory	string	`"1500M"`
waitJob.enabled	bool	`true`
waitJob.scripts.image	string	`"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.5"`
waitJob.permissions.apiGroups[0]	string	`"installation.mattermost.com"`
waitJob.permissions.resources[0]	string	`"mattermosts"`

Contributing

Please see the contributing guide if you are interested in contributing.

This file is programatically generated using helm-docs and some BigBang-specific templates. The gluon repository has instructions for regenerating package READMEs.

DoD-Platform-One/mattermost