Merge branch 'mattermost-instance' into 'master'

Resolve "Integrate MM Instance with Big Bang Chart"

Closes #124

See merge request platform-one/big-bang/bigbang!273

chart/dev-sso-values.yaml

@@ -75,3 +75,8 @@ addons:
     sso:
       enabled: true
       client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-confluence
+  mattermost:
+    sso:
+      enabled: true
+      client_id: "platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-mattermost"
+      client_secret: "no-secret"

chart/templates/NOTES.txt

@@ -125,3 +125,28 @@ PLATFORM ONE LOGGING WARNING:
     {{- end }}
   {{- end }}
 {{- end }}
+
+{{- if $.Values.addons.mattermost.enabled }}
+Mattermost is enabled.
+{{- with .Values.addons.mattermost.database }}
+{{- if not (and .username .password .host .port .database .ssl_mode) }}
+PLATFORM ONE MATTERMOST WARNING:
+  You have enabled an internal postgres database in the values configuration.
+  PlatformOne does not support this option for production deployments.
+  This option should only be used for development or CI pipelines.
+{{- end }}
+{{- end }}
+{{- with .Values.addons.mattermost.objectStorage }}
+{{- if not (and .endpoint .accessKey .accessSecret .bucket) }}
+PLATFORM ONE MATTERMOST WARNING:
+  You have enabled an internal Minio instance in the values configuration.
+  PlatformOne does not support this option for production deployments.
+  This option should only be used for development or CI pipelines.
+{{- end }}
+{{- end }}
+{{- if and (.Values.addons.mattermost.enterprise.enabled) (not .Values.addons.mattermost.enterprise.license) }}
+PLATFORM ONE MATTERMOST WARNING:
+  You have enabled enterprise Mattermost in the values configuration, but not provided a license.
+  Make sure to go back and edit your values or ensure you add the license through the mattermost settings page.
+{{- end }}
+{{- end }}

chart/templates/mattermost/mattermost/gitrepository.yaml

+{{- if .Values.addons.mattermost.enabled  }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+  name: mattermost
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mattermost
+    app.kubernetes.io/component: "collaboration-tools"
+    {{- include "commonLabels" . | nindent 4}}
+spec:
+  interval: {{ .Values.flux.interval }}
+  url: {{ .Values.addons.mattermost.git.repo }}
+  ref:
+    {{- include "validRef" .Values.addons.mattermost.git | nindent 4 }}
+  {{ include "gitIgnore" . }}
+  {{- include "gitCreds" . | nindent 2 }}
+{{- end }}

chart/templates/mattermost/mattermost/mattermost-helmrelease.yaml

+{{- if .Values.addons.mattermost.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: mattermost
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mattermost
+    app.kubernetes.io/component: "collaboration-tools"
+    {{- include "commonLabels" . | nindent 4}}
+spec:
+  releaseName: mattermost
+  targetNamespace: mattermost
+  chart:
+    spec:
+      chart: {{ .Values.addons.mattermost.git.path }}
+      interval: 5m
+      sourceRef:
+        kind: GitRepository
+        name: mattermost
+        namespace: {{ .Release.Namespace }}
+
+  {{- with .Values.flux }}
+  interval: {{ .interval }}
+  test:
+    enable: false
+  install:
+    remediation:
+      retries: {{ .install.retries }}
+  upgrade:
+    remediation:
+      retries: {{ .upgrade.retries }}
+      remediateLastFailure: true
+    cleanupOnFail: true
+  rollback:
+    timeout: {{ .rollback.timeout }}
+    cleanupOnFail: {{ .rollback.cleanupOnFail }}
+  {{- end }}
+
+  valuesFrom:
+    - name: values
+      kind: Secret
+      valuesKey: "mattermost.yaml"
+
+  values:
+    hostname: {{ .Values.hostname }}
+    istio:
+      enabled: {{ .Values.istio.enabled }}
+    monitoring:
+      enabled: {{ .Values.monitoring.enabled }}
+    {{- with .Values.addons.mattermost.sso }}
+    sso:
+      enabled: {{ .enabled }}
+      client_id: {{ .client_id }}
+      client_secret: {{ .client_secret | default "no-secret" }}
+      auth_endpoint: {{ .auth_endpoint | default (printf "https://%s/oauth/authorize" $.Values.sso.oidc.host) }}
+      token_endpoint: {{ .token_endpoint | default (printf "https://%s/oauth/token" $.Values.sso.oidc.host) }}
+      user_api_endpoint: {{ .user_api_endpoint | default (printf "https://%s/api/v4/user" $.Values.sso.oidc.host) }}
+    {{- end }}
+    global:
+      imagePullSecrets:
+        - name: private-registry
+    {{- with .Values.addons.mattermost.enterprise }}
+    enterprise:
+      enabled: {{ .enabled }}
+      license: {{ .license }}
+    {{- end }}
+    {{- with .Values.addons.mattermost.database }}
+    {{- if and .username .password .host .port .database .ssl_mode }}
+    database:
+      secret: "mattermost-database-secret"
+    {{- else }}
+    postgresql:
+      image:
+        pullSecrets:
+          - private-registry
+      install: true
+    {{- end }}
+    {{- end }}
+    {{- with .Values.addons.mattermost.objectStorage }}
+    {{- if and .endpoint .accessKey .accessSecret .bucket }}
+    fileStore:
+      secret: "mattermost-objectstorage-secret"
+      url: {{ .endpoint }}
+      bucket: {{ .bucket }}
+    {{- else }}
+    minio:
+      install: true
+      accessKey: {{ .accessKey | default "minio" }}
+      secretKey: {{ .secretKey | default "BigBangDEVONLY" }}
+    {{- end }}
+    {{- end }}
+
+  dependsOn:
+    - name: mattermost-operator
+      namespace: {{ .Release.Namespace }}
+
+    {{- if .Values.istio.enabled }}
+    - name: istio
+      namespace: {{ .Release.Namespace }}
+    {{- end }}
+
+    {{- if .Values.monitoring.enabled }}
+    - name: monitoring
+      namespace: {{ .Release.Namespace }}
+    {{- end }}
+
+    {{- with .Values.addons.mattermost.objectStorage }}
+    {{- if not (and .endpoint .accessKey .accessSecret .bucket) }}
+    - name: minio-operator
+      namespace: {{ $.Release.Namespace }}
+    {{- end }}
+    {{- end }}
+{{- end }}

chart/templates/mattermost/mattermost/namespace.yaml

+{{- if .Values.addons.mattermost.enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    app: {{ .Release.Name }}-mattermost
+    app.kubernetes.io/name: mattermost
+    app.kubernetes.io/component: "collaboration-tools"
+    {{- include "commonLabels" . | nindent 4}}
+  name: mattermost
+
+---
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: mattermost
+  labels:
+    app.kubernetes.io/name: mattermost
+    app.kubernetes.io/component: "collaboration-tools"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+
+---
+{{- with .Values.addons.mattermost.database }}
+{{- if and .username .password .host .port .database .ssl_mode }}
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: mattermost-database-secret
+  namespace: mattermost
+  labels:
+    app.kubernetes.io/name: mattermost
+    app.kubernetes.io/component: "collaboration-tools"
+    {{- include "commonLabels" . | nindent 4}}
+stringData:
+  DB_CONNECTION_CHECK_URL: "postgres://{{ .username }}:{{ .password }}@{{ .host }}:{{ .port }}/{{ .database }}?connect_timeout=10&sslmode={{ .ssl_mode }}"
+  DB_CONNECTION_STRING: "postgres://{{ .username }}:{{ .password }}@{{ .host }}:{{ .port }}/{{ .database }}?connect_timeout=10&sslmode={{ .ssl_mode }}"
+{{- end }}
+{{- end }}
+
+---
+{{- with .Values.addons.mattermost.objectStorage }}
+{{- if and .endpoint .accessKey .accessSecret .bucket }}
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: "mattermost-objectstorage-secret"
+  namespace: mattermost
+  labels:
+    app.kubernetes.io/name: mattermost
+    app.kubernetes.io/component: "collaboration-tools"
+    {{- include "commonLabels" . | nindent 4}}
+data:
+  accesskey: {{ .accessKey | b64enc }}
+  secretkey: {{ .secretKey | b64enc }}
+{{- end }}
+{{- end }}
+
+---
+{{- end }}
\ No newline at end of file

chart/templates/mattermost/operator/gitrepository.yaml

-{{- if and (not .Values.offline) .Values.addons.mattermostoperator.enabled }}
+{{- if and (not .Values.offline) (or .Values.addons.mattermostoperator.enabled .Values.addons.mattermost.enabled) }}
 apiVersion: source.toolkit.fluxcd.io/v1beta1
 kind: GitRepository
 metadata:

chart/templates/mattermost/operator/mattermost-operator-helmrelease.yaml

-{{- if .Values.addons.mattermostoperator.enabled }}
+{{- if or .Values.addons.mattermostoperator.enabled .Values.addons.mattermost.enabled }}
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:

chart/templates/mattermost/operator/namespace.yaml

-{{- if .Values.addons.mattermostoperator.enabled }}
+{{- if or .Values.addons.mattermostoperator.enabled .Values.addons.mattermost.enabled }}
 apiVersion: v1
 kind: Namespace
 metadata:

chart/templates/values.yaml

@@ -61,4 +61,6 @@ stringData:
 {{ toYaml .Values.addons.sonarqube.values | indent 4 }}
   mattermostoperator.yaml: |
 {{ toYaml .Values.addons.mattermostoperator.values | indent 4 }}
+  mattermost.yaml: |
+{{ toYaml .Values.addons.mattermost.values | indent 4 }}
 data:

chart/values.yaml

@@ -556,7 +556,7 @@ addons:
     values: {}
 
   # ----------------------------------------------------------------------------------------------------------------------
-  # Mattermost Operator
+  # Mattermost Operator and Instance
   #
   mattermostoperator:
     enabled: false
@@ -566,6 +566,87 @@ addons:
       tag: "1.12.0-bb.0"
     # -- Values to passthrough to the mattermost operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost-operator/-/blob/main/chart/values.yaml
     values: {}
+
+  mattermost:
+    # -- Toggle deployment of Mattermost.
+    enabled: false
+    git:
+      repo: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost.git
+      path: "./chart"
+      tag: "0.1.0-bb.1"
+
+    # -- Mattermost Enterprise functionality.
+    enterprise:
+      # -- Toggle the Mattermost Enterprise.  This must be accompanied by a valid license unless you plan to start a trial post-install.
+      enabled: false
+
+      # -- License for Mattermost.
+      # This should be the entire contents of the license file from Mattermost (should be one line), example below
+      # license: "eyJpZCI6InIxM205bjR3eTdkYjludG95Z3RiOD---REST---IS---HIDDEN
+      license: ""
+
+    sso:
+      # -- Toggle OIDC SSO for Mattermost on and off.
+      # Enabling this option will auto-create any required secrets.
+      enabled: false
+
+      # -- Mattermost OIDC client ID
+      client_id: ""
+
+      # -- Mattermost OIDC client secret
+      client_secret: ""
+
+      # -- Mattermost OIDC auth endpoint
+      # To get endpoint values, see here: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/docs/keycloak.md#helm-values
+      auth_endpoint: ""
+
+      # -- Mattermost OIDC token endpoint
+      # To get endpoint values, see here: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/docs/keycloak.md#helm-values
+      token_endpoint: ""
+
+      # -- Mattermost OIDC user API endpoint
+      # To get endpoint values, see here: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/docs/keycloak.md#helm-values
+      user_api_endpoint: ""
+
+    database:
+      # -- Hostname of a pre-existing PostgreSQL database to use for Mattermost.
+      # Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
+      host: ""
+
+      # -- Port of a pre-existing PostgreSQL database to use for Mattermost.
+      port: ""
+
+      # -- Username to connect as to external database, the user must have all privileges on the database.
+      username: ""
+
+      # -- Database password for the username used to connect to the existing database.
+      password: ""
+
+      # -- Database name to connect to on host.
+      database: ""
+
+      # -- SSL Mode to use when connecting to the database.
+      # Allowable values for this are viewable in the postgres documentation: https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
+      ssl_mode: ""
+
+    objectStorage:
+      # -- S3 compatible endpoint to use for connection information.
+      # Entering connection info will enable this option and will auto-create any required secrets.
+      # examples: "https://s3.amazonaws.com" "https://s3.us-gov-west-1.amazonaws.com" "http://minio.minio.svc.cluster.local:9000"
+      endpoint: ""
+
+      # -- Access key for connecting to object storage endpoint.
+      accessKey: ""
+
+      # -- Secret key for connecting to object storage endpoint.
+      # Unencoded string data. This should be placed in the secret values and then encrypted
+      accessSecret: ""
+
+      # -- Bucket name to use for Mattermost - will be auto-created.
+      bucket: ""
+
+    # -- Values to passthrough to the Mattermost chart: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/chart/values.yaml
+    values: {}
   #
   # ----------------------------------------------------------------------------------------------------------------------
-  #
\ No newline at end of file
+  #

scripts/deploy/02_wait_for_helmreleases.sh

@@ -3,7 +3,7 @@
 set -ex
 
 ## This is an array to instantiate the order of wait conditions
-ORDERED_HELMRELEASES="gatekeeper istio-operator istio monitoring eck-operator ek fluent-bit twistlock cluster-auditor authservice argocd gitlab haproxy-sso gitlab-runner minio-operator minio anchore sonarqube mattermost-operator"
+ORDERED_HELMRELEASES="gatekeeper istio-operator istio monitoring eck-operator ek fluent-bit twistlock cluster-auditor authservice argocd gitlab haproxy-sso gitlab-runner minio-operator minio anchore sonarqube mattermost-operator mattermost"
 
 ## This the actual deployed helmrelease objects in the cluster
 DEPLOYED_HELMRELEASES=$(kubectl get hr --no-headers -n bigbang | awk '{ print $1}')

tests/ci/k3d/values.yaml

@@ -73,3 +73,5 @@ addons:
     enabled: true
   mattermostoperator:
     enabled: true
+  mattermost:
+    enabled: true