diff --git a/chart/dev-sso-values.yaml b/chart/dev-sso-values.yaml
index 2235091ddb3985ea04550d47211d86b8159bf298..a16d3a430ed3f4be14641f5ae0761c46209f290d 100644
--- a/chart/dev-sso-values.yaml
+++ b/chart/dev-sso-values.yaml
@@ -75,3 +75,8 @@ addons:
sso:
enabled: true
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-confluence
+ mattermost:
+ sso:
+ enabled: true
+ client_id: "platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-mattermost"
+ client_secret: "no-secret"
diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt
index 452c3fe06303d4d50ae376b8c23cb229673fb69b..dd26f8971bb4bce3cca5232e2c9db328810f1473 100644
--- a/chart/templates/NOTES.txt
+++ b/chart/templates/NOTES.txt
@@ -125,3 +125,28 @@ PLATFORM ONE LOGGING WARNING:
{{- end }}
{{- end }}
{{- end }}
+
+{{- if $.Values.addons.mattermost.enabled }}
+Mattermost is enabled.
+{{- with .Values.addons.mattermost.database }}
+{{- if not (and .username .password .host .port .database .ssl_mode) }}
+PLATFORM ONE MATTERMOST WARNING:
+ You have enabled an internal postgres database in the values configuration.
+ PlatformOne does not support this option for production deployments.
+ This option should only be used for development or CI pipelines.
+{{- end }}
+{{- end }}
+{{- with .Values.addons.mattermost.objectStorage }}
+{{- if not (and .endpoint .accessKey .accessSecret .bucket) }}
+PLATFORM ONE MATTERMOST WARNING:
+ You have enabled an internal Minio instance in the values configuration.
+ PlatformOne does not support this option for production deployments.
+ This option should only be used for development or CI pipelines.
+{{- end }}
+{{- end }}
+{{- if and (.Values.addons.mattermost.enterprise.enabled) (not .Values.addons.mattermost.enterprise.license) }}
+PLATFORM ONE MATTERMOST WARNING:
+ You have enabled enterprise Mattermost in the values configuration, but not provided a license.
+ Make sure to go back and edit your values or ensure you add the license through the mattermost settings page.
+{{- end }}
+{{- end }}
diff --git a/chart/templates/mattermost/mattermost/gitrepository.yaml b/chart/templates/mattermost/mattermost/gitrepository.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..21ef6a13165c94c851ccd66cf238eaa23d71f5f7
--- /dev/null
+++ b/chart/templates/mattermost/mattermost/gitrepository.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.addons.mattermost.enabled }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+ name: mattermost
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: mattermost
+ app.kubernetes.io/component: "collaboration-tools"
+ {{- include "commonLabels" . | nindent 4}}
+spec:
+ interval: {{ .Values.flux.interval }}
+ url: {{ .Values.addons.mattermost.git.repo }}
+ ref:
+ {{- include "validRef" .Values.addons.mattermost.git | nindent 4 }}
+ {{ include "gitIgnore" . }}
+ {{- include "gitCreds" . | nindent 2 }}
+{{- end }}
diff --git a/chart/templates/mattermost/mattermost/mattermost-helmrelease.yaml b/chart/templates/mattermost/mattermost/mattermost-helmrelease.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..82dc07bf639b7819ce7a81825cafdda08a611f25
--- /dev/null
+++ b/chart/templates/mattermost/mattermost/mattermost-helmrelease.yaml
@@ -0,0 +1,114 @@
+{{- if .Values.addons.mattermost.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: mattermost
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: mattermost
+ app.kubernetes.io/component: "collaboration-tools"
+ {{- include "commonLabels" . | nindent 4}}
+spec:
+ releaseName: mattermost
+ targetNamespace: mattermost
+ chart:
+ spec:
+ chart: {{ .Values.addons.mattermost.git.path }}
+ interval: 5m
+ sourceRef:
+ kind: GitRepository
+ name: mattermost
+ namespace: {{ .Release.Namespace }}
+
+ {{- with .Values.flux }}
+ interval: {{ .interval }}
+ test:
+ enable: false
+ install:
+ remediation:
+ retries: {{ .install.retries }}
+ upgrade:
+ remediation:
+ retries: {{ .upgrade.retries }}
+ remediateLastFailure: true
+ cleanupOnFail: true
+ rollback:
+ timeout: {{ .rollback.timeout }}
+ cleanupOnFail: {{ .rollback.cleanupOnFail }}
+ {{- end }}
+
+ valuesFrom:
+ - name: values
+ kind: Secret
+ valuesKey: "mattermost.yaml"
+
+ values:
+ hostname: {{ .Values.hostname }}
+ istio:
+ enabled: {{ .Values.istio.enabled }}
+ monitoring:
+ enabled: {{ .Values.monitoring.enabled }}
+ {{- with .Values.addons.mattermost.sso }}
+ sso:
+ enabled: {{ .enabled }}
+ client_id: {{ .client_id }}
+ client_secret: {{ .client_secret | default "no-secret" }}
+ auth_endpoint: {{ .auth_endpoint | default (printf "https://%s/oauth/authorize" $.Values.sso.oidc.host) }}
+ token_endpoint: {{ .token_endpoint | default (printf "https://%s/oauth/token" $.Values.sso.oidc.host) }}
+ user_api_endpoint: {{ .user_api_endpoint | default (printf "https://%s/api/v4/user" $.Values.sso.oidc.host) }}
+ {{- end }}
+ global:
+ imagePullSecrets:
+ - name: private-registry
+ {{- with .Values.addons.mattermost.enterprise }}
+ enterprise:
+ enabled: {{ .enabled }}
+ license: {{ .license }}
+ {{- end }}
+ {{- with .Values.addons.mattermost.database }}
+ {{- if and .username .password .host .port .database .ssl_mode }}
+ database:
+ secret: "mattermost-database-secret"
+ {{- else }}
+ postgresql:
+ image:
+ pullSecrets:
+ - private-registry
+ install: true
+ {{- end }}
+ {{- end }}
+ {{- with .Values.addons.mattermost.objectStorage }}
+ {{- if and .endpoint .accessKey .accessSecret .bucket }}
+ fileStore:
+ secret: "mattermost-objectstorage-secret"
+ url: {{ .endpoint }}
+ bucket: {{ .bucket }}
+ {{- else }}
+ minio:
+ install: true
+ accessKey: {{ .accessKey | default "minio" }}
+ secretKey: {{ .secretKey | default "BigBangDEVONLY" }}
+ {{- end }}
+ {{- end }}
+
+ dependsOn:
+ - name: mattermost-operator
+ namespace: {{ .Release.Namespace }}
+
+ {{- if .Values.istio.enabled }}
+ - name: istio
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+
+ {{- if .Values.monitoring.enabled }}
+ - name: monitoring
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+
+ {{- with .Values.addons.mattermost.objectStorage }}
+ {{- if not (and .endpoint .accessKey .accessSecret .bucket) }}
+ - name: minio-operator
+ namespace: {{ $.Release.Namespace }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/chart/templates/mattermost/mattermost/namespace.yaml b/chart/templates/mattermost/mattermost/namespace.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..2f6c8bb33d11bdfd83b16e347825007609498880
--- /dev/null
+++ b/chart/templates/mattermost/mattermost/namespace.yaml
@@ -0,0 +1,67 @@
+{{- if .Values.addons.mattermost.enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ app: {{ .Release.Name }}-mattermost
+ app.kubernetes.io/name: mattermost
+ app.kubernetes.io/component: "collaboration-tools"
+ {{- include "commonLabels" . | nindent 4}}
+ name: mattermost
+
+---
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: private-registry
+ namespace: mattermost
+ labels:
+ app.kubernetes.io/name: mattermost
+ app.kubernetes.io/component: "collaboration-tools"
+ {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+ .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+
+---
+{{- with .Values.addons.mattermost.database }}
+{{- if and .username .password .host .port .database .ssl_mode }}
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+ name: mattermost-database-secret
+ namespace: mattermost
+ labels:
+ app.kubernetes.io/name: mattermost
+ app.kubernetes.io/component: "collaboration-tools"
+ {{- include "commonLabels" . | nindent 4}}
+stringData:
+ DB_CONNECTION_CHECK_URL: "postgres://{{ .username }}:{{ .password }}@{{ .host }}:{{ .port }}/{{ .database }}?connect_timeout=10&sslmode={{ .ssl_mode }}"
+ DB_CONNECTION_STRING: "postgres://{{ .username }}:{{ .password }}@{{ .host }}:{{ .port }}/{{ .database }}?connect_timeout=10&sslmode={{ .ssl_mode }}"
+{{- end }}
+{{- end }}
+
+---
+{{- with .Values.addons.mattermost.objectStorage }}
+{{- if and .endpoint .accessKey .accessSecret .bucket }}
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+ name: "mattermost-objectstorage-secret"
+ namespace: mattermost
+ labels:
+ app.kubernetes.io/name: mattermost
+ app.kubernetes.io/component: "collaboration-tools"
+ {{- include "commonLabels" . | nindent 4}}
+data:
+ accesskey: {{ .accessKey | b64enc }}
+ secretkey: {{ .secretKey | b64enc }}
+{{- end }}
+{{- end }}
+
+---
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/mattermost/operator/gitrepository.yaml b/chart/templates/mattermost/operator/gitrepository.yaml
index d9e0d121c3aa9d7b78177a6759e52b8ef85c6634..aeff32586d8957097c33394eebfaa2950ca22ec8 100644
--- a/chart/templates/mattermost/operator/gitrepository.yaml
+++ b/chart/templates/mattermost/operator/gitrepository.yaml
@@ -1,4 +1,4 @@
-{{- if and (not .Values.offline) .Values.addons.mattermostoperator.enabled }}
+{{- if and (not .Values.offline) (or .Values.addons.mattermostoperator.enabled .Values.addons.mattermost.enabled) }}
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
diff --git a/chart/templates/mattermost/operator/mattermost-operator-helmrelease.yaml b/chart/templates/mattermost/operator/mattermost-operator-helmrelease.yaml
index 2a2d66de6752f9678cdc6031f523d0a481840c05..f479fc830cf77003d4dff19064b33ca6c095a5be 100644
--- a/chart/templates/mattermost/operator/mattermost-operator-helmrelease.yaml
+++ b/chart/templates/mattermost/operator/mattermost-operator-helmrelease.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.addons.mattermostoperator.enabled }}
+{{- if or .Values.addons.mattermostoperator.enabled .Values.addons.mattermost.enabled }}
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
diff --git a/chart/templates/mattermost/operator/namespace.yaml b/chart/templates/mattermost/operator/namespace.yaml
index c8fa0cda83d9b9657f690a2180148e090ce32e1d..44e30e4cbe85d1d908c70c8e779249e78ae7385c 100644
--- a/chart/templates/mattermost/operator/namespace.yaml
+++ b/chart/templates/mattermost/operator/namespace.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.addons.mattermostoperator.enabled }}
+{{- if or .Values.addons.mattermostoperator.enabled .Values.addons.mattermost.enabled }}
apiVersion: v1
kind: Namespace
metadata:
diff --git a/chart/templates/values.yaml b/chart/templates/values.yaml
index 9a897291f19082d686678e71e87b927f61b480cd..f4a83668f9e1d5405741bfdc5d4e5d5b544010bb 100644
--- a/chart/templates/values.yaml
+++ b/chart/templates/values.yaml
@@ -61,4 +61,6 @@ stringData:
{{ toYaml .Values.addons.sonarqube.values | indent 4 }}
mattermostoperator.yaml: |
{{ toYaml .Values.addons.mattermostoperator.values | indent 4 }}
+ mattermost.yaml: |
+{{ toYaml .Values.addons.mattermost.values | indent 4 }}
data:
diff --git a/chart/values.yaml b/chart/values.yaml
index 4ef9a91f7fe55e34fc088f5a397d126761b44e78..5b159b7520d8fcef9db8bab341fd9906c18713ab 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -556,7 +556,7 @@ addons:
values: {}
# ----------------------------------------------------------------------------------------------------------------------
- # Mattermost Operator
+ # Mattermost Operator and Instance
#
mattermostoperator:
enabled: false
@@ -566,6 +566,87 @@ addons:
tag: "1.12.0-bb.0"
# -- Values to passthrough to the mattermost operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost-operator/-/blob/main/chart/values.yaml
values: {}
+
+ mattermost:
+ # -- Toggle deployment of Mattermost.
+ enabled: false
+ git:
+ repo: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost.git
+ path: "./chart"
+ tag: "0.1.0-bb.1"
+
+ # -- Mattermost Enterprise functionality.
+ enterprise:
+ # -- Toggle the Mattermost Enterprise. This must be accompanied by a valid license unless you plan to start a trial post-install.
+ enabled: false
+
+ # -- License for Mattermost.
+ # This should be the entire contents of the license file from Mattermost (should be one line), example below
+ # license: "eyJpZCI6InIxM205bjR3eTdkYjludG95Z3RiOD---REST---IS---HIDDEN
+ license: ""
+
+ sso:
+ # -- Toggle OIDC SSO for Mattermost on and off.
+ # Enabling this option will auto-create any required secrets.
+ enabled: false
+
+ # -- Mattermost OIDC client ID
+ client_id: ""
+
+ # -- Mattermost OIDC client secret
+ client_secret: ""
+
+ # -- Mattermost OIDC auth endpoint
+ # To get endpoint values, see here: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/docs/keycloak.md#helm-values
+ auth_endpoint: ""
+
+ # -- Mattermost OIDC token endpoint
+ # To get endpoint values, see here: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/docs/keycloak.md#helm-values
+ token_endpoint: ""
+
+ # -- Mattermost OIDC user API endpoint
+ # To get endpoint values, see here: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/docs/keycloak.md#helm-values
+ user_api_endpoint: ""
+
+ database:
+ # -- Hostname of a pre-existing PostgreSQL database to use for Mattermost.
+ # Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
+ host: ""
+
+ # -- Port of a pre-existing PostgreSQL database to use for Mattermost.
+ port: ""
+
+ # -- Username to connect as to external database, the user must have all privileges on the database.
+ username: ""
+
+ # -- Database password for the username used to connect to the existing database.
+ password: ""
+
+ # -- Database name to connect to on host.
+ database: ""
+
+ # -- SSL Mode to use when connecting to the database.
+ # Allowable values for this are viewable in the postgres documentation: https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
+ ssl_mode: ""
+
+ objectStorage:
+ # -- S3 compatible endpoint to use for connection information.
+ # Entering connection info will enable this option and will auto-create any required secrets.
+ # examples: "https://s3.amazonaws.com" "https://s3.us-gov-west-1.amazonaws.com" "http://minio.minio.svc.cluster.local:9000"
+ endpoint: ""
+
+ # -- Access key for connecting to object storage endpoint.
+ accessKey: ""
+
+ # -- Secret key for connecting to object storage endpoint.
+ # Unencoded string data. This should be placed in the secret values and then encrypted
+ accessSecret: ""
+
+ # -- Bucket name to use for Mattermost - will be auto-created.
+ bucket: ""
+
+ # -- Values to passthrough to the Mattermost chart: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/chart/values.yaml
+ values: {}
#
# ----------------------------------------------------------------------------------------------------------------------
- #
\ No newline at end of file
+ #
diff --git a/scripts/deploy/02_wait_for_helmreleases.sh b/scripts/deploy/02_wait_for_helmreleases.sh
index c95c6684661f018130082d2901542b0b17b43534..cb876715c41de313b59753d299c462982b53e594 100755
--- a/scripts/deploy/02_wait_for_helmreleases.sh
+++ b/scripts/deploy/02_wait_for_helmreleases.sh
@@ -3,7 +3,7 @@
set -ex
## This is an array to instantiate the order of wait conditions
-ORDERED_HELMRELEASES="gatekeeper istio-operator istio monitoring eck-operator ek fluent-bit twistlock cluster-auditor authservice argocd gitlab haproxy-sso gitlab-runner minio-operator minio anchore sonarqube mattermost-operator"
+ORDERED_HELMRELEASES="gatekeeper istio-operator istio monitoring eck-operator ek fluent-bit twistlock cluster-auditor authservice argocd gitlab haproxy-sso gitlab-runner minio-operator minio anchore sonarqube mattermost-operator mattermost"
## This the actual deployed helmrelease objects in the cluster
DEPLOYED_HELMRELEASES=$(kubectl get hr --no-headers -n bigbang | awk '{ print $1}')
diff --git a/tests/ci/k3d/values.yaml b/tests/ci/k3d/values.yaml
index 103a34ac93a02350c3b4b3aa58cd5c06aca475d5..3ce3f6f9d2bb606cd1948190a06fb40ebe8fb8b0 100644
--- a/tests/ci/k3d/values.yaml
+++ b/tests/ci/k3d/values.yaml
@@ -73,3 +73,5 @@ addons:
enabled: true
mattermostoperator:
enabled: true
+ mattermost:
+ enabled: true