Disable Minio Dependency for Mattermost without using objectStorage addon setting

Bug

Description

Want to be able to disable minio dependency for Mattermost without using .Values.addons.mattermost.objectStorage, we use our own IAC to create the S3 bucket to use for Mattermost.

Right now the dependency logic for the chart/templates/mattermost/helmrelease.yaml forces you to use the objectStorage setting or there will be dependency on Minio.

    {{- with .Values.addons.mattermost.objectStorage }}
    {{- if not (and .endpoint .accessKey .accessSecret .bucket) }}
    - name: minio-operator
      namespace: {{ $.Release.Namespace }}
    {{- end }}
    {{- end }}

BigBang Version

2.40.0

added community-contribution label

added triage-kind label

added triage-priority label

added teamDevelopment & Ops label

added kindbug priority2 labels

removed triage-priority label

removed triage-kind label

changed iteration to Big Bang Iterations Dec 10, 2024 - Dec 23, 2024

removed teamDevelopment & Ops label

added teamStorage & Collaboration label

assigned to @benjamin.starks

removed iteration Big Bang Iterations Dec 10, 2024 - Dec 23, 2024

changed iteration to Big Bang Iterations Dec 24, 2024 - Jan 6, 2025

removed iteration Big Bang Iterations Dec 24, 2024 - Jan 6, 2025

changed iteration to Big Bang Iterations Jan 7, 2025 - Jan 20, 2025

mentioned in merge request !5598 (merged)

added statusreview label

set weight to 2

Hi @bodickyn ! I was trying to understand the issue here.

From what I see, MM will either point to an external objectStorage when setting the objectStorage values. Or, it will fall back to using the minioOperator to launch an internal minio server.

It sounds like you are using an external S3 bucket / server. How are you pointing MM to use that external S3 bucket if you are are not setting objectStorage values.

Hi @michaelmartin,

I think the big problem with that formatting is that if you don't set up the IAM user authentication to that s3 bucket this method won't work. What if it is KMS encrypted and not using a user to login to this s3 bucket. It appears that this is requiring a user access key and secret vs using an irsa IAM role and KMS key encryption for the bucket to assume the role and authenticate this way.

Thanks for the response! That helps. I think we can fix this with a simple change to the helm dependency chart:

    {{- if .Values.addons.minioOperator.enabled }}
    - name: minio-operator
      namespace: {{ $.Release.Namespace }}
    {{- end }}

I think that will allow mattermost to install without having to define or worry about other logic values--just a simple is-package-enabled gate which shouldn't hurt anything

We could probably still clean up or simplify the minio.install for dev installs and our PLATFORM ONE MATTERMOST WARNING logic. But, this change should help out prod installs.

Other options like KMS key encryption support might need some additional feature requests tickets -- I'm not sure how flexible our MM chart is at the moment to support that.

@peter.sigur @bodickyn

@michaelmartin yup that looks and sounds to me, thanks !

fyi @christopherfickess20

removed iteration Big Bang Iterations Jan 7, 2025 - Jan 20, 2025

changed iteration to Big Bang Iterations Jan 21, 2025 - Feb 3, 2025

changed weight to 3 from 2

mentioned in commit caf4074e

closed with merge request !5598 (merged)

removed statusreview label