Attention Iron Bank Customers: On March 27, 2025, we are moving SBOM artifacts from the Anchore Scan job to the Build job to streamline the container hardening pipeline. If you currently download SBOMs from the Anchore Scan job, you can still get them from the Build job and from other sources, including IBFE and image attestations.
Disable Minio Dependency for Mattermost without using objectStorage addon setting
Want to be able to disable minio dependency for Mattermost without using .Values.addons.mattermost.objectStorage, we use our own IAC to create the S3 bucket to use for Mattermost.
Right now the dependency logic for the chart/templates/mattermost/helmrelease.yaml forces you to use the objectStorage setting or there will be dependency on Minio.
{{- with .Values.addons.mattermost.objectStorage }} {{- if not (and .endpoint .accessKey .accessSecret .bucket) }} - name: minio-operator namespace: {{ $.Release.Namespace }} {{- end }} {{- end }}
BigBang Version
2.40.0
Designs
Child items
...
Show closed items
Linked items
0
Link issues together to show that they're related or that one is blocking others.
Learn more.
Hi @bodickyn ! I was trying to understand the issue here.
From what I see, MM will either point to an external objectStorage when setting the objectStorage values. Or, it will fall back to using the minioOperator to launch an internal minio server.
It sounds like you are using an external S3 bucket / server. How are you pointing MM to use that external S3 bucket if you are are not setting objectStorage values.
I think the big problem with that formatting is that if you don't set up the IAM user authentication to that s3 bucket this method won't work. What if it is KMS encrypted and not using a user to login to this s3 bucket. It appears that this is requiring a user access key and secret vs using an irsa IAM role and KMS key encryption for the bucket to assume the role and authenticate this way.
Thanks for the response! That helps. I think we can fix this with a simple change to the helm dependency chart:
{{- if .Values.addons.minioOperator.enabled}}-name:minio-operatornamespace:{{$.Release.Namespace}}{{- end}}
I think that will allow mattermost to install without having to define or worry about other logic values--just a simple is-package-enabled gate which shouldn't hurt anything
We could probably still clean up or simplify the minio.install for dev installs and our PLATFORM ONE MATTERMOST WARNING logic. But, this change should help out prod installs.
Other options like KMS key encryption support might need some additional feature requests tickets -- I'm not sure how flexible our MM chart is at the moment to support that.