From 3929ba27080941e0a074d29a5a207dfbb472c9e0 Mon Sep 17 00:00:00 2001
From: Micah Nagel <micah.nagel@parsons.com>
Date: Fri, 4 Jun 2021 15:06:07 -0600
Subject: [PATCH 1/3] treat for JSON

---
 CHANGELOG.md                    |  4 ++++
 chart/Chart.yaml                |  2 +-
 chart/templates/mattermost.yaml | 10 ++++++++++
 chart/values.yaml               |  9 +++++++++
 4 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1a6f621..d32c328 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ---
 
+## [0.1.6-bb.4] - 2021-06-07
+### Added
+- Ability to pass volumes / volumeMounts to MM pods
+
 ## [0.1.6-bb.3] - 2021-06-04
 ### Added
 - Add IPS with new operator
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 29f2702..0a2698c 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: mattermost
 type: application
-version: "0.1.6-bb.3"
+version: "0.1.6-bb.4"
 appVersion: "5.34.2"
 description: "Deployment of mattermost"
 keywords:
diff --git a/chart/templates/mattermost.yaml b/chart/templates/mattermost.yaml
index ee5f8d8..f7d6e68 100644
--- a/chart/templates/mattermost.yaml
+++ b/chart/templates/mattermost.yaml
@@ -153,6 +153,16 @@ spec:
       {{ toYaml .Values.nodeSelector | nindent 6 }}
     {{- end }}  
 
+  {{- with .Values.volumes }}
+  volumes:
+  {{- toYaml . | nindent 4}}
+  {{- end }}
+
+  {{- with .Values.volumeMounts }}
+  volumeMounts:
+  {{- toYaml . | nindent 4}}
+  {{- end }}
+
   database:
     external:
       secret: {{ .Values.database.secret | default (printf "%s-dbcreds" (include "mattermost.fullname" .)) }}
diff --git a/chart/values.yaml b/chart/values.yaml
index 50e56c7..d97275e 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -101,6 +101,15 @@ existingSecretEnvs: {}
   #       key: DB_CONNECTION_CHECK_URL
   #       name: "mysecretname"
 
+volumes: {}
+  # - name: ca-cert
+  #   secret:
+  #     name: ca-cert
+
+volumeMounts: {}
+  # - name: ca-cert
+  #   mountPath: /etc/ssl/certs
+
 minio:
   install: false
 
-- 
GitLab


From 63cbd2c6bde8dc58e53b41dcbc2840e8e39d2c46 Mon Sep 17 00:00:00 2001
From: Micah Nagel <micah.nagel@parsons.com>
Date: Fri, 4 Jun 2021 15:11:55 -0600
Subject: [PATCH 2/3] fix syntax

---
 chart/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chart/values.yaml b/chart/values.yaml
index d97275e..b393e8a 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -104,7 +104,7 @@ existingSecretEnvs: {}
 volumes: {}
   # - name: ca-cert
   #   secret:
-  #     name: ca-cert
+  #     secretName: ca-secret
 
 volumeMounts: {}
   # - name: ca-cert
-- 
GitLab


From 3ee431f04726ff422ee59ff685135d4bc67490b0 Mon Sep 17 00:00:00 2001
From: Micah Nagel <micah.nagel@parsons.com>
Date: Mon, 7 Jun 2021 15:30:45 -0600
Subject: [PATCH 3/3] add docs and example

---
 chart/values.yaml |  2 ++
 docs/keycloak.md  | 24 ++++++++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/chart/values.yaml b/chart/values.yaml
index b393e8a..3c5b37c 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -105,10 +105,12 @@ volumes: {}
   # - name: ca-cert
   #   secret:
   #     secretName: ca-secret
+  #     defaultMode: 0644
 
 volumeMounts: {}
   # - name: ca-cert
   #   mountPath: /etc/ssl/certs
+  #   readOnly: true
 
 minio:
   install: false
diff --git a/docs/keycloak.md b/docs/keycloak.md
index d6a5e1d..36431b3 100644
--- a/docs/keycloak.md
+++ b/docs/keycloak.md
@@ -77,3 +77,27 @@ helm upgrade -i mattermost chart -n mattermost --create-namespace -f my-values.y
 Role based authentication can be configured as long as you are on an enterprise version.
 
 Follow the steps in [this tutorial](https://docs.mattermost.com/deployment/advanced-permissions.html) to customize the permissions given to users. In general permissions can be edited under the "System Console -> User Management -> Permissions". Users should be created by default under the "Member" group, except for the first user to sign up or login.
+
+## OIDC Custom CA
+
+Mattermost can be configured to point to specific files to trust with an OIDC auth connection, here is an example when using Big Bang to deploy mattermost, assuming you are populating a secret named "ca-cert" in the same namespace, with a key of cert.pem and value of a single PEM encoded certificate (an easy way to make this secret is included below as well):
+
+```yaml
+addons:
+  mattermost:
+    values:
+      volumes:
+        - name: ca-cert
+          secret:
+            secretName: ca-secret
+            defaultMode: 0644
+      volumeMounts:
+        - name: ca-cert
+          mountPath: /etc/ssl/certs
+          readOnly: true
+```
+
+For secret creation with this example and a pem file at `/path/to/cert.pem`:
+```bash
+kubectl create secret generic ca-secret --from-file=cert.pem=/path/to/cert.pem -n mattermost
+```
-- 
GitLab