Skip to content

Commit

Permalink
Merge pull request #6 from defenseunicorns/burn-some-boats
Browse files Browse the repository at this point in the history
feat: switch to upstream chart directly
  • Loading branch information
mjnagel authored Jan 31, 2024
2 parents 29c7b8d + 4a05031 commit a7a3d40
Show file tree
Hide file tree
Showing 30 changed files with 381 additions and 256 deletions.
30 changes: 0 additions & 30 deletions .github/workflows/pull-request-conditionals.yaml

This file was deleted.

7 changes: 5 additions & 2 deletions .github/workflows/tag-and-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,10 @@ jobs:
needs: tag-new-version
if: ${{ needs.tag-new-version.outputs.release_created == 'true' }}
runs-on: ubuntu-latest
name: Publish package
name: Publish ${{ matrix.flavor }}
strategy:
matrix:
flavor: [upstream, registry1]

permissions:
contents: read
Expand All @@ -46,4 +49,4 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}

- name: Publish Package
run: uds run -f tasks/publish.yaml package
run: uds run -f tasks/publish.yaml package --set FLAVOR=${{ matrix.flavor }}
32 changes: 18 additions & 14 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
@@ -1,25 +1,33 @@
name: Test package
name: Test

# This workflow is triggered on pull requests to the main branch.
on:
# Manual trigger
workflow_dispatch:

# Triggered by pull-request-conditionals.yaml
workflow_call:
pull_request:
paths:
- ".github/**"
- "bundle/**"
- "values/**"
- "tasks/**"
- "tests/**"
- "tasks.yaml"
- "zarf.yaml"

# Abort prior jobs in the same workflow / PR
concurrency:
group: test-${{ github.ref }}-${{ inputs.package }}
group: test-${{ github.ref }}
cancel-in-progress: true

permissions:
contents: read

jobs:
test:
runs-on: "uds-ubuntu-big-boy-16-core"
runs-on: "ubuntu-latest"
timeout-minutes: 20
name: Test
name: Deploy ${{ matrix.flavor }}
strategy:
matrix:
flavor: [upstream, registry1]

steps:
- name: Checkout repository
Expand All @@ -32,7 +40,7 @@ jobs:
run: zarf tools registry login -u "${{secrets.IRON_BANK_ROBOT_USERNAME}}" -p "${{secrets.IRON_BANK_ROBOT_PASSWORD}}" registry1.dso.mil

- name: Create test bundle
run: uds run create-test-bundle
run: uds run create-test-bundle --set FLAVOR=${{ matrix.flavor }}

- name: Setup cluster
run: uds run setup-cluster
Expand All @@ -43,10 +51,6 @@ jobs:
- name: Test package
run: uds run test-package

- name: Cleanup
if: always()
run: uds run cleanup

- name: Save logs
if: always()
uses: ./.github/actions/save-logs
46 changes: 44 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,45 @@
# uds-package-mattermost
# UDS Mattermost Package

UDS Mattermost Zarf Package
This repo contains the UDS Mattermost Package along with an example bundle and UDS tasks for development.

## Dependencies

Mattermost requires two dependencies, postgres and s3 compatible object storage. Wiring Mattermost to your dependencies is done primarily via helm values, which will require the use of a bundle created with uds-cli.

### Postgres

Postgres configuration is setup in the `uds-mattermost-config` chart and should be done via bundle overrides (variables or values) like the below:
```yaml
overrides:
mattermost:
uds-mattermost-config:
values:
- path: "postgres.host"
value: "postgresql.dev-postgres.svc.cluster.local"
```
The full list of override config can be found in the values under `postgres` [here](./chart/values.yaml). In addition a zarf var is exposed for `DB_PASSWORD` for convenience if using import/exports in your bundle.

### S3 Compatible Object Storage

Object storage configuration is setup in the `uds-mattermost-config` chart and should be done via bundle overrides (variables or values) like the below:
```yaml
overrides:
mattermost:
uds-mattermost-config:
values:
- path: "objectStorage.endpoint"
value: "minio.dev-minio.svc.cluster.local:9000"
```

The full list of override config can be found in the values under `objectStorage` [here](./chart/values.yaml). In addition zarf vars are exposed for `ACCESS_KEY` and `SECRET_KEY` for convenience if using import/exports in your bundle.

To use IRSA make sure to NOT set the two key variables and add the appropriate role ARN annotation to the service account via an override to `serviceAccount.annotations`. As an example:
```yaml
overrides:
mattermost:
mattermost-enterprise-edition:
values:
- path: "serviceAccount.annotations.irsa/role-arn"
value: "arn:aws:iam::123456789:role/mattermost-role"
```
31 changes: 28 additions & 3 deletions bundle/uds-bundle.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,18 +9,43 @@ metadata:
packages:
- name: dev-minio
repository: ghcr.io/defenseunicorns/packages/uds/dev-minio
ref: 5.0.13-0
ref: 0.0.1

- name: dev-postgres
repository: ghcr.io/defenseunicorns/packages/uds/dev-postgres
ref: 12.6.6-0
ref: 0.0.1

- name: dev-secrets
path: ../
ref: 0.1.0

exports:
- name: ACCESS_KEY
- name: SECRET_KEY
- name: DB_PASSWORD

- name: mattermost
path: ../
# x-release-please-start-version
ref: 9.3.0-uds.2
# x-release-please-end
imports:
- name: ACCESS_KEY
package: dev-secrets
- name: SECRET_KEY
package: dev-secrets
- name: DB_PASSWORD
package: dev-secrets
overrides:
mattermost:
uds-mattermost-config:
values:
- path: "objectStorage.secure"
value: "false"
- path: "objectStorage.endpoint"
value: "minio.dev-minio.svc.cluster.local:9000"
- path: "objectStorage.bucket"
value: "uds-mattermost-dev"
- path: "postgres.host"
value: "postgresql.dev-postgres.svc.cluster.local"
- path: "postgres.connectionOptions"
value: "?connect_timeout=10&sslmode=disable"
5 changes: 1 addition & 4 deletions bundle/uds-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,4 @@ variables:
- name: uds-mattermost-dev
dev-postgres:
db_username: "mattermost"
db_name: "mattermostdb"
mattermost:
mattermost_file_store_endpoint: minio.dev-minio.svc.cluster.local
mattermost_bucket_suffix: "-dev"
db_name: "mattermost"
18 changes: 18 additions & 0 deletions chart/templates/mattermost-gossip-svc.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{{- /* Mattermost uses a gossip protocol for HA clustering. In order for Istio to properly route this traffic it needs to be explicitly defined in a service with a `tcp-` prefix. */ -}}
apiVersion: v1
kind: Service
metadata:
name: mattermost-gossip
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: mattermost-enterprise-edition
spec:
type: ClusterIP
clusterIP: None
selector:
app.kubernetes.io/name: mattermost-enterprise-edition
ports:
- name: tcp-gossip
port: 8074
protocol: TCP
targetPort: 8074
13 changes: 13 additions & 0 deletions chart/templates/mattermost-object-store.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: v1
kind: Secret
metadata:
name: mattermost-object-store
namespace: {{ .Release.Namespace }}
type: Opaque
stringData:
MM_FILESETTINGS_AMAZONS3SSL: "{{ .Values.objectStorage.secure | toString }}"
MM_FILESETTINGS_AMAZONS3ACCESSKEYID: "{{ .Values.objectStorage.accessKey }}"
MM_FILESETTINGS_AMAZONS3SECRETACCESSKEY: "{{ .Values.objectStorage.secretKey }}"
MM_FILESETTINGS_AMAZONS3BUCKET: "{{ .Values.objectStorage.bucket }}"
MM_FILESETTINGS_AMAZONS3ENDPOINT: "{{ .Values.objectStorage.endpoint }}"
MM_FILESETTINGS_AMAZONS3REGION: "{{ .Values.objectStorage.region }}"
8 changes: 8 additions & 0 deletions chart/templates/mattermost-postgres.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: mattermost-postgres
namespace: {{ .Release.Namespace }}
type: Opaque
stringData:
db_connection_string: "postgres://{{ .Values.postgres.username }}:{{ .Values.postgres.password }}@{{ .Values.postgres.host }}:{{ .Values.postgres.port }}/{{ .Values.postgres.dbName }}{{ .Values.postgres.connectionOptions }}"
16 changes: 16 additions & 0 deletions chart/templates/mattermost-sso.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: v1
kind: Secret
metadata:
name: mattermost-sso
namespace: {{ .Release.Namespace }}
type: Opaque
stringData:
MM_GITLABSETTINGS_ENABLE: "{{ .Values.sso.enabled | toString }}"
MM_GITLABSETTINGS_ID: "{{ .Values.sso.client_id }}"
MM_GITLABSETTINGS_SECRET: "{{ .Values.sso.client_secret }}"
MM_GITLABSETTINGS_AUTHENDPOINT: "{{ .Values.sso.auth_endpoint }}"
MM_GITLABSETTINGS_TOKENENDPOINT: "{{ .Values.sso.token_endpoint }}"
MM_GITLABSETTINGS_USERAPIENDPOINT: "{{ .Values.sso.user_api_endpoint }}"
MM_EMAILSETTINGS_ENABLESIGNUPWITHEMAIL: "{{ .Values.sso.enable_sign_up_with_email | toString }}"
MM_EMAILSETTINGS_ENABLESIGNINWITHEMAIL: "{{ .Values.sso.enable_sign_in_with_email | toString }}"
MM_EMAILSETTINGS_ENABLESIGNINWITHUSERNAME: "{{ .Values.sso.enable_sign_in_with_username | toString }}"
15 changes: 11 additions & 4 deletions chart/templates/uds-package.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,22 @@ metadata:
spec:
network:
expose:
- service: mattermost
- service: mattermost-enterprise-edition
podLabels:
app: mattermost
app.kubernetes.io/name: mattermost-enterprise-edition
gateway: tenant
host: mattermost
host: {{ .Values.host }}
port: 8065
allow:
# Permit intra-namespace communication for job communications
- direction: Ingress
remoteGenerated: IntraNamespace

- direction: Egress
remoteGenerated: IntraNamespace

# Todo: wide open for hitting in-cluster or external postgres/s3
- direction: Egress
podLabels:
app: mattermost
app.kubernetes.io/name: mattermost-enterprise-edition
remoteGenerated: Anywhere
31 changes: 31 additions & 0 deletions chart/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
objectStorage:
secure: true
accessKey: ""
secretKey: ""
bucket: "mattermost"
endpoint: "s3.amazonaws.com"
region: "us-west-1"

postgres:
username: "mattermost"
password: ""
host: ""
port: 5432
dbName: "mattermost"
# Example: "?connect_timeout=10&sslmode=disable"
connectionOptions: ""

sso:
enabled: false
client_id: ""
client_secret: ""
auth_endpoint: ""
token_endpoint: ""
user_api_endpoint: ""
# These should typically be disabled if SSO is enabled
enable_sign_up_with_email: true
enable_sign_in_with_email: true
enable_sign_in_with_username: true

# The subdomain for the mattermost server, will be prefixed to your domain (ex: mattermost.example.com)
host: "mattermost"
10 changes: 0 additions & 10 deletions src/dev-secrets/minio-secret.yaml

This file was deleted.

9 changes: 0 additions & 9 deletions src/dev-secrets/postgres-secret.yaml

This file was deleted.

23 changes: 5 additions & 18 deletions src/dev-secrets/zarf.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,22 +11,16 @@ components:
actions:
onDeploy:
before:
- cmd: kubectl get secret -n dev-minio minio --template='{{ index .data "rootPassword" }}' | base64 -d
- cmd: kubectl get secret -n dev-minio minio --template='{{ index .data "rootUser" }}' | base64 -d
mute: true
setVariables:
- name: SECRET_KEY
- name: ACCESS_KEY
sensitive: true
- cmd: kubectl get secret -n dev-minio minio --template='{{ index .data "rootUser" }}' | base64 -d
- cmd: kubectl get secret -n dev-minio minio --template='{{ index .data "rootPassword" }}' | base64 -d
mute: true
setVariables:
- name: ACCESS_KEY
- name: SECRET_KEY
sensitive: true
- name: mattermost-minio
required: true
manifests:
- name: mattermost-minio
files:
- "minio-secret.yaml"
- name: postgres-password
required: true
actions:
Expand All @@ -35,12 +29,5 @@ components:
- cmd: kubectl get secret -n dev-postgres postgresql --template={{.data.password}} | base64 -d
mute: true
setVariables:
- name: POSTGRES_DB_PASSWORD
- name: DB_PASSWORD
sensitive: true
- name: mattermost-postgres
required: true
manifests:
- name: mattermost-postgres
namespace: mattermost
files:
- postgres-secret.yaml
Loading

0 comments on commit a7a3d40

Please sign in to comment.