From 57df25af4cc20c528961b30aa0914564a67108a9 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Fri, 19 Apr 2024 12:21:49 -0600 Subject: [PATCH] chore: update extraEnv to envFrom (#58) ## Description This updates Mattermost to use envFrom instead of extraEnv for greater simplicity and more flexibility. ## Related Issue Fixes #57 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [X] Other (security config, docs update, etc) ## Checklist before merging - [X] Test, docs, adr added or updated as needed - [X] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-package-mattermost/blob/main/CONTRIBUTING.md#developer-workflow) followed --- README.md | 12 +++ chart/templates/mattermost-extra-env.yaml | 10 ++ chart/templates/mattermost-object-store.yaml | 1 + chart/templates/mattermost-postgres.yaml | 2 +- chart/values.yaml | 3 + values/common-values.yaml | 105 +++---------------- 6 files changed, 42 insertions(+), 91 deletions(-) create mode 100644 chart/templates/mattermost-extra-env.yaml diff --git a/README.md b/README.md index 1d6145e8..1b485181 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,18 @@ This package is designed for use as part of a [UDS Software Factory](https://github.com/defenseunicorns/uds-software-factory) bundle deployed on [UDS Core](https://github.com/defenseunicorns/uds-core). +> [!TIP] +> To add additional environment variables to Mattermost you can do so by overriding the `extraEnv` key in the `uds-mattermost-config` chart. +> ```yaml +> overrides: +> mattermost: +> uds-mattermost-config: +> values: +> - path: "extraEnv" +> value: +> MY_ENV_VAR: "an env var value" +> ``` + ## Prerequisites Mattermost requires two dependencies, postgres and s3 compatible object storage. Wiring Mattermost to your dependencies is done primarily via helm values, which will require the use of a bundle created with uds-cli. diff --git a/chart/templates/mattermost-extra-env.yaml b/chart/templates/mattermost-extra-env.yaml new file mode 100644 index 00000000..03c5158a --- /dev/null +++ b/chart/templates/mattermost-extra-env.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mattermost-extra-env + namespace: {{ .Release.Namespace }} +type: Opaque +stringData: +{{- with .Values.extraEnv }} +{{- toYaml . | nindent 2 }} +{{- end }} diff --git a/chart/templates/mattermost-object-store.yaml b/chart/templates/mattermost-object-store.yaml index 03b627e0..9d2392f0 100644 --- a/chart/templates/mattermost-object-store.yaml +++ b/chart/templates/mattermost-object-store.yaml @@ -5,6 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} type: Opaque stringData: + MM_FILESETTINGS_DRIVERNAME: amazons3 MM_FILESETTINGS_AMAZONS3SSL: "{{ .Values.objectStorage.secure | toString }}" MM_FILESETTINGS_AMAZONS3ACCESSKEYID: "{{ .Values.objectStorage.accessKey }}" MM_FILESETTINGS_AMAZONS3SECRETACCESSKEY: "{{ .Values.objectStorage.secretKey }}" diff --git a/chart/templates/mattermost-postgres.yaml b/chart/templates/mattermost-postgres.yaml index 3830dc36..8c1eee1e 100644 --- a/chart/templates/mattermost-postgres.yaml +++ b/chart/templates/mattermost-postgres.yaml @@ -5,4 +5,4 @@ metadata: namespace: {{ .Release.Namespace }} type: Opaque stringData: - db_connection_string: "postgres://{{ .Values.postgres.username }}:{{ .Values.postgres.password }}@{{ .Values.postgres.host }}:{{ .Values.postgres.port }}/{{ .Values.postgres.dbName }}{{ .Values.postgres.connectionOptions }}" + MM_SQLSETTINGS_DATASOURCE: "postgres://{{ .Values.postgres.username }}:{{ .Values.postgres.password }}@{{ .Values.postgres.host }}:{{ .Values.postgres.port }}/{{ .Values.postgres.dbName }}{{ .Values.postgres.connectionOptions }}" diff --git a/chart/values.yaml b/chart/values.yaml index 8a8742e3..5cd1d54d 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -33,3 +33,6 @@ subdomain: "chat" # Additional configuration for Mattermost config: enablePluginUploads: false + +# Additional environment variables for Mattermost +extraEnv: {} diff --git a/values/common-values.yaml b/values/common-values.yaml index 5551d849..2cd177ff 100644 --- a/values/common-values.yaml +++ b/values/common-values.yaml @@ -6,97 +6,22 @@ mattermostApp: # Default replicacount due to HA requiring a license replicaCount: 1 # Mattermost does not provide helm values to configure all the options so it is done via ENV - extraEnv: + envFrom: # SSO Settings - - name: MM_GITLABSETTINGS_ENABLE - valueFrom: - secretKeyRef: - key: MM_GITLABSETTINGS_ENABLE - name: "mattermost-sso" - - name: MM_GITLABSETTINGS_ID - valueFrom: - secretKeyRef: - key: MM_GITLABSETTINGS_ID - name: "mattermost-sso" - - name: MM_GITLABSETTINGS_SECRET - valueFrom: - secretKeyRef: - key: MM_GITLABSETTINGS_SECRET - name: "mattermost-sso" - - name: MM_GITLABSETTINGS_AUTHENDPOINT - valueFrom: - secretKeyRef: - key: MM_GITLABSETTINGS_AUTHENDPOINT - name: "mattermost-sso" - - name: MM_GITLABSETTINGS_TOKENENDPOINT - valueFrom: - secretKeyRef: - key: MM_GITLABSETTINGS_TOKENENDPOINT - name: "mattermost-sso" - - name: MM_GITLABSETTINGS_USERAPIENDPOINT - valueFrom: - secretKeyRef: - key: MM_GITLABSETTINGS_USERAPIENDPOINT - name: "mattermost-sso" - - name: MM_EMAILSETTINGS_ENABLESIGNUPWITHEMAIL - valueFrom: - secretKeyRef: - key: MM_EMAILSETTINGS_ENABLESIGNUPWITHEMAIL - name: "mattermost-sso" - - name: MM_EMAILSETTINGS_ENABLESIGNINWITHEMAIL - valueFrom: - secretKeyRef: - key: MM_EMAILSETTINGS_ENABLESIGNINWITHEMAIL - name: "mattermost-sso" - - name: MM_EMAILSETTINGS_ENABLESIGNINWITHUSERNAME - valueFrom: - secretKeyRef: - key: MM_EMAILSETTINGS_ENABLESIGNINWITHUSERNAME - name: "mattermost-sso" + - secretRef: + name: mattermost-sso # Object Storage Connection - - name: MM_FILESETTINGS_DRIVERNAME - value: "amazons3" - - name: MM_FILESETTINGS_AMAZONS3SSL - valueFrom: - secretKeyRef: - key: MM_FILESETTINGS_AMAZONS3SSL - name: "mattermost-object-store" - - name: MM_FILESETTINGS_AMAZONS3ACCESSKEYID - valueFrom: - secretKeyRef: - key: MM_FILESETTINGS_AMAZONS3ACCESSKEYID - name: "mattermost-object-store" - - name: MM_FILESETTINGS_AMAZONS3SECRETACCESSKEY - valueFrom: - secretKeyRef: - key: MM_FILESETTINGS_AMAZONS3SECRETACCESSKEY - name: "mattermost-object-store" - - name: MM_FILESETTINGS_AMAZONS3BUCKET - valueFrom: - secretKeyRef: - key: MM_FILESETTINGS_AMAZONS3BUCKET - name: "mattermost-object-store" - - name: MM_FILESETTINGS_AMAZONS3ENDPOINT - valueFrom: - secretKeyRef: - key: MM_FILESETTINGS_AMAZONS3ENDPOINT - name: "mattermost-object-store" - - name: MM_FILESETTINGS_AMAZONS3REGION - valueFrom: - secretKeyRef: - key: MM_FILESETTINGS_AMAZONS3REGION - name: "mattermost-object-store" - # Additional Mattermost Config - - name: MM_PLUGINSETTINGS_ENABLEUPLOADS - valueFrom: - secretKeyRef: - key: MM_PLUGINSETTINGS_ENABLEUPLOADS - name: "mattermost-config" - - name: MM_SQLSETTINGS_DATASOURCE - valueFrom: - secretKeyRef: - key: db_connection_string - name: "mattermost-postgres" + - secretRef: + name: mattermost-object-store + # Database Configuration + - secretRef: + name: mattermost-postgres + # General Configuration + - secretRef: + name: mattermost-config + # Extra Configuration + - secretRef: + name: mattermost-extra-env securityContext: runAsUser: 2000 runAsGroup: 2000 @@ -116,7 +41,7 @@ global: useInternal: false existingDatabaseSecret: name: mattermost-postgres - key: db_connection_string + key: MM_SQLSETTINGS_DATASOURCE # The job server is only necessary on multi-node/enterprise clusters # https://docs.mattermost.com/scale/high-availability-cluster.html#job-server # It also will error due to its init container being blocked by Istio mTLS