From b76487b4bb946230c91b01e53781445cf05b93dc Mon Sep 17 00:00:00 2001 From: awendt Date: Fri, 6 Oct 2023 11:36:09 -0600 Subject: [PATCH] Add mattermost component and abstract db and object storage (#6) * Add mattermost component --- .github/workflows/publish.yml | 17 ++++- Makefile | 22 ++++-- README.md | 34 ++++++++- docs/DEVELOPMENT_MAINTENANCE.md | 5 +- mattermost-flux-values.yaml | 76 +++++++++++++++++++ test/e2e/e2e_basic_smoke_test.go | 16 ++++ .../minio/policy-exceptions/externalName.yaml | 19 +++++ .../minio/policy-exceptions/registry.yaml | 27 +++++++ utils/pkg-deps/mattermost/minio/secret.yaml | 10 +++ utils/pkg-deps/mattermost/minio/service.yaml | 8 ++ utils/pkg-deps/mattermost/minio/values.yaml | 15 ++++ utils/pkg-deps/mattermost/minio/zarf.yaml | 54 +++++++++++++ .../policy-exceptions/externalName.yaml | 19 +++++ .../postgres/policy-exceptions/registry.yaml | 20 +++++ .../pkg-deps/mattermost/postgres/secret.yaml | 9 +++ .../pkg-deps/mattermost/postgres/service.yaml | 8 ++ .../pkg-deps/mattermost/postgres/values.yaml | 3 + utils/pkg-deps/mattermost/postgres/zarf.yaml | 58 ++++++++++++++ utils/pkg-deps/namespaces/values.yaml | 4 + utils/pkg-deps/namespaces/zarf.yaml | 18 +++++ zarf.yaml | 41 +++++++++- 21 files changed, 465 insertions(+), 18 deletions(-) create mode 100644 mattermost-flux-values.yaml create mode 100644 utils/pkg-deps/mattermost/minio/policy-exceptions/externalName.yaml create mode 100644 utils/pkg-deps/mattermost/minio/policy-exceptions/registry.yaml create mode 100644 utils/pkg-deps/mattermost/minio/secret.yaml create mode 100644 utils/pkg-deps/mattermost/minio/service.yaml create mode 100644 utils/pkg-deps/mattermost/minio/values.yaml create mode 100644 utils/pkg-deps/mattermost/minio/zarf.yaml create mode 100644 utils/pkg-deps/mattermost/postgres/policy-exceptions/externalName.yaml create mode 100644 utils/pkg-deps/mattermost/postgres/policy-exceptions/registry.yaml create mode 100644 utils/pkg-deps/mattermost/postgres/secret.yaml create mode 100644 utils/pkg-deps/mattermost/postgres/service.yaml create mode 100644 utils/pkg-deps/mattermost/postgres/values.yaml create mode 100644 utils/pkg-deps/mattermost/postgres/zarf.yaml create mode 100644 utils/pkg-deps/namespaces/values.yaml create mode 100644 utils/pkg-deps/namespaces/zarf.yaml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index a09dd7f..f00f9ce 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -47,14 +47,23 @@ jobs: username: ${{ secrets.REGISTRY1_USERNAME }} password: ${{ secrets.REGISTRY1_PASSWORD }} + #### + # Build and publish dependency packages to use in a dev UDS Bundle + #### + - name: Build and publish dev-dependency mattermost-postgres package + run: cd utils/pkg-deps/mattermost/postgres && zarf package create --confirm --no-progress --output oci://ghcr.io/defenseunicorns/uds-capability/mattermost/dev-dependency + + - name: Build and publish dev-dependency mattermost-minio package + run: cd utils/pkg-deps/mattermost/minio && zarf package create --confirm --no-progress --output oci://ghcr.io/defenseunicorns/uds-capability/mattermost/dev-dependency + #### # Build and publish capability package and skeleton #### - - name: Build mattermost-operator package + - name: Build mattermost package run: zarf package create --confirm --no-progress - - name: Publish mattermost-operator package - run: zarf package publish zarf-package-mattermost-operator-amd64-*.tar.zst oci://ghcr.io/defenseunicorns/uds-capability --no-progress + - name: Publish mattermost package + run: zarf package publish zarf-package-mattermost-amd64-*.tar.zst oci://ghcr.io/defenseunicorns/uds-capability --no-progress - - name: Publish mattermost-operator skeleton + - name: Publish mattermost skeleton run: zarf package publish . oci://ghcr.io/defenseunicorns/uds-capability --no-progress diff --git a/Makefile b/Makefile index 95176b5..ccb1b70 100755 --- a/Makefile +++ b/Makefile @@ -134,7 +134,7 @@ cluster/destroy: ## Destroy the k3d cluster # Build Section ######################################################################## -build/all: build build/zarf build/zarf-init build/dubbd-k3d build/uds-capability-mattermost-operator ## +build/all: build build/zarf build/zarf-init build/dubbd-k3d build/test-pkg-deps build/uds-capability-mattermost-operator ## build: ## Create build directory mkdir -p build @@ -161,14 +161,19 @@ build/dubbd-k3d: | build/zarf ## Download dubbd k3d oci package if [ -f build/zarf-package-dubbd-k3d-amd64-$(DUBBD_K3D_VERSION).tar.zst ] ; then exit 0; fi && \ cd build && ./zarf package pull oci://ghcr.io/defenseunicorns/packages/dubbd-k3d:$(DUBBD_K3D_VERSION)-amd64 --oci-concurrency 12 -build/uds-capability-mattermost-operator: | build ## Build the mattermost-operator capability +build/test-pkg-deps: | build/zarf ## Build package dependencies for testing + cd build && ./zarf package create ../utils/pkg-deps/namespaces/ --skip-sbom --confirm + cd build && ./zarf package create ../utils/pkg-deps/mattermost/postgres/ --skip-sbom --confirm + cd build && ./zarf package create ../utils/pkg-deps/mattermost/minio/ --skip-sbom --confirm + +build/uds-capability-mattermost-operator: | build ## Build the mattermost capability cd build && ./zarf package create ../ --skip-sbom --confirm ######################################################################## # Deploy Section ######################################################################## -deploy/all: deploy/init deploy/dubbd-k3d deploy/uds-capability-mattermost-operator ## +deploy/all: deploy/init deploy/dubbd-k3d deploy/test-pkg-deps deploy/uds-capability-mattermost-operator ## deploy/init: | build/zarf ## Deploy the zarf init package cd build && ./zarf init --confirm --components=git-server @@ -176,15 +181,20 @@ deploy/init: | build/zarf ## Deploy the zarf init package deploy/dubbd-k3d: | build/zarf ## Deploy the k3d flavor of DUBBD cd build && ./zarf package deploy zarf-package-dubbd-k3d-amd64-$(DUBBD_K3D_VERSION).tar.zst --confirm -deploy/uds-capability-mattermost-operator: ## Deploy the mattermost-operator capability - cd build && ./zarf package deploy zarf-package-mattermost-operator-amd64-*.tar.zst --confirm +deploy/test-pkg-deps: | build/zarf ## Deploy the package dependencies needed for testing the mattermost capability + cd build && ./zarf package deploy zarf-package-mattermost-namespaces-* --confirm + cd build && ./zarf package deploy zarf-package-mattermost-postgres-* --confirm + cd build && ./zarf package deploy zarf-package-mattermost-minio-* --confirm + +deploy/uds-capability-mattermost-operator: ## Deploy the mattermost capability + cd build && ./zarf package deploy zarf-package-mattermost-amd64-*.tar.zst --confirm ######################################################################## # Macro Section ######################################################################## .PHONY: all -all: build/all cluster/reset deploy/all ## Build and deploy mattermost-operator locally +all: build/all cluster/reset deploy/all ## Build and deploy mattermost locally .PHONY: rebuild rebuild: clean build/all diff --git a/README.md b/README.md index 4ecf5c7..8347fcd 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,38 @@ -# uds-capability-mattermost-operator +# uds-capability-mattermost +Contains both the Mattermost Operator and a Mattermost component + Bigbang [Mattermost Operator](https://repo1.dso.mil/big-bang/product/packages/mattermost-operator) deployed via flux by zarf +Bigbang [Mattermost](https://repo1.dso.mil/big-bang/product/packages/mattermost) deployed via flux by zarf + ## Deployment Prerequisites ### Resources - Minimum compute requirements for single node deployment are at LEAST 64 GB RAM and 32 virtual CPU threads (aws `m6i.8xlarge` instance type should do) - k3d installed on machine +#### General + +- Create `mattermost` namespace +- Label `mattermost` namespace with `istio-injection: enabled` + +#### Database + +- A Postgres database is running on port `5432` and accessible to the cluster +- This database can be logged into via the username `mattermost` +- This database instance has a psql database created named `mattermostdb` +- The `mattermost` user has read/write access to the above mentioned database +- Create `mattermost-postgres` service in `mattermost` namespace that points to the psql database +- Create `mattermost-postgres` secret in `mattermost` namespace with the keys `DB_CONNECTION_STRING` and `DB_CONNECTION_CHECK_URL` that contains connection the string to the for the psql database. Example connection string `postgres://mattermost:###ZARF_VAR_POSTGRES_DB_PASSWORD###@mattermost-postgres.mattermost.svc.cluster.local:5432/mattermostdb?connect_timeout=10&sslmode=disable` + +#### Object Storage + +- Create the secret `mattermost-object-store` in the `mattermost` namespace with the following keys: + - An example for in-cluster Minio can be found in this repository at the path `utils/pkg-deps/mattermost/minio/secret.yaml` + - Secret needs to contain the `accessKey` and `secretKey` for the object storage. +- Create a bucket called `mattermost-bucket` +- Create `mattermost-object-store` service in `mattermost` namespace that points to the object store url. + ## Deploy ### Use zarf to login to the needed registries i.e. registry1.dso.mil @@ -45,8 +71,8 @@ metadata: architecture: amd64 zarf-packages: - # Mattermost Operator - - name: mattermost-operator - repository: ghcr.io/defenseunicorns/uds-capability/mattermost-operator + # Mattermost Operator with a Mattermost instance + - name: mattermost + repository: ghcr.io/defenseunicorns/uds-capability/mattermost ref: 0.0.1 ``` diff --git a/docs/DEVELOPMENT_MAINTENANCE.md b/docs/DEVELOPMENT_MAINTENANCE.md index 0b89e2f..c59a652 100644 --- a/docs/DEVELOPMENT_MAINTENANCE.md +++ b/docs/DEVELOPMENT_MAINTENANCE.md @@ -3,13 +3,14 @@ ## How to upgrade this capability This package is pulling in the [bigbang mattermost operator chart](https://repo1.dso.mil/big-bang/product/packages/mattermost-operator) +and the [bigbang mattermost chart](https://repo1.dso.mil/big-bang/product/packages/mattermost) -The [mattermost-operator-flux-values.yaml](../mattermost-operator-flux-values.yaml) file contains values used when creating the flux resources for this capability. This includes the version of the chart and the base values used for this capability. +The [mattermost-operator-flux-values.yaml](../mattermost-operator-flux-values.yaml) and [mattermost-flux-values.yaml](../mattermost-flux-values.yaml) file contains values used when creating the flux resources for this capability. This includes the version of the chart and the base values used for this capability. To upgrade 1) Point `application.ref.tag` to the updated version of the chart. 1) Update any base values if necessary. -1) Update the `mattermost-operator` component in the [zarf.yaml](../zarf.yaml) file to pull in the correct images needed for the updated version of the chart. +1) Update the `mattermost-operator` and `mattermost` components in the [zarf.yaml](../zarf.yaml) file to pull in the correct images needed for the updated version of the chart. ## How to test this capability diff --git a/mattermost-flux-values.yaml b/mattermost-flux-values.yaml new file mode 100644 index 0000000..d1c683c --- /dev/null +++ b/mattermost-flux-values.yaml @@ -0,0 +1,76 @@ +application: + name: mattermost + createNamespace: ###ZARF_VAR_MATTERMOST_CREATE_NAMESPACE### + namespace: mattermost + path: chart + repository: https://repo1.dso.mil/big-bang/product/packages/mattermost.git + ref: + # renovate: datasource=gitlab-tags depName=big-bang/product/packages/mattermost versioning=loose registryUrl=https://repo1.dso.mil + tag: 8.1.2-bb.0 + dependsOn: + ###ZARF_VAR_MATTERMOST_DEPENDS_ON### + baseValues: + # hostname is deprecated and replaced with domain. But if hostname exists then use it. + hostname: ###ZARF_VAR_DOMAIN### + domain: ###ZARF_VAR_DOMAIN### + + enterprise: + enabled: ###ZARF_VAR_MATTERMOST_ENTERPRISE_ENABLED### + license: ###ZARF_VAR_MATTERMOST_ENTERPRISE_LICENSE### + + openshift: false + + image: + imagePullPolicy: IfNotPresent + + istio: + enabled: true + chat: + gateways: + - istio-system/tenant + injection: enabled + podAnnotations: + bigbang.dev/istioVersion: ###ZARF_VAR_ISTIO_VERSION### + updateJob: + disabled: true + + monitoring: + enabled: true + + serviceMonitor: + enabled: true + # conditional passes only for default istio: enabled, mTLS: STRICT + scheme: https + tlsConfig: + caFile: /etc/prom-certs/root-cert.pem + certFile: /etc/prom-certs/cert-chain.pem + keyFile: /etc/prom-certs/key.pem + insecureSkipVerify: true # Prometheus does not support Istio security naming, thus skip verifying target pod certificate + sso: + enabled: false + client_id: + client_secret: no-secret + auth_endpoint: https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/auth + token_endpoint: https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/token + user_api_endpoint: https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/userinfo + + networkPolicies: + enabled: true + controlPlaneCidr: 0.0.0.0/0 + ingressLabels: + app: tenant-ingressgateway + istio: null + + global: + imagePullSecrets: + - name: private-registry + database: + secret: "mattermost-postgres" + fileStore: + secret: "mattermost-object-store" + url: "mattermost-object-store.mattermost.svc.cluster.local" + bucket: "mattermost-bucket" + + mattermostEnvs: + # required for Keycloak >= 20.X to work with gitlab auth pointed to Keycloak + MM_GITLABSETTINGS_SCOPE: openid diff --git a/test/e2e/e2e_basic_smoke_test.go b/test/e2e/e2e_basic_smoke_test.go index a9c0e3c..24e1247 100644 --- a/test/e2e/e2e_basic_smoke_test.go +++ b/test/e2e/e2e_basic_smoke_test.go @@ -34,5 +34,21 @@ func TestAllServicesRunning(t *testing.T) { //nolint:funlen // Wait for the mattermost-operator Deployment to report that it is ready output, err = platform.RunSSHCommandAsSudo(`kubectl rollout status deployment/mattermost-operator -n mattermost-operator --watch --timeout=1200s`) require.NoError(t, err, output) + + // Wait for the mattermost Deployment to exist. + output, err = platform.RunSSHCommandAsSudo(`timeout 1200 bash -c "while ! kubectl get deployment mattermost -n mattermost; do sleep 5; done"`) + require.NoError(t, err, output) + + // Setup DNS records for cluster services + output, err = platform.RunSSHCommandAsSudo(`cd ~/app && utils/metallb/dns.sh && utils/metallb/hosts-write.sh`) + require.NoError(t, err, output) + + // Ensure that Mattermost does not accept TLSv1.1 + output, err = platform.RunSSHCommandAsSudo(`sslscan chat.bigbang.dev | grep "TLSv1.1" | grep "disabled"`) + require.NoError(t, err, output) + + // Ensure that Mattermost is available outside of the cluster. + output, err = platform.RunSSHCommandAsSudo(`timeout 1200 bash -c "while ! curl -L -s --fail --show-error https://chat.bigbang.dev/login > /dev/null; do sleep 5; done"`) + require.NoError(t, err, output) }) } diff --git a/utils/pkg-deps/mattermost/minio/policy-exceptions/externalName.yaml b/utils/pkg-deps/mattermost/minio/policy-exceptions/externalName.yaml new file mode 100644 index 0000000..74d49f1 --- /dev/null +++ b/utils/pkg-deps/mattermost/minio/policy-exceptions/externalName.yaml @@ -0,0 +1,19 @@ +apiVersion: kyverno.io/v2alpha1 +kind: PolicyException +metadata: + name: mattermost-object-storage-external-names-exception + namespace: mattermost +spec: + exceptions: + - policyName: restrict-external-names + ruleNames: + - external-names + match: + any: + - resources: + kinds: + - Service + namespaces: + - mattermost + names: + - mattermost-object-store diff --git a/utils/pkg-deps/mattermost/minio/policy-exceptions/registry.yaml b/utils/pkg-deps/mattermost/minio/policy-exceptions/registry.yaml new file mode 100644 index 0000000..e9c4133 --- /dev/null +++ b/utils/pkg-deps/mattermost/minio/policy-exceptions/registry.yaml @@ -0,0 +1,27 @@ +apiVersion: kyverno.io/v2alpha1 +kind: PolicyException +metadata: + name: mattermost-minio-registry-exception + namespace: mattermost-minio +spec: + exceptions: + - policyName: restrict-image-registries + ruleNames: + - validate-registries + - autogen-validate-registries + match: + any: + - resources: + kinds: + - Deployment + namespaces: + - mattermost-minio + names: + - minio + - resources: + kinds: + - Job + namespaces: + - mattermost-minio + names: + - minio-post-job diff --git a/utils/pkg-deps/mattermost/minio/secret.yaml b/utils/pkg-deps/mattermost/minio/secret.yaml new file mode 100644 index 0000000..2a76606 --- /dev/null +++ b/utils/pkg-deps/mattermost/minio/secret.yaml @@ -0,0 +1,10 @@ +# Source: bigbang/templates/mattermost/secret-objectstore.yaml +apiVersion: v1 +kind: Secret +metadata: + name: mattermost-object-store + namespace: mattermost +type: kubernetes.io/opaque +stringData: + accesskey: ###ZARF_VAR_ACCESS_KEY### + secretkey: ###ZARF_VAR_SECRET_KEY### diff --git a/utils/pkg-deps/mattermost/minio/service.yaml b/utils/pkg-deps/mattermost/minio/service.yaml new file mode 100644 index 0000000..1719f93 --- /dev/null +++ b/utils/pkg-deps/mattermost/minio/service.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Service +metadata: + name: mattermost-object-store + namespace: mattermost +spec: + type: ExternalName + externalName: minio.mattermost-minio.svc.cluster.local diff --git a/utils/pkg-deps/mattermost/minio/values.yaml b/utils/pkg-deps/mattermost/minio/values.yaml new file mode 100644 index 0000000..893f293 --- /dev/null +++ b/utils/pkg-deps/mattermost/minio/values.yaml @@ -0,0 +1,15 @@ +replicas: 1 +mode: standalone + +# Some reasonable requests instead of the bonkers defaults +resources: + requests: + memory: 128Mi + cpu: 100m + +buckets: + - name: mattermost-bucket + +postJob: + podAnnotations: + sidecar.istio.io/inject: "false" diff --git a/utils/pkg-deps/mattermost/minio/zarf.yaml b/utils/pkg-deps/mattermost/minio/zarf.yaml new file mode 100644 index 0000000..6c10439 --- /dev/null +++ b/utils/pkg-deps/mattermost/minio/zarf.yaml @@ -0,0 +1,54 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json +kind: ZarfPackageConfig +metadata: + name: mattermost-minio + version: "0.0.1" + architecture: amd64 + +components: + - name: minio-kyverno-exceptions + required: true + manifests: + - name: kyverno-exceptions + files: + - policy-exceptions/registry.yaml + - policy-exceptions/externalName.yaml + - name: minio + required: true + charts: + - name: minio + version: 5.0.13 + namespace: mattermost-minio + url: https://charts.min.io/ + valuesFiles: + - "values.yaml" + images: + - quay.io/minio/mc:RELEASE.2023-06-28T21-54-17Z + - quay.io/minio/minio:RELEASE.2023-07-07T07-13-57Z + - name: minio-secret + required: true + actions: + onDeploy: + before: + - cmd: kubectl get secret -n mattermost-minio minio --template='{{ index .data "rootPassword" }}' | base64 -d + mute: true + setVariables: + - name: SECRET_KEY + sensitive: true + - cmd: kubectl get secret -n mattermost-minio minio --template='{{ index .data "rootUser" }}' | base64 -d + mute: true + setVariables: + - name: ACCESS_KEY + sensitive: true + - name: mattermost-secret + required: true + manifests: + - name: mattermost-secret + files: + - "secret.yaml" + - name: mattermost-service + required: true + manifests: + - name: mattermost-service + files: + - "service.yaml" diff --git a/utils/pkg-deps/mattermost/postgres/policy-exceptions/externalName.yaml b/utils/pkg-deps/mattermost/postgres/policy-exceptions/externalName.yaml new file mode 100644 index 0000000..7958082 --- /dev/null +++ b/utils/pkg-deps/mattermost/postgres/policy-exceptions/externalName.yaml @@ -0,0 +1,19 @@ +apiVersion: kyverno.io/v2alpha1 +kind: PolicyException +metadata: + name: mattermost-postgres-external-names-exception + namespace: mattermost +spec: + exceptions: + - policyName: restrict-external-names + ruleNames: + - external-names + match: + any: + - resources: + kinds: + - Service + namespaces: + - mattermost + names: + - mattermost-postgres diff --git a/utils/pkg-deps/mattermost/postgres/policy-exceptions/registry.yaml b/utils/pkg-deps/mattermost/postgres/policy-exceptions/registry.yaml new file mode 100644 index 0000000..8c81685 --- /dev/null +++ b/utils/pkg-deps/mattermost/postgres/policy-exceptions/registry.yaml @@ -0,0 +1,20 @@ +apiVersion: kyverno.io/v2alpha1 +kind: PolicyException +metadata: + name: mattermost-postgres-registry-exception + namespace: mattermost-db +spec: + exceptions: + - policyName: restrict-image-registries + ruleNames: + - validate-registries + - autogen-validate-registries + match: + any: + - resources: + kinds: + - StatefulSet + namespaces: + - mattermost-db + names: + - postgresql diff --git a/utils/pkg-deps/mattermost/postgres/secret.yaml b/utils/pkg-deps/mattermost/postgres/secret.yaml new file mode 100644 index 0000000..c338228 --- /dev/null +++ b/utils/pkg-deps/mattermost/postgres/secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mattermost-postgres + namespace: mattermost +type: kubernetes.io/opaque +stringData: + DB_CONNECTION_CHECK_URL: "postgres://mattermost:###ZARF_VAR_POSTGRES_DB_PASSWORD###@mattermost-postgres.mattermost.svc.cluster.local:5432/mattermostdb?connect_timeout=10&sslmode=disable" + DB_CONNECTION_STRING: "postgres://mattermost:###ZARF_VAR_POSTGRES_DB_PASSWORD###@mattermost-postgres.mattermost.svc.cluster.local:5432/mattermostdb?connect_timeout=10&sslmode=disable" diff --git a/utils/pkg-deps/mattermost/postgres/service.yaml b/utils/pkg-deps/mattermost/postgres/service.yaml new file mode 100644 index 0000000..1b7fe54 --- /dev/null +++ b/utils/pkg-deps/mattermost/postgres/service.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Service +metadata: + name: mattermost-postgres + namespace: mattermost +spec: + type: ExternalName + externalName: postgresql.mattermost-db.svc.cluster.local diff --git a/utils/pkg-deps/mattermost/postgres/values.yaml b/utils/pkg-deps/mattermost/postgres/values.yaml new file mode 100644 index 0000000..d4e9a88 --- /dev/null +++ b/utils/pkg-deps/mattermost/postgres/values.yaml @@ -0,0 +1,3 @@ +auth: + username: mattermost + database: mattermostdb diff --git a/utils/pkg-deps/mattermost/postgres/zarf.yaml b/utils/pkg-deps/mattermost/postgres/zarf.yaml new file mode 100644 index 0000000..eaa9639 --- /dev/null +++ b/utils/pkg-deps/mattermost/postgres/zarf.yaml @@ -0,0 +1,58 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json +kind: ZarfPackageConfig +metadata: + name: mattermost-postgres + version: "0.0.2" + architecture: amd64 + +components: + - name: postgres-kyverno-exceptions + required: true + manifests: + - name: kyverno-exceptions + files: + - policy-exceptions/externalName.yaml + - policy-exceptions/registry.yaml + - name: postgres + required: true + charts: + - name: postgresql + version: 12.6.6 + namespace: mattermost-db + url: https://charts.bitnami.com/bitnami + valuesFiles: + - "values.yaml" + images: + - docker.io/bitnami/postgresql:15.3.0-debian-11-r24 + actions: + onDeploy: + after: + - wait: + cluster: + kind: Pod + name: postgresql-0 + condition: Ready + namespace: mattermost-db + - name: postgres-password + required: true + actions: + onDeploy: + before: + - cmd: kubectl get secret -n mattermost-db postgresql --template={{.data.password}} | base64 -d + mute: true + setVariables: + - name: POSTGRES_DB_PASSWORD + sensitive: true + - name: mattermost-postgres-password + required: true + manifests: + - name: mattermost-postgres + namespace: mattermost + files: + - secret.yaml + - name: postgres-service + required: true + manifests: + - name: service for mattermost + files: + - service.yaml diff --git a/utils/pkg-deps/namespaces/values.yaml b/utils/pkg-deps/namespaces/values.yaml new file mode 100644 index 0000000..5c57127 --- /dev/null +++ b/utils/pkg-deps/namespaces/values.yaml @@ -0,0 +1,4 @@ +namespaces: + - name: mattermost + labels: + istio-injection: enabled diff --git a/utils/pkg-deps/namespaces/zarf.yaml b/utils/pkg-deps/namespaces/zarf.yaml new file mode 100644 index 0000000..43fdab2 --- /dev/null +++ b/utils/pkg-deps/namespaces/zarf.yaml @@ -0,0 +1,18 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json +kind: ZarfPackageConfig +metadata: + name: mattermost-namespaces + description: "package used to deploy needed namespaces" + version: "0.0.1" + architecture: amd64 + +components: + - name: namespaces + required: true + charts: + - name: namespaces + version: 1.0.0 + namespace: default + url: https://defenseunicorns.github.io/uds-support-charts/ + valuesFiles: + - values.yaml diff --git a/zarf.yaml b/zarf.yaml index 5ef3b14..6c7da11 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -1,8 +1,8 @@ # yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json kind: ZarfPackageConfig metadata: - name: mattermost-operator - description: "UDS mattermost-operator capability deployed via flux" + name: mattermost + description: "UDS mattermost capability deployed via flux" version: "0.0.1" architecture: amd64 @@ -11,6 +11,16 @@ variables: default: "[]" - name: MATTERMOST_OPERATOR_CREATE_NAMESPACE default: "true" + - name: MATTERMOST_DEPENDS_ON + default: "[]" + - name: MATTERMOST_CREATE_NAMESPACE + default: "true" + - name: MATTERMOST_ENTERPRISE_ENABLED + default: "false" + - name: MATTERMOST_ENTERPRISE_LICENSE + default: "" + - name: DOMAIN + default: "bigbang.dev" components: - name: istio-version @@ -46,3 +56,30 @@ components: namespace: bigbang maxTotalSeconds: 900 description: mattermost-operator HelmRelease to be Ready + - name: mattermost + required: true + description: "Deploy mattermost via flux" + charts: + # renovate: datasource=helm + - name: flux-app + url: https://defenseunicorns.github.io/uds-support-charts/ + version: 1.0.7 + namespace: mattermost + valuesFiles: + - mattermost-flux-values.yaml + repos: + - https://repo1.dso.mil/big-bang/product/packages/mattermost.git + images: + - "registry1.dso.mil/ironbank/opensource/mattermost/mattermost:8.1.2" + - "registry1.dso.mil/ironbank/opensource/postgres/postgresql12:12.16" + actions: + onDeploy: + after: + - wait: + cluster: + kind: helmRelease + name: mattermost + condition: Ready + namespace: bigbang + maxTotalSeconds: 900 + description: mattermost HelmRelease to be Ready