mattermost #22

Supports: kubernetes

Deploy this charm on Kubernetes with the CLI. Find out how by reading the docs.

Description

Mattermost is a flexible, open source messaging platform that enables secure team collaboration. https://mattermost.com


Mattermost Operator

A Juju charm deploying and managing Mattermost on Kubernetes, configurable to use a PostgreSQL backend.

Overview

Mattermost offers both a Team Edition and an Enterprise Edition. This charm supports both, with the default image deploying the Team Edition. Supported features include authentication via SAML, Push Notifications, clustering, the storage of images and attachments in S3, and a Prometheus exporter for performance monitoring. This charm also offers seamless Mattermost version upgrades, initiated by switching to an image with a newer version of Mattermost than the one currently deployed.

Usage

For details on using Kubernetes with Juju see here, and for details on using Juju with MicroK8s for easy local testing see here.

To deploy the charm and relate it to the PostgreSQL K8s charm within a Juju Kubernetes model:

juju deploy cs:~postgresql-charmers/postgresql-k8s postgresql
juju deploy cs:~mattermost-charmers/mattermost --config juju-external-hostname=foo.internal
juju relate mattermost postgresql:db
juju expose mattermost

Once the deployment has completed and the "mattermost" workload state in juju status has changed to "active" you can visit http://${mattermost_ip}:8065 in a browser and log in to your Mattermost instance, and you'll be presented with a screen to create an initial admin account. Further accounts must be created using this admin account, or by setting up an external authentication source, such as SAML.

For further details, see here.


Configuration

clustering
(boolean) Enable clustering. This feature requires a Mattermost Enterprise Edition licence.
debug
(boolean) Set the Mattermost log level to DEBUG, otherwise INFO.
image_proxy_enabled
(boolean) The image proxy is used by the Mattermost apps to prevent them from connecting directly to remote servers. This anonymizes their connections and prevents them from accessing insecure content. Currently only the "local" image proxy type is supported.
ingress_whitelist_source_range
(string) A comma-separated list of CIDRs to store in the ingress.kubernetes.io/whitelist-source-range annotation. This can be used to lock down access to Mattermost based on source IP address.
licence
(string) The contents of the licence file as supplied by Mattermost. Some features are not available without a licence. For more information, consult the Mattermost documentation.
mattermost_image_password
(string) The password associated with mattermost_image_username for accessing the registry specified in mattermost_image_path.
mattermost_image_path
(string) The location of the image to use, e.g. "registry.example.com/mattermost:v1". Switching to a newer image version will initiate an upgrade of Mattermost. This setting is required.
mattermostcharmers/mattermost:v5.33.3-20.04_edge
mattermost_image_username
(string) The username for accessing the registry specified in mattermost_image_path.
max_file_size
(int) The maximum file size, in megabytes. If there is a reverse proxy in front of Mattermost, it may need to be configured to handle the requested size. For more information, see the Mattermost documentation.
5
outbound_proxy
(string) The proxy to use for outbound requests.
outbound_proxy_exceptions
(string) A list of destinations for which the outbound proxy will not be used. This can be configured as a set of comma-separated IP addresses (e.g. "1.2.3.4"), IP address ranges specified in CIDR notation (e.g. "1.2.3.4/8"), or domain names. An IP address or domain name can also include a port number. When a domain name is specified, the domain and all of its subdomains are matched. However, a domain name with a leading "." only matches the subdomains. For example, "example.com" matches both "example.com" and "sub.example.com" while ".example.com" only matches the latter.
performance_monitoring_enabled
(boolean) When set, Prometheus metrics are exposed via HTTP on port 8067 at the path "/metrics". For more information, see https://docs.mattermost.com/deployment/metrics.html This feature requires a Mattermost Enterprise Edition licence.
primary_team
(string) The primary team of which users on the server are members. When a primary team is set, the options to join other teams or leave the primary team are disabled. If the team URL of the primary team is "https://example.mattermost.com/myteam/", then set the value to "myteam".
push_notification_server
(string) The push notification server to use.
push_notifications_include_message_snippet
(boolean) If enabled, push notification payloads include the sender, the channel, and a snippet of the message itself, which may include confidential information. If disabled, push notification payloads include the sender, the channel, and an ID to let the client retrieve the message directly from Mattermost.
s3_access_key_id
(string) The S3 access key ID to use.
s3_bucket
(string) The S3 bucket to use.
s3_enabled
(boolean) Store files and attachments in an S3-compatible object storage service instead of a local directory.
s3_endpoint
(string) The S3 endpoint to use. This may be a non-Amazon S3-compatible endpoint. For more information, see the Mattermost documentation.
s3.amazonaws.com
s3_region
(string) The S3 region to use.
s3_secret_access_key
(string) The S3 secret key to use.
s3_server_side_encryption
(boolean) Whether to use S3 Server-Side Encryption. This requires configuration on the S3 side, as well as a suitable Mattermost licence.
site_url
(string) The URL by which the site is reached. This must be set for all of Mattermost's features to work correctly. For more information, see https://docs.mattermost.com/administration/config-settings.html#site-url
smtp_host
(string) The hostname or IP address of the outgoing SMTP relay host.
sso
(boolean) Whether to use Ubuntu SSO to log in. This will not work unless the administrators of login.ubuntu.com have created a suitable SAML config first.
tls_secret_name
(string) The name of the Kubernetes secret to be associated with the ingress resource. This setting is ignored unless site_url begins with "https".
use_canonical_defaults
(boolean) If set, apply miscellaneous Mattermost settings as used by Canonical.
use_experimental_saml_library
(boolean) If set, use the built-in Mattermost SAML library. Otherwise, use xmlsec1 to verify logins.
True