Skip to content

Upgrading to a new version📜

Mattermost is a Big Bang built chart. As a result there is no Kptfile to handle any automatic updates from upstream. The below details the steps required to update to a new version of the Mattermost package.

  1. Review the upstream changelog for the update you are going to, as well as any versions skipped over between the last BB release and this one. Note any breaking changes and new features.

  2. Modify the image.tag value in chart/values.yaml to point to the newest version of Mattermost.

  3. Based on the upstream changelog review from earlier, make any changes required to resolve breaking changes.

  4. Modify the version in Chart.yaml - this is a BigBang built and owned chart so we sync the chart version with the appVersion (ex: appVersion 6.6.0 -> chart version 6.6.0-bb.0). Also modify the appVersion and the bigbang.dev/applicationVersions to the new upstream version of Mattermost (same version you put in for the image tag value).

  5. You should check the latest version of minio-instance within Chart.yaml then run helm dependency update chart if applicable.

  6. make sure that the helm.sh/images in chart.yaml to point to the correct images for minio and postgresql

  7. Update CHANGELOG.md adding an entry for the new version and noting all changes (at minimum should include Updated Mattermost to x.x.x).

  8. Generate the README.md updates by following the guide in gluon.

  9. Validate that tests/dependencies.yaml points to the latest tag for mattermost-operator. If it doesn’t, update it.

  10. Open an MR in “Draft” status and validate that CI passes. This will perform a number of smoke tests against the package, but it is good to manually deploy to test some things that CI doesn’t. Follow the steps below for manual testing.

  11. Once all manual testing is complete take your MR out of “Draft” status and add the review label.

Testing for updates📜

NOTE: For these testing steps it is good to do them on both a clean install and an upgrade. For clean install, point mattermost to your branch. For an upgrade do an install with mattermost pointing to the latest tag, then perform a helm upgrade with mattermost pointing to your branch.

You will want to install with: - Mattermost, Mattermost Operator, and Minio Operator enabled - Istio enabled - Dev SSO values for Mattermost - Enterprise enabled - if you do not pass a license in, navigate to the System Console after install to start a trial - Elasticsearch enabled + integration enabled - Monitoring enabled

Testing Steps: - Log in with SSO via your login.dso.mil account. - Follow the initial setup to create a team and send an initial chat. - Under account settings, upload a profile picture. Validate the upload is successful and your profile picture is visible. - Navigate to prometheus and validate that the Mattermost target shows as up (make sure you are on enterprise and have started a trial). - Under system console -> elastic -> index now and validate success (make sure you are on enterprise and have started a trial). - Check Grafana for data in the Mattermost Performance Monitoring v2 dashboard (Ensure you change the server on the dashboard to point to the mattermost pod ip)

When in doubt with any testing or upgrade steps ask one of the CODEOWNERS for assistance.

Chart Additions📜

automountServiceAccountToken📜

The mutating Kyverno policy named update-automountserviceaccounttokens is leveraged to harden all ServiceAccounts in this package with automountServiceAccountToken: false. This policy is configured by namespace in the Big Bang umbrella chart repository at chart/templates/kyverno-policies/values.yaml.

This policy revokes access to the K8s API for Pods utilizing said ServiceAccounts. If a Pod truly requires access to the K8s API (for app functionality), the Pod is added to the pods: array of the same mutating policy. This grants the Pod access to the API, and creates a Kyverno PolicyException to prevent an alert.


Last update: 2024-01-08 by Cody Williams