mattermost values.yaml📜
domain📜
Type: string
"bigbang.dev"
istio.enabled📜
Type: bool
false
Description: Toggle istio integration
istio.injection📜
Type: string
"disabled"
Description: Istio sidecar injection mode (enabled, disabled, or empty for no label)
istio.mtls📜
Type: object
mode: STRICT
Description: Mutual TLS configuration
istio.mtls.mode📜
Type: string
"STRICT"
Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic
istio.sidecar📜
Type: object
enabled: true
outboundTrafficPolicyMode: REGISTRY_ONLY
Description: Sidecar configuration for Istio
istio.sidecar.enabled📜
Type: bool
true
Description: Enable/disable Istio Sidecar resource (restricts outbound traffic)
istio.sidecar.outboundTrafficPolicyMode📜
Type: string
"REGISTRY_ONLY"
Description: Outbound traffic policy mode (REGISTRY_ONLY or ALLOW_ANY)
istio.serviceEntries📜
Type: object
custom: []
Description: Service Entries Configuration
istio.serviceEntries.custom📜
Type: list
[]
Description: List of custom Istio ServiceEntry resources
istio.authorizationPolicies📜
Type: object
additionalPolicies: {}
custom: []
enabled: true
generateFromNetpol: true
Description: Authorization Policies Configuration
istio.authorizationPolicies.enabled📜
Type: bool
true
Description: Enable/disable the generation of Istio AuthorizationPolicies
istio.authorizationPolicies.generateFromNetpol📜
Type: bool
true
Description: Generate AuthorizationPolicies from NetworkPolicy configurations
istio.authorizationPolicies.custom📜
Type: list
[]
Description: Custom authorization policies - additional policies added via additionalPolicies
istio.authorizationPolicies.additionalPolicies📜
Type: object
{}
Description: Additional authorization policies (map format)
routes📜
Type: object
inbound:
chat:
enabled: true
gateways:
- istio-gateway/public-ingressgateway
hosts:
- chat.{{ .Values.domain }}
port: 8065
selector:
app: mattermost
service: '{{ .Release.Name }}'
outbound:
mattermost-external:
enabled: true
hosts:
- securityupdatecheck.mattermost.com
- customers.mattermost.com
- notices.mattermost.com
- api.integrations.mattermost.com
- pdat.matterlytics.com
- api.github.com
ports:
- name: https
number: 443
protocol: TLS
sso:
enabled: false
hosts:
- '{{ include "sso.host" . }}'
ports:
- name: https
number: 443
protocol: TLS
Description: Routes configuration for bb-common
routes.inbound📜
Type: object
chat:
enabled: true
gateways:
- istio-gateway/public-ingressgateway
hosts:
- chat.{{ .Values.domain }}
port: 8065
selector:
app: mattermost
service: '{{ .Release.Name }}'
Description: Inbound routes (creates VirtualService, ServiceEntry, NetworkPolicy, AuthorizationPolicy)
routes.outbound📜
Type: object
mattermost-external:
enabled: true
hosts:
- securityupdatecheck.mattermost.com
- customers.mattermost.com
- notices.mattermost.com
- api.integrations.mattermost.com
- pdat.matterlytics.com
- api.github.com
ports:
- name: https
number: 443
protocol: TLS
sso:
enabled: false
hosts:
- '{{ include "sso.host" . }}'
ports:
- name: https
number: 443
protocol: TLS
Description: Outbound routes (creates ServiceEntry for egress traffic)
routes.outbound.mattermost-external📜
Type: object
enabled: true
hosts:
- securityupdatecheck.mattermost.com
- customers.mattermost.com
- notices.mattermost.com
- api.integrations.mattermost.com
- pdat.matterlytics.com
- api.github.com
ports:
- name: https
number: 443
protocol: TLS
Description: Mattermost external services (update checks, notices, integrations, analytics)
routes.outbound.sso📜
Type: object
enabled: false
hosts:
- '{{ include "sso.host" . }}'
ports:
- name: https
number: 443
protocol: TLS
Description: SSO provider service entry (enables SSO authentication in REGISTRY_ONLY mode)
ingress📜
Type: object
annotations: {}
enabled: false
host: ''
tlsSecret: ''
Description: Specification to configure an Ingress with Mattermost
monitoring.enabled📜
Type: bool
false
monitoring.namespace📜
Type: string
"monitoring"
monitoring.serviceMonitor.scheme📜
Type: string
"http"
monitoring.serviceMonitor.tlsConfig📜
Type: object
{}
networkPolicies.enabled📜
Type: bool
false
networkPolicies.ingress.to.mattermost:8067📜
Type: object
from:
k8s:
monitoring/prometheus: true
Description: Mattermost metrics ingress from monitoring
networkPolicies.ingress.to.minio:9000📜
Type: object
from:
k8s:
minio-operator/*: true
podSelector:
matchLabels:
app: minio
Description: Minio ingress from minio-operator
networkPolicies.ingress.to.minio-metrics📜
Type: object
from:
k8s:
monitoring/prometheus: true
podSelector:
matchLabels:
app: minio
v1.min.io/tenant: mattermost-minio
Description: Minio metrics ingress from monitoring
networkPolicies.egress.definitions.storage-subnets📜
Type: object
to:
- ipBlock:
cidr: 0.0.0.0/0
except:
- 169.254.169.254/32
Description: Storage subnets for S3-compatible storage (override in Big Bang)
networkPolicies.egress.from.mattermost📜
Type: object
to:
k8s:
logging/elasticsearch:9200:
podSelector:
matchLabels:
common.k8s.elastic.co/type: elasticsearch
Description: Mattermost app egress (external integrations, updates, elasticsearch, etc.)
networkPolicies.egress.from.wait-job📜
Type: object
podSelector:
matchLabels:
job-name: mattermost-wait-job
to:
definition:
kubeAPI: true
Description: Wait job egress to kubeAPI
networkPolicies.egress.from.minio📜
Type: object
to:
definition:
kubeAPI: true
storage-subnets: true
k8s:
minio-operator/minio-operator:4222: true
Description: Minio egress to minio-operator and storage
networkPolicies.egress.from.minio.to.definition📜
Type: object
kubeAPI: true
storage-subnets: true
Description: Minio egress to storage subnets (for external S3-compatible storage)
networkPolicies.egress.from.update-check📜
Type: object
podSelector:
matchLabels:
app: mattermost-update-check
to:
cidr:
0.0.0.0/0: true
Description: Update check job egress
networkPolicies.egress.from.tempo📜
Type: object
to:
k8s:
tempo/tempo:9411: true
Description: Tempo egress (when istio injection is enabled)
networkPolicies.additionalPolicies📜
Type: list
[]
sso.enabled📜
Type: bool
false
sso.client_id📜
Type: string
"platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-mattermost"
sso.client_secret📜
Type: string
"nothing"
sso.auth_endpoint📜
Type: string
"https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/auth"
sso.token_endpoint📜
Type: string
"https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/token"
sso.user_api_endpoint📜
Type: string
"https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/userinfo"
sso.enable_sign_up_with_email📜
Type: bool
false
sso.enable_sign_in_with_email📜
Type: bool
false
sso.enable_sign_in_with_username📜
Type: bool
false
image.name📜
Type: string
"registry1.dso.mil/ironbank/opensource/mattermost/mattermost"
image.tag📜
Type: string
"11.4.2"
image.imagePullPolicy📜
Type: string
"IfNotPresent"
global.imagePullSecrets[0].name📜
Type: string
"private-registry"
replicaCount📜
Type: int
1
users📜
Type: string
nil
enterprise.enabled📜
Type: bool
false
enterprise.license📜
Type: string
""
nameOverride📜
Type: string
""
updateJob.disabled📜
Type: bool
true
Description: Must be disabled when Istio injected
updateJob.labels📜
Type: object
{}
updateJob.annotations📜
Type: object
{}
resources.limits.cpu📜
Type: int
2
resources.limits.memory📜
Type: string
"4Gi"
resources.requests.cpu📜
Type: int
2
resources.requests.memory📜
Type: string
"4Gi"
affinity📜
Type: object
{}
nodeSelector📜
Type: object
{}
tolerations📜
Type: object
{}
mattermostEnvs📜
Type: object
{}
existingSecretEnvs📜
Type: object
{}
volumes📜
Type: object
{}
volumeMounts📜
Type: object
{}
podLabels📜
Type: object
{}
Description: Pod labels for Mattermost server pods
podAnnotations📜
Type: object
{}
Description: Pod annotations for Mattermost server pods
securityContext📜
Type: object
runAsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
Description: securityContext for Mattermost server pods
containerSecurityContext📜
Type: object
capabilities:
drop:
- ALL
runAsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
Description: containerSecurityContext for Mattermost server containers
minio.install📜
Type: bool
false
minio.bucketCreationImage📜
Type: string
"registry1.dso.mil/ironbank/opensource/minio/mc:RELEASE.2025-08-13T08-35-41Z"
minio.service.nameOverride📜
Type: string
"minio.mattermost.svc.cluster.local"
minio.upstream.tenant.name📜
Type: string
"mattermost-minio"
minio.upstream.tenant.pools[0].name📜
Type: string
"pool-0"
minio.upstream.tenant.pools[0].labels.app📜
Type: string
"minio"
minio.upstream.tenant.pools[0].labels.”app.kubernetes.io/name”📜
Type: string
"minio"
minio.upstream.tenant.configSecret.name📜
Type: string
"minio-creds-secret"
minio.upstream.tenant.configSecret.accessKey📜
Type: string
"minio"
minio.upstream.tenant.configSecret.secretKey📜
Type: string
"minio123"
minio.upstream.tenant.metrics.enabled📜
Type: bool
false
minio.upstream.tenant.metrics.port📜
Type: int
9000
minio.upstream.tenant.buckets[0].name📜
Type: string
"mattermost"
minio.waitJob.enabled📜
Type: bool
false
postgresql.install📜
Type: bool
false
postgresql.image.registry📜
Type: string
"registry1.dso.mil/ironbank"
postgresql.image.repository📜
Type: string
"opensource/postgres/postgresql"
postgresql.image.tag📜
Type: string
"17.6"
postgresql.image.pullSecrets[0]📜
Type: string
"private-registry"
postgresql.auth.username📜
Type: string
"mattermost"
postgresql.auth.password📜
Type: string
"bigbang"
postgresql.auth.database📜
Type: string
"mattermost"
postgresql.fullnameOverride📜
Type: string
"mattermost-postgresql"
postgresql.securityContext.fsGroup📜
Type: int
26
postgresql.containerSecurityContext.runAsUser📜
Type: int
26
postgresql.containerSecurityContext.runAsNonRoot📜
Type: bool
true
postgresql.containerSecurityContext.capabilities.drop[0]📜
Type: string
"ALL"
postgresql.volumePermissions.enabled📜
Type: bool
false
postgresql.volumePermissions.securityContext.capabilities.drop[0]📜
Type: string
"ALL"
postgresql.postgresqlConfiguration.listen_addresses📜
Type: string
"*"
postgresql.pgHbaConfiguration📜
Type: string
"local all all md5\nhost all all all md5"
postgresql.connParams📜
Type: string
""
postgresql.sslMode📜
Type: string
"disable"
database.secret📜
Type: string
""
database.readinessCheck.disableDefault📜
Type: bool
true
database.readinessCheck.image📜
Type: string
"registry1.dso.mil/ironbank/opensource/postgres/postgresql:18.3"
database.readinessCheck.command[0]📜
Type: string
"/bin/sh"
database.readinessCheck.command[1]📜
Type: string
"-c"
database.readinessCheck.command[2]📜
Type: string
"until pg_isready --dbname=\"$DB_CONNECTION_CHECK_URL\"; do echo waiting for database; sleep 5; done;"
database.readinessCheck.env[0].name📜
Type: string
"DB_CONNECTION_CHECK_URL"
database.readinessCheck.env[0].valueFrom.secretKeyRef.key📜
Type: string
"DB_CONNECTION_CHECK_URL"
database.readinessCheck.env[0].valueFrom.secretKeyRef.name📜
Type: string
"{{ .Values.database.secret | default (printf \"%s-dbcreds\" (include \"mattermost.fullname\" .)) }}"
fileStore.secret📜
Type: string
""
fileStore.url📜
Type: string
""
fileStore.bucket📜
Type: string
""
fileStore.roleARN📜
Type: string
""
elasticsearch.enabled📜
Type: bool
false
elasticsearch.connectionurl📜
Type: string
"https://logging-ek-es-http.logging.svc.cluster.local:9200"
elasticsearch.username📜
Type: string
""
elasticsearch.password📜
Type: string
""
elasticsearch.enableindexing📜
Type: bool
true
elasticsearch.indexprefix📜
Type: string
"mm-"
elasticsearch.skiptlsverification📜
Type: bool
true
elasticsearch.bulkindexingtimewindowseconds📜
Type: int
3600
elasticsearch.sniff📜
Type: bool
false
elasticsearch.enablesearching📜
Type: bool
true
elasticsearch.enableautocomplete📜
Type: bool
true
openshift📜
Type: bool
false
resourcePatch📜
Type: object
{}
bbtests.enabled📜
Type: bool
false
bbtests.cypress.artifacts📜
Type: bool
true
bbtests.cypress.envs.cypress_url📜
Type: string
"http://mattermost.mattermost.svc.cluster.local:8065"
bbtests.cypress.envs.cypress_mm_email📜
Type: string
"test@bigbang.dev"
bbtests.cypress.envs.cypress_mm_user📜
Type: string
"bigbang"
bbtests.cypress.envs.cypress_mm_password📜
Type: string
"Bigbang#123"
bbtests.cypress.envs.cypress_waittime📜
Type: string
"5000"
bbtests.cypress.envs.cypress_tnr_username📜
Type: string
"cypress"
bbtests.cypress.envs.cypress_tnr_password📜
Type: string
"tnr_w!G33ZyAt@C8"
bbtests.cypress.resources.requests.cpu📜
Type: string
"2"
bbtests.cypress.resources.requests.memory📜
Type: string
"1500M"
bbtests.cypress.resources.limits.cpu📜
Type: string
"2"
bbtests.cypress.resources.limits.memory📜
Type: string
"1500M"
waitJob.enabled📜
Type: bool
true
waitJob.permissions.apiGroups[0]📜
Type: string
"installation.mattermost.com"
waitJob.permissions.resources[0]📜
Type: string
"mattermosts"