added k8s manifests

Dockerfile

@@ -0,0 +1,34 @@
+# Use RHEL 9 UBI as the base
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
+
+# Define Mattermost version and architecture
+ARG MM_VERSION=11.4.0
+ARG MM_PACKAGE=mattermost-${MM_VERSION}-linux-amd64.tar.gz
+
+# Set environment variables
+ENV PATH="/mattermost/bin:${PATH}"
+ENV MM_INSTALL_TYPE=docker
+
+# 1. Install necessary dependencies
+# 2. Create mattermost user/group for security
+# 3. Download and extract the binary
+RUN microdnf update -y && \
+    microdnf install -y tar gzip shadow-utils ca-certificates findutils && \
+    groupadd -g 2000 mattermost && \
+    useradd -u 2000 -g mattermost -m -s /sbin/nologin mattermost && \
+    curl -L https://releases.mattermost.com/${MM_VERSION}/${MM_PACKAGE} | tar -xz && \
+    mkdir -p /mattermost/data /mattermost/plugins /mattermost/client/plugins && \
+    chown -R mattermost:mattermost /mattermost && \
+    microdnf clean all
+
+# Set the working directory
+WORKDIR /mattermost
+
+# Mattermost uses these ports
+EXPOSE 8065 8067
+
+# Switch to non-root user
+USER mattermost
+
+# Start the Mattermost server
+CMD ["mattermost"]

mattermost-deployment.yaml

@@ -0,0 +1,82 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+  name: mattermost
+  namespace: mattermost
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: mattermost
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: mattermost
+    spec:
+      containers:
+      - env:
+        - name: MM_SQLSETTINGS_DRIVERNAME
+          value: postgres
+        - name: MM_SQLSETTINGS_DATASOURCE
+          value: postgres://mattermost:mattermost@postgres:5432/mattermost?sslmode=disable&connect_timeout=10
+        image: gitea.lab.cudanet.org/cudanet/mattermost/mattermost:v11.4.0
+        imagePullPolicy: IfNotPresent
+        name: mattermost
+        ports:
+        - containerPort: 8065
+          protocol: TCP
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /opt/mattermost/config
+          name: mattermost
+          subPath: config
+        - mountPath: /opt/mattermost/data
+          name: mattermost
+          subPath: data
+        - mountPath: /opt/mattermost/logs
+          name: mattermost
+          subPath: logs
+        - mountPath: /opt/mattermost/plugins
+          name: mattermost
+          subPath: plugins
+        - mountPath: /opt/mattermost/client/plugins
+          name: mattermost
+          subPath: client-plugins
+        - mountPath: /opt/mattermost/bleve-indexes
+          name: mattermost
+          subPath: bleve-indexes
+      dnsPolicy: ClusterFirst
+      initContainers:
+      - command:
+        - sh
+        - -c
+        - mkdir -p /mnt/mm/config /mnt/mm/data /mnt/mm/logs /mnt/mm/plugins /mnt/mm/client-plugins
+          /mnt/mm/bleve-indexes
+        image: busybox:latest
+        imagePullPolicy: Always
+        name: init-directories
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /mnt/mm
+          name: mattermost
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: mattermost
+        persistentVolumeClaim:
+          claimName: mattermost

mattermost-pvc.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  annotations:
+  name: mattermost
+  namespace: mattermost
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Gi
+  storageClassName:
+  volumeMode: Filesystem
+  volumeName:

mattermost-route.yaml

@@ -0,0 +1,17 @@
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  annotations:
+  name: mattermost
+  namespace: mattermost
+spec:
+  host: mattermost-mattermost.apps.ocp.lab.cudanet.org
+  port:
+    targetPort: 8065
+  tls:
+    termination: edge
+  to:
+    kind: Service
+    name: mattermost
+    weight: 100
+  wildcardPolicy: None

mattermost-svc.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mattermost
+  namespace: mattermost
+spec:
+  clusterIP:
+  clusterIPs:
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+  - IPv4
+  ipFamilyPolicy: SingleStack
+  ports:
+  - port: 8065
+    protocol: TCP
+    targetPort: 8065
+  selector:
+    app: mattermost
+  sessionAffinity: None
+  type: ClusterIP

namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+  labels:
+  name: mattermost

postgres-deployment.yaml

@@ -0,0 +1,53 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+  name: postgres
+  namespace: mattermost
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: postgres
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: postgres
+    spec:
+      containers:
+      - env:
+        - name: POSTGRESQL_USER
+          value: mattermost
+        - name: POSTGRESQL_PASSWORD
+          value: mattermost
+        - name: POSTGRESQL_DATABASE
+          value: mattermost
+        image: registry.redhat.io/rhel9/postgresql-15:latest
+        imagePullPolicy: Always
+        name: postgres
+        ports:
+        - containerPort: 5432
+          protocol: TCP
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /var/lib/pgsql/data
+          name: postgres
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: postgres
+        persistentVolumeClaim:
+          claimName: postgres

postgres-pvc.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  annotations:
+  name: postgres
+  namespace: mattermost
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Gi
+  storageClassName:
+  volumeMode: Filesystem
+  volumeName:

postgres-svc.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  namespace: mattermost
+spec:
+  clusterIP:
+  clusterIPs:
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+  - IPv4
+  ipFamilyPolicy: SingleStack
+  ports:
+  - port: 5432
+    protocol: TCP
+    targetPort: 5432
+  selector:
+    app: postgres
+  sessionAffinity: None
+  type: ClusterIP