Skip to main content

Latest blog: Installing Grafana with Nuon

Guides

Installing Mattermost with Nuon

Learn how to install Mattermost's collaboration platform with Nuon

Mark Milligan portrait

Mark Milligan

VP of Revenue

10 min read
Learn how to install leading collaboration platform Mattermost with Nuon for Bring Your Own Cloud and global deployments across the enterprise

This is another post in a series where we show how to install a software vendor’s product with Nuon. Mattermost is an open-source collaboration platform often regarded as a secure alternative to Slack and Microsoft Teams with customer logos including AIG, Bosch, Nasdaq, Blue Origin, U.S. Air Force, Samsung, Qualcomm and NASA. Deployment options include self-hosted and cloud SaaS but this blog post will demonstrate how Mattermost can be offered as Bring Your Own Cloud (BYOC).

Benefits of BYOC

Self-hosting a software product requires the customer to read the vendor’s docs while being responsible for installing and upgrading the software. This requires maintaining technically-competent DevOps staff and staying current on the latest releases. On the plus side, the software and data run securely in the customer’s cloud infrastructure.

If the vendor offers its software as a multi-tenant or single-tenant cloud SaaS, the customer is free of installation and upgrade efforts, which are performed by the vendor. The customer however accepts the risk that their data is residing in the vendor’s cloud infrastructure.

Bring Your Own Cloud (BYOC) takes the best of self-hosting, specifically data sovereignty and security, and marries it with the best of cloud SaaS where customers get instant access and do not have to toil or worry about installations and upgrades.

Nuon is an off-the-shelf BYOC platform where the control plane can run in your VPC or within the Nuon cloud.

Creating the Mattermost App Config

This App Config deploys the Mattermost operator and a Mattermost instance in an EKS cluster as well as an ALB and certificate in the VPC for Mattermost user access. The App Config has several Action scripts including installation ones like creating a base64 Postgres secret and making the default storage class, to day-2 operations like an ALB health check.

An uploaded and synced App Config of Collaboration platform Mattermost visible in the Nuon dashboard with inputs and a README.md

Kubernetes Manifests

Recently, Nuon added first-class support for Kubernetes manifests as Components in a Nuon App Config. A Kubernetes manifest is a YAML or JSON file that describes the desired state of resources in your Kubernetes cluster. Think of manifests as the "source code" that describes your application's infrastructure.

Helm charts are static templates that make broad assumptions about your infrastructure. These assumptions often don't match real production environments, leading to extensive values.yaml customization and brittle deployments.

A Kubernetes Operator, on the other hand, is a custom controller that continuously watches and manages applications throughout their lifecycle. It uses Custom Resource Definitions (CRDs) to extend Kubernetes' API with application-specific knowledge.

In the context of this previous discussion, Helm charts generate Kubernetes manifests from templates while Operators create and manage manifests programmatically based on CRDs. Both ultimately result in standard Kubernetes manifests being applied to a Kubernetes cluster.

Mattermost has a Helm chart to deploy the Operator then the Operator installs and manages the Mattermost application.

Below is one of the manifests applied by Nuon during an installation. In particular, this is the Mattermost Installation manifest that deploys the actual Mattermost application and configures the connection to Postgres and S3.

#:schema https://api.nuon.co/v1/general/config-schema?type=kubernetes-manifest

name   = "mattermost_manifest_installation"
type   = "kubernetes_manifest"
dependencies   = ["postgres_db","mattermost_manifest_db_secret","s3_buckets"]

namespace = "mattermost"
manifest = """
apiVersion: installation.mattermost.com/v1beta1
kind: Mattermost
metadata:
  name: mm
  namespace: mattermost
spec:
  image: mattermost/mattermost-enterprise-edition
  version: "{{.nuon.inputs.inputs.app_release}}"
  useServiceLoadBalancer: false 
  ingress:
    enabled: false
  serviceAccountName: mm
  podExtensions:
    serviceAccountAnnotations:
      eks.amazonaws.com/role-arn: "{{.nuon.components.s3_buckets.outputs.mattermost_bucket_role.arn}}"
  database:
    external:
      secret: mm-postgres-connection
  fileStore:
    external:
      url: s3.amazonaws.com
      bucket: "{{.nuon.components.s3_buckets.outputs.mattermost_bucket.id}}"
      secret: "mattermost-s3-secret"
  mattermostEnv:
    - name: MM_SERVICESETTINGS_SITEURL
      value: "https://{{.nuon.install.sandbox.outputs.nuon_dns.public_domain.name}}"         
    """

# https://github.com/mattermost/mattermost-operator/blob/master/docs/examples/mattermost_full.yaml
# https://github.com/mattermost/mattermost-operator/blob/master/config/crd/bases/installation.mattermost.com_mattermosts.yaml
# https://github.com/mattermost/mattermost/releases/

Mattermost App Components

To view the App Config files for Mattermost and other app examples, check out our GitHub repository example-app-configs

The components included in a Mattermost app installation by Nuon. Notice the heavy use of Kubernetes manifests in the configuration.

PostgreSQL Database

  • Deploys a PostgreSQL database using a Helm chart
  • Provides the primary data store for Mattermost
  • Configured with specific storage and performance settings

S3 Buckets

  • Creates AWS S3 buckets for file storage
  • Sets up IAM roles and policies for secure bucket access
  • Enables Mattermost to store uploaded files, images, and attachments in S3 instead of local storage

Mattermost Operator

  • Installs the Mattermost Kubernetes operator
  • Manages the lifecycle of Mattermost installations
  • Handles updates, scaling, and configuration changes automatically

Database Secret

  • Creates a Kubernetes secret containing PostgreSQL connection details
  • Securely provides database credentials to the Mattermost application
  • Bridges the database component with the Mattermost installation

S3 Secret

  • Creates a Kubernetes secret for S3 access configuration
  • Enables Mattermost to authenticate with AWS S3
  • Required for external file storage functionality
A dependency graph demarking which components are dependent on other components in the Mattermost app configuration.

Mattermost Installation

  • Deploys the actual Mattermost application
  • Configures the connection to PostgreSQL and S3
  • Sets environment variables like the site URL
  • Managed by the Mattermost operator for automated operations

TLS Certificate

  • Provisions an SSL/TLS certificate using AWS Certificate Manager
  • Enables HTTPS encryption for secure communication
  • Required for the load balancer to serve traffic over HTTPS

Application Load Balancer

  • Creates an AWS Application Load Balancer
  • Routes external traffic to the Mattermost service
  • Handles SSL termination and health checks
  • Provides the public-facing endpoint for users

Mattermost Service

  • Creates a Kubernetes service for internal routing
  • Exposes Mattermost pods to the load balancer
  • Enables service discovery within the cluster

Each component builds upon the previous ones and through dependency settings in the component TOML files, creating a complete Mattermost installation with database persistence, file storage and SSL encryption.

The Nuon runner operates as a container in a VM inside the remote VPC - retrieving jobs and steps to install the application.

Installing Mattermost in a Customer Cloud

App Config and their TOML files are validated and uploaded to your Nuon control plane using the Nuon CLI.

git clone https://github.com/nuonco/example-app-configs

cd ~/example-app-configs/mattermost

nuon login

nuon apps create -n mattermost

nuon apps sync .

The components are built as OCI artifacts and placed in a cloud container registry.

Through the Nuon web dashboard, an Install is kicked off and inputs provide defaults for the target installation.

Install Inputs are for the DevOps team to specify defaults to use during the installation of Mattermost. Notice the release versions for the Mattermost Operator and App.

A cloud provider stack is shared with the target cloud account profile which creates a VPC and a VM with the Nuon runner which phones home to get instructions or steps from the App Config to install the Mattermost app.

Enterprise features include an Approvals workflow that asks the operator permission to proceed with an Apply step for each component in the App Config.

Actions are scripts that can be run during an install or in Day-2 operations. This action is a healthcheck of the Application Load Balancer and Mattermost pods.

Once the installation is complete, the public URL is included in the Install’s README markdown in the Nuon dashboard and can be shared with the target cloud account user base to start using the Mattermost application.

The Mattermost login page after installation by Nuon

Mattermost is a leading collaboration software platform in use by the U.S. government and the Global 2000 where data security is a requirement. Mattermost customers can invest in Nuon to install multiple global instances of Mattermost and other vendor software in all of their cloud provider accounts to meet data sovereignty requirements. Software vendors like Mattermost can invest in Nuon to unlock new revenue streams with customers who want a SaaS experience of instant access and no upgrade hassles while retaining their data in their cloud accounts.

Mattermost channel activity by some of the Nuon team. We even uploaded some of our custom emojis which are stored in the S3 bucket.

Ready to get started?

Book a demo Log in

Newsletter

Subscribe to our newsletter

Too much email? Subscribe via RSS feed