{"id":13724133,"url":"https://github.com/mattermost/mattermost-cloud","last_synced_at":"2026-01-14T23:49:03.728Z","repository":{"id":38361837,"uuid":"179745989","full_name":"mattermost/mattermost-cloud","owner":"mattermost","description":"Tools and services for running Mattermost Cloud :cloud:","archived":false,"fork":false,"pushed_at":"2025-11-03T14:23:32.000Z","size":7641,"stargazers_count":73,"open_issues_count":4,"forks_count":39,"subscribers_count":26,"default_branch":"master","last_synced_at":"2025-11-03T16:17:34.646Z","etag":null,"topics":["adoption","friction","hacktoberfest","kubernetes","mattermost"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mattermost.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-04-05T19:55:16.000Z","updated_at":"2025-11-03T14:23:36.000Z","dependencies_parsed_at":"2024-05-17T14:45:59.832Z","dependency_job_id":"0ce05197-52a0-4c91-b4ae-5d4cbe3d2165","html_url":"https://github.com/mattermost/mattermost-cloud","commit_stats":null,"previous_names":[],"tags_count":138,"template":false,"template_full_name":null,"purl":"pkg:github/mattermost/mattermost-cloud","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattermost%2Fmattermost-cloud","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattermost%2Fmattermost-cloud/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattermost%2Fmattermost-cloud/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattermost%2Fmattermost-cloud/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mattermost","download_url":"https://codeload.github.com/mattermost/mattermost-cloud/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattermost%2Fmattermost-cloud/sbom","scorecard":{"id":626308,"data":{"date":"2025-08-11","repo":{"name":"github.com/mattermost/mattermost-cloud","commit":"93f9dd6ce5fb9e499be3ca1727e0f68080c87670"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.6,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/claude.yml:22","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/claude.yml:23","Info: jobLevel 'issues' permission set to 'read': .github/workflows/claude.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:10","Warn: no topLevel permission defined: .github/workflows/claude.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/notify-release.yml:8","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:9","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":6,"reason":"dependency not pinned by hash detected -- score normalized to 6","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/claude.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/mattermost-cloud/claude.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/notify-release.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/mattermost-cloud/notify-release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/notify-release.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/mattermost-cloud/notify-release.yml/master?enable=pin","Warn: containerImage not pinned by hash: build/Dockerfile:8","Warn: containerImage not pinned by hash: build/Dockerfile:18","Warn: containerImage not pinned by hash: build/Dockerfile.e2e:8","Warn: containerImage not pinned by hash: build/Dockerfile.e2e:19","Info:  14 out of  14 GitHub-owned GitHubAction dependencies pinned","Info:   8 out of  11 third-party GitHubAction dependencies pinned","Info:   0 out of   4 containerImage dependencies pinned","Info:   1 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":5,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'master'","Warn: 'stale review dismissal' is disabled on branch 'master'","Warn: required approving review count is 1 on branch 'master'","Warn: codeowners review is required - but no codeowners file found in repo","Warn: 'last push approval' is disabled on branch 'master'","Info: status check found to merge onto on branch 'master'","Info: PRs are required in order to make changes on branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/mattermost/.github/SECURITY.md:1","Info: Found linked content: github.com/mattermost/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/mattermost/.github/SECURITY.md:1","Info: Found text in security policy: github.com/mattermost/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.92.0 not signed: https://api.github.com/repos/mattermost/mattermost-cloud/releases/230013808","Warn: release artifact v0.91.0 not signed: https://api.github.com/repos/mattermost/mattermost-cloud/releases/229781474","Warn: release artifact v0.89.2 not signed: https://api.github.com/repos/mattermost/mattermost-cloud/releases/220111171","Warn: release artifact v0.90.0 not signed: https://api.github.com/repos/mattermost/mattermost-cloud/releases/219798114","Warn: release artifact v0.89.1 not signed: https://api.github.com/repos/mattermost/mattermost-cloud/releases/211014927","Warn: release artifact v0.92.0 does not have provenance: https://api.github.com/repos/mattermost/mattermost-cloud/releases/230013808","Warn: release artifact v0.91.0 does not have provenance: https://api.github.com/repos/mattermost/mattermost-cloud/releases/229781474","Warn: release artifact v0.89.2 does not have provenance: https://api.github.com/repos/mattermost/mattermost-cloud/releases/220111171","Warn: release artifact v0.90.0 does not have provenance: https://api.github.com/repos/mattermost/mattermost-cloud/releases/219798114","Warn: release artifact v0.89.1 does not have provenance: https://api.github.com/repos/mattermost/mattermost-cloud/releases/211014927"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/ci.yml:89"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"117 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0616 / GHSA-qggc-pj29-j27m","Warn: Project is vulnerable to: GO-2022-0604 / GHSA-hv5f-73mr-7vvj","Warn: Project is vulnerable to: GO-2022-0595","Warn: Project is vulnerable to: GO-2022-0576","Warn: Project is vulnerable to: GO-2022-0599","Warn: Project is vulnerable to: GO-2022-0540","Warn: Project is vulnerable to: GHSA-63f2-6959-2pxj","Warn: Project is vulnerable to: GHSA-8jhh-3jf2-pfwr","Warn: Project is vulnerable to: GHSA-9hj7-v56g-rhf6","Warn: Project is vulnerable to: GO-2024-3164","Warn: Project is vulnerable to: GO-2024-3232","Warn: Project is vulnerable to: GO-2024-3227","Warn: Project is vulnerable to: GO-2024-3233","Warn: Project is vulnerable to: GO-2024-3234","Warn: Project is vulnerable to: GO-2024-3235","Warn: Project is vulnerable to: GO-2025-3392","Warn: Project is vulnerable to: GO-2025-3393","Warn: Project is vulnerable to: GO-2025-3394","Warn: Project is vulnerable to: GO-2025-3407","Warn: Project is vulnerable to: GO-2025-3482","Warn: Project is vulnerable to: GO-2025-3377","Warn: Project is vulnerable to: GO-2025-3379","Warn: Project is vulnerable to: GO-2025-3380","Warn: Project is vulnerable to: GO-2025-3481","Warn: Project is vulnerable to: GO-2025-3480","Warn: Project is vulnerable to: GO-2025-3483","Warn: Project is vulnerable to: GO-2025-3611","Warn: Project is vulnerable to: GO-2025-3618","Warn: Project is vulnerable to: GO-2025-3619","Warn: Project is vulnerable to: GO-2025-3621","Warn: Project is vulnerable to: GO-2025-3622","Warn: Project is vulnerable to: GO-2025-3642","Warn: Project is vulnerable to: GO-2025-3643","Warn: Project is vulnerable to: GO-2025-3644","Warn: Project is vulnerable to: GO-2025-3556","Warn: Project is vulnerable to: GO-2025-3610","Warn: Project is vulnerable to: GO-2025-3609","Warn: Project is vulnerable to: GO-2025-3620","Warn: Project is vulnerable to: GO-2025-3623","Warn: Project is vulnerable to: GO-2025-3731","Warn: Project is vulnerable to: GO-2025-3691","Warn: Project is vulnerable to: GO-2025-3694","Warn: Project is vulnerable to: GO-2025-3724","Warn: Project is vulnerable to: GO-2025-3729","Warn: Project is vulnerable to: GO-2025-3730","Warn: Project is vulnerable to: GO-2025-3756","Warn: Project is vulnerable to: GO-2025-3728","Warn: Project is vulnerable to: GO-2025-3692","Warn: Project is vulnerable to: GO-2025-3693","Warn: Project is vulnerable to: GO-2025-3757","Warn: Project is vulnerable to: GO-2025-3796","Warn: Project is vulnerable to: GO-2025-3797","Warn: Project is vulnerable to: GO-2025-3769","Warn: Project is vulnerable to: GO-2025-3771","Warn: Project is vulnerable to: GO-2025-3772","Warn: Project is vulnerable to: GO-2025-3819","Warn: Project is vulnerable to: GO-2025-3820","Warn: Project is vulnerable to: GO-2025-3818","Warn: Project is vulnerable to: GO-2024-2448","Warn: Project is vulnerable to: GO-2024-2541","Warn: Project is vulnerable to: GO-2024-2566","Warn: Project is vulnerable to: GO-2024-2589","Warn: Project is vulnerable to: GO-2024-2591","Warn: Project is vulnerable to: GO-2024-2592","Warn: Project is vulnerable to: GO-2024-2635","Warn: Project is vulnerable to: GO-2024-2588","Warn: Project is vulnerable to: GO-2024-2590","Warn: Project is vulnerable to: GO-2024-2593","Warn: Project is vulnerable to: GO-2024-2594","Warn: Project is vulnerable to: GO-2024-2595","Warn: Project is vulnerable to: GO-2024-2695","Warn: Project is vulnerable to: GO-2024-2696","Warn: Project is vulnerable to: GO-2024-2706","Warn: Project is vulnerable to: GO-2024-3020","Warn: Project is vulnerable to: GO-2024-3022","Warn: Project is vulnerable to: GO-2024-3023","Warn: Project is vulnerable to: GO-2024-3024","Warn: Project is vulnerable to: GO-2024-3025","Warn: Project is vulnerable to: GO-2024-3028","Warn: Project is vulnerable to: GO-2024-3030","Warn: Project is vulnerable to: GO-2024-3031","Warn: Project is vulnerable to: GO-2024-3032","Warn: Project is vulnerable to: GO-2024-3092","Warn: Project is vulnerable to: GO-2024-3089","Warn: Project is vulnerable to: GO-2024-3090","Warn: Project is vulnerable to: GO-2024-3091","Warn: Project is vulnerable to: GO-2024-3093","Warn: Project is vulnerable to: GO-2024-3094","Warn: Project is vulnerable to: GO-2024-3096","Warn: Project is vulnerable to: GO-2024-3097","Warn: Project is vulnerable to: GO-2025-3534","Warn: Project is vulnerable to: GO-2025-3555","Warn: Project is vulnerable to: GO-2025-3604","Warn: Project is vulnerable to: GO-2024-3337","Warn: Project is vulnerable to: GO-2024-3338","Warn: Project is vulnerable to: GO-2024-3340","Warn: Project is vulnerable to: GO-2025-3549","Warn: Project is vulnerable to: GO-2025-3550","Warn: Project is vulnerable to: GO-2025-3551","Warn: Project is vulnerable to: GO-2025-3552","Warn: Project is vulnerable to: GO-2024-2444","Warn: Project is vulnerable to: GO-2024-2446","Warn: Project is vulnerable to: GO-2024-2450","Warn: Project is vulnerable to: GO-2024-2707","Warn: Project is vulnerable to: GO-2024-3334","Warn: Project is vulnerable to: GO-2024-2500 / GHSA-3fwx-pjgw-3558","Warn: Project is vulnerable to: GO-2024-2913","Warn: Project is vulnerable to: GO-2024-2914 / GHSA-xmmx-7jpf-fx42","Warn: Project is vulnerable to: GO-2022-0390 / GHSA-2mm7-x5h6-5pvq","Warn: Project is vulnerable to: GO-2024-2512 / GHSA-xw73-rw38-6vjc","Warn: Project is vulnerable to: GO-2024-3305 / GHSA-gh5c-3h97-2f3q","Warn: Project is vulnerable to: GO-2024-3304 / GHSA-2mj3-vfvx-fc43","Warn: Project is vulnerable to: GO-2024-3005","Warn: Project is vulnerable to: GO-2025-3376 / GHSA-675f-rq2r-jw82","Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GO-2025-3553 / GHSA-mh63-6h87-95cp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T06:34:32.210Z","repository_id":38361837,"created_at":"2025-08-21T06:34:32.211Z","updated_at":"2025-08-21T06:34:32.211Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28439540,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T22:37:52.437Z","status":"ssl_error","status_checked_at":"2026-01-14T22:37:31.496Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adoption","friction","hacktoberfest","kubernetes","mattermost"],"created_at":"2024-08-03T01:01:50.862Z","updated_at":"2026-01-14T23:49:03.718Z","avatar_url":"https://github.com/mattermost.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# Mattermost Cloud ![CircleCI branch](https://img.shields.io/circleci/project/github/mattermost/mattermost-cloud/master.svg)\n\nMattermost Cloud is a SaaS offering meant to smooth and accelerate the customer journey from trial to full adoption. There is a significant amount of friction for a customer to set up a trial of Mattermost, and even more friction to run an extended length proof of concept. Both require hardware and technical personnel resources that create a significant barrier to potential customers. Mattermost Cloud aims to remove this barrier by providing a service to provision and host Mattermost instances that can be used by customers who have no technical experience. This will accelerate the customer journey to a full adoption of Mattermost either in the form of moving to a self-hosted instance or by continuing to use the cloud service.\n\nRead more about the [Mattermost Cloud Architecture](https://docs.google.com/document/u/1/d/1L11OcIlm6YJcPbnQyTsczwm4M3DcyKDx3ahmHN-DcmQ/edit).\n\n## Other Resources\n\nThis repository houses the open-source components of Mattermost Private Cloud. Other resources are linked below:\n\n- [Mattermost the server and user interface](https://github.com/mattermost/mattermost-server)\n- [Helm chart for Mattermost Enterprise Edition](https://github.com/mattermost/mattermost-kubernetes)\n- [Experimental Mattermost operator for Kubernetes](https://github.com/mattermost/mattermost-operator)\n\n## Get Involved\n\n- [Join the discussion on Mattermost Cloud](https://community.mattermost.com/core/channels/cloud)\n\n## Developing\n\n### Environment Setup\n\n#### Required Software\n\nThe following is required to properly run the cloud server.\n\n##### Note: when versions are specified, it is extremely important to follow the requirement. Newer versions will often not work as expected\n\n1. Install [Go](https://golang.org/doc/install)\n2. Install [Terraform](https://learn.hashicorp.com/terraform/getting-started/install.html) version v1.5.5\n   1. Try using [tfswitch](https://warrensbox.github.io/terraform-switcher/) for switching easily between versions\n3. Install [kops](https://github.com/kubernetes/kops/blob/master/docs/install.md) version 1.27.X\n4. Install [Helm](https://helm.sh/docs/intro/install/) version 3.13.X\n5. Install [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)\n6. Install [golang/mock](https://github.com/golang/mock#installation) version 1.4.x\n7. (macOS only) Upgrade [diffutils](https://www.gnu.org/software/diffutils/) with `brew install diffutils`. Used by the linters.\n\n#### Other Setup\n\n1. Specify the region in your AWS config, e.g. `~/.aws/config`:\n```\n[profile mm-cloud]\nregion = us-east-1\n```\n\n2. Generate an AWS Access and Secret key pair, then export them in your bash profile:\n```\nexport AWS_ACCESS_KEY_ID=YOURACCESSKEYID\nexport AWS_SECRET_ACCESS_KEY=YOURSECRETACCESSKEY\nexport AWS_PROFILE=mm-cloud\n```\n3. Create an S3 bucket to store the kops state. The name of the bucket **MUST** start with `cloud-` prefix and\n  has to be created using the provisioner account credentials. To do it run the following:\n```\naws s3api create-bucket --bucket cloud-\u003cyourname\u003e-kops-state --region us-east-1\n```\n4. Clone this repository into your GOPATH (or anywhere if you have Go Modules enabled)\n\n5. Generate a Gitlab Token for access to the utilities Helm values repo. Then export:\n```\nexport GITLAB_OAUTH_TOKEN=\u003ctoken\u003e\n```\nThis is the option when a remote git repo is used for utility values. In case you want to use local values for local testing you can export an empty token value and add the values in the relevant file in `helm-charts` directory and pass it in the cluster creation step.\n\n6. Get a CloudFlare API Key, and export it with\n```\nexport CLOUDFLARE_API_KEY=\u003ckey\u003e\n```\n\nAlso:\n- Make sure you have a key in your ~/.ssh/\n    such as:\n    ```\n    id_rsa\n    id_rsa.pub\n    ```\n    If not you need to run:\n    ```\n    ssh-keygen -t rsa -C \"\u003cyour-email\u003e\"\n    ```\n\n### Building\n\nThe provisioning server can be built and installed by running the following:\n\n```bash\ngo install ./cmd/cloud\n```\n\nThis will install the cloud binary to your `$GOPATH/bin` directory. If you haven't already, it's generally a good idea to add this directory to your `$PATH` to easily reference.\n\n### Notes on the Cloud Server Database\n\nThe cloud server makes use of a PostgreSQL database to store information on currently-deployed resources. Maintaining this database is important so that the provisioner can update and delete resources in the future.\n\nNOTE: the cloud server recently deprecated SQLite support. If you were using a SQLite database for development then review the deprecation notes at the end of the README.\n\n### Running\nBefore running the server the first time you must set up the DB with:\n```bash\nmake dev-start\n```\n\nThis will start a docker PostgreSQL container `cloud-postgres` for your provisioning server to store resource information in.\n\nBefore using the new database we need to ensure it has the latest schema by running the following:\n```bash\n$ cloud schema migrate --database 'postgres://provisioner:provisionerdev@localhost:5430/cloud?sslmode=disable'\n```\n\nYou are now ready to start the provisioning server. Here is a command with some required flags as well as some flags which help with development.\n\n```bash\ncloud server --dev --database=postgres://provisioner:provisionerdev@localhost:5430/cloud?sslmode=disable --state-store=\u003cyour-s3-bucket\u003e --utilities-git-url=\u003chttps://gitlab.example.com\u003e\n```\n\n### Creating your First Cluster\n\nBefore you can create a Mattermost installation you will need a kubernetes cluster. You can create one by running the following command in a new terminal window.\n```bash\ncloud cluster create --zones \u003cavailabiity-zone\u003e --size SizeAlef500 --networking calico\ni.e.\ncloud cluster create --zones=us-east-1a --networking calico\n```\nNote: Provisioner's default network provider is **amazon-vpc-routed-eni** which can be overridden using `--networking` flag. Supported network providers are weave, canal, calico, amazon-vpc-routed-eni.\n\nYou will get a response like this one:\n```bash\n[\n    {\n        \"ID\": \"tetw1yt3yinjdbhctsstcrybch\",\n        \"Provider\": \"aws\",\n        \"Provisioner\": \"kops\",\n        \"ProviderMetadata\": \"eyJab25lcyI6WyJ1cy1lYXN0LTFjIl19\",\n        \"ProvisionerMetadata\": \"eyJOYW1lIjoidGV0dzF5dDN5aW5qZGJoY3Rzc3RjcnliY2gta29wcy5rOHMubG9jYWwiLCJWZXJzaW9uIjoibGF0ZXN0IiwiQU1JIjoiIn0=\",\n        \"AllowInstallations\": true,\n        \"Version\": \"1.16.9\",\n        \"Size\": \"SizeAlef500\",\n        \"State\": \"creation-requested\",\n        \"CreateAt\": 1589188584607,\n        \"DeleteAt\": 0,\n        \"LockAcquiredBy\": \"4z4f3xf6sfgnbrxfze94zrbb5y\",\n        \"LockAcquiredAt\": 1589211779835,\n        \"UtilityMetadata\": \"eyJkZXNpcmVkVmVyc2lvbnMiOnsiUHJvbWV0aGV1cyI6IjEwLjQuMCIsIk5naW54IjoiMS4zMC4wIiwiRmx1ZW50Yml0IjoiMi44LjciLCJDZXJ0TWFuYWdlciI6InYwLjEzLjEiLCJQdWJsaWNOZ2lueCI6IjEuMzAuMCJ9LCJhY3R1YWxWZXJzaW9ucyI6eyJQcm9tZXRoZXVzIjoiMTAuNC4wIiwiTmdpbngiOiIxLjMwLjAiLCJGbHVlbnRiaXQiOiIyLjguNyIsIkNlcnRNYW5hZ2VyIjoidjAuMTMuMSIsIlB1YmxpY05naW54IjoiMS4zMC4wIn19\"\n    }\n]\n```\n\nThe terminal window where the cloud server is running should produce logs as it creates the cluster. At any time you can run `cloud cluster list` to check on the status of the cluster.\n\nIf something breaks and reprovisioning is needed, run\n```bash\ncloud cluster provision --cluster \u003ccluster-ID\u003e\ni.e.\ncloud cluster provision --cluster tetw1yt3yinjdbhctsstcrybch\n```\n\nThen, when the `state` will be `stable`, export the kubeconfig:\n```bash\nkops export kubecfg \u003ccluster-ID\u003e-kops.k8s.local --state s3://\u003cyour-s3-bucket\u003e\ni.e.\nkops export kubecfg tetw1yt3yinjdbhctsstcrybch-kops.k8s.local --state s3://angelos-kops-state\n```\n\nNow check if you can get the pods from the cluster with: `kubectl get pods -A`\n\n#### Installation\nTo create an installation, run:\n```bash\ncloud installation create --owner \u003cyour-name\u003e --dns \u003cyour-dns-record\u003e --size 100users --affinity multitenant\ni.e. in test account\ncloud installation create --owner stelios --dns stelios.test.cloud.mattermost.com --size 100users --affinity multitenant\n```\n\nCheck its creation progress on the first window where the API runs or run `cloud installation list`\n to check installation status\n\nAfter the installation has finished(stable) you will be able to access your installation\non your \u003cyour-dns-record\u003e\n\n### Testing\n\nRun the go tests to test:\n\n```bash\n$ make unittest\n```\n\n### End-to-end tests\n\nThere are some end-to-end tests located in `./e2e` directory.\n\n#### DB Migration end-to-end tests\n\nDB Migration e2e tests can be run with `make e2e-db-migration`.\n\nE2e test for DB migration requires the following setup:\n- Local instance of Provisioner.\n- Workload cluster able to handle at least 2 installations of size `1000users`.\n- 2 Multi tenant Postgres databases provisioned in the same VPC as the workload cluster.\n- The destination database to which the migration can be performed should be exported as environment variable `DESTINATION_DB`.\n- Kubeconfig of workload cluster exported locally.\n\n#### Cluster end-to-end tests\n\nCluster provisioning e2e tests can be run with `make e2e-cluster`.\n\n### Deleting a cluster and installations\nBefore deleting a cluster you will **have** to delete the installations first on it.\n\nFirst, check how many installations are running:\n```bash\ncloud installation list\n[\n    {\n        \"ID\": \"8npnfpbiitygxbsrpg1p5i1sse\",\n        \"OwnerID\": \"stelios\",\n        \"GroupID\": \"\",\n        \"Version\": \"stable\",\n        \"Image\": \"mattermost/mattermost-enterprise-edition\",\n        \"DNS\": \"stelios.test.cloud.mattermost.com\",\n        \"Database\": \"mysql-operator\",\n        \"Filestore\": \"minio-operator\",\n        \"License\": \"\",\n        \"MattermostEnv\": null,\n        \"Size\": \"100users\",\n        \"Affinity\": \"multitenant\",\n        \"State\": \"creation-final-tasks\",\n        \"CreateAt\": 1589359071894,\n        \"DeleteAt\": 0,\n        \"LockAcquiredBy\": \"m6sj6oc7fg93jkfgh3tjqw\",\n        \"LockAcquiredAt\": 1589359923924\n    }\n]\n```\nGet their IDs, and delete them\n```bash\ncloud installation delete --installation \u003cinstallation-ID\u003e\ni.e.\ncloud installation delete --installation 8npnfpbiitygxbsrpg1p5i1sse\n```\n\nThen proceed to cluster deletion:\n```bash\ncloud cluster delete --cluster \u003ccluster-ID\u003e\n```\n\nIf a cluster cannot be deleted due to absence of ssh key, need to run:\n```bash\nkops create secret --name \u003ccluster-ID\u003e-kops.k8s.local sshpublickey admin -i ~/.ssh/id_rsa.pub --state s3://\u003cyour-s3-bucket\u003e\n```\n\n### Deprecation Instructions\n\n#### Cloud Server SQLite to PostgreSQL Migration\n\nThe cloud server recently deprecated SQLite database support.\n\nThe simplest migration method to PostgreSQL is to remove all running resources and then migrate to PostgreSQL by doing the following:\n1. Run `cloud installation delete` for all active installations.\n2. Run `cloud cluster delete` for all active clusters.\n3. Run `make dev-start` to build a new PG docker container\n\nYour existing `cloud.db` SQLite database will remain and can by kept for historical purposes if you want to lookup old resource IDs or events.\n\n#### Cloud Server Postgres Version 12.5 -\u003e 14.17 Migration\n\nWhen upgrading the Postgres image in the docker-compose.yaml file for local development, the following steps can be followed:\n\n1. Run `docker exec cloud-postgres pg_dumpall -U provisioner \u003e backup.sql` to perform a backup of your existing database\n2. Run `docker-compose down`\n3. Run `docker-compose up -d`\n4. Open `backup.sql` created in step 1 with a text editor, and remove the line `ALTER ROLE provisioner WITH SUPERUSER INHERIT CREATEROLE CREATEDB LOGIN REPLICATION BYPASSRLS PASSWORD '\u003csome hash\u003e'; ` so the provisioner user's credentials aren't overwritten\n5. Run `cat backup.sql | docker exec -i cloud-postgres psql -U provisioner`\n\nAfter completing the above steps, you should be up and running with your existing data in place on pg 14.8, persisted to a volume at `~/.cloud`\n\n#### Cluster reprovisioning steps for new NGINX deployment\n\nThis is related to the changes introduced in [PR-263](https://github.com/mattermost/mattermost-cloud/pull/263)\n\nPlease follow the steps below for the reprovisioning of existing clusters:\n- Reprovision the cluster by running ```cloud cluster provision --cluster \u003ccluster_id\u003e --nginx-version 4.0.18```.\n- Check that new nginx deployed both internal and public Load Balancers (nginx-ingress-nginx-controller-internal and nginx-ingress-nginx-controller).\n- Manually update Prometheus Route53 record to use the new private Load Balancer (nginx-ingress-nginx-controller-internal).\n- Manually update cluster installations Route53 records one by one to use the new public Load balancer (nginx-ingress-nginx-controller).\n  - Update clusterinstallation ingress annotation to use Nginx class nginx-controller instead of nginx.\n  - Manually update network policy to target nginx instead of public-nginx.\n- Confirm that all services are up and running.\n- Delete old NGINX helm charts.\n  - ```helm del --purge public-nginx```\n  - ```helm del --purge private-nginx```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmattermost%2Fmattermost-cloud","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmattermost%2Fmattermost-cloud","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmattermost%2Fmattermost-cloud/lists"}