Mattermost v7.9.1 team-edition helm deployment issues

AWS EKS Cluster running v1.23 Kubernetes
Using standard StorageClass gp2 provided by the EKS deployment

I am using the full values file for deployment:

helm install mattermost-server mattermost/mattermost-team-edition -f mattermost-values.yaml -n mattermost --set storageclass=gp2

During deployment, issues with permissions to create directories for plugins.

Error Example:
mattermost-team-edition {“timestamp”:“2023-03-19 04:04:06.131 Z”,“level”:“error”,“msg”:“Failed to install prepackaged plugin”,“caller”:“app/plugin.go:964”,“path”:“/mattermost/prepackaged_plugins/mattermost-plugin-calls-v0.14.0-linux-amd64.tar.gz”,“error”:“Failed to install extracted prepackaged plugin /mattermost/prepackaged_plugins/mattermost-plugin-calls-v0.14.0-linux-amd64.tar.gz: installExtractedPlugin: Unable to generate plugin webapp bundle., unable to copy webapp bundle directory: com.mattermost.calls: mkdir client/plugins/com.mattermost.calls: permission denied”}

mkdir client/plugins/com.mattermost.nps: permission denied"
mkdir client/plugins/playbooks: permission denied"
mkdir client/plugins/com.mattermost.calls: permission denied"
mkdir client/plugins/focalboard: permission denied"

After running exec into the pod, I am also unable to create the directories unless I change the permissions on the plugins directory to 777

There is also a nagging license error

I am prevented from installing gitlab plugin from the Console which is required for our testing.

Did you change any policies and/or user & group IDs?

Some policies & user/group IDs are hard-coded. The way to fix it for you individually is to fork the Helm chart, build your own Docker image with the IDs you need & then it should work.

Otherwise, there may be some restricitions on your vendor-specific storage method.

Thanks for taking a look!
This is a fresh deployment with no changes to policies or user/group ID’s

I changed the deployment to this, so am using all but a few default values
helm install mattermost-server mattermost/mattermost-team-edition -n mattermost --set storageclass=gp2 --set service.type=LoadBalancer --set service.externalPort=80 --set mysql.mysqlUser=mattermost --set mysql.mysqlPassword=abc123

Issues still persists

Is it possible this is the problem ?
mattermost-server-mattermost-team-edition-548ddc6f6b-jfrq6 mattermost-team-edition {“timestamp”:“2023-03-20 18:32:21.875 Z”,“level”:“debug”,“msg”:“No license provided; Remote Cluster services disabled”,“caller”:“app/server.go:576”}

in the client directory, plugins is the only thing owned by root
drwxr-xr-x 3 root root 4096 Mar 20 19:19 plugins

As a work around I have tried getting root into the pod using both kubectl ssh and runc without any luck to change the owner as the the pod is coming up.

Anyone know of another method? I can’t ssh to nodes so thats not an option

where can I get a full list of options for MM environment variables ?

This list should be quite comprehensive and you’ll see that there’s a scheme behind the environment variable names:

If you want to override the configuration setting TeamSettings.EnableCustomBrand in your config.json with an environment variable, its name is MM_TEAMSETTINGS_ENABLECUSTOMBRAND.

That is a known problem with kubectl.

Try chown 1001:1001 -R plugins. Replace 1001 with whatever user the other folders use.

By default, anything configured during the deployment for plugins is created with root as the owner.
short of a root login, there is no way to fix this issue. I will assume from this that the teams deployment has disabled plugins as part of version restrictions.

Thanks everyone who has tried to help

My last post on the subject. Enterprise when installed without a license still has the correct permissions and deploys the default pulugins.

mattermost@mattermost-ent-mattermost-enterprise-edition-678857cdcf-jhf7n:~$ ls -l client/ | grep plugin
drwxrwxrwx 8 root root 4096 Mar 21 23:13 plugins
mattermost@mattermost-ent-mattermost-enterprise-edition-678857cdcf-jhf7n:~$ cd client/plugins/
mattermost@mattermost-ent-mattermost-enterprise-edition-678857cdcf-jhf7n:~/client/plugins$ ls
com.mattermost.calls com.mattermost.nps com.mattermost.plugin-channel-export focalboard jitsi playbooks

So it appears to be a code issue and not much I can do about that.

So you’re saying that the enterprise build has no problem with the plugins, but the teamedition does? I’m not sure what you meant with “still has the correct permissions”.

I am suggesting its not a license issue but just some code. team-edition does complain about lack of a license.

Back door fix:
Make sure you have ssh access to workers in the cluster. I had not addedd rsa key to my EKS deployment and had to add that to get things working.

As the deployment spins up do a kubectl gep pod -o wide and get the node the pod is running on.
log into the the node.
run sudo docker ps | grep edition to get the docker id

run docker exec -u 0 instanceID chmod 777 /mattermost/client/plugins

Add S3 bucket in file storage, restart the pod, this allows the default plugins (including apps) to deploy

kubectl rollout restart deployment/mattermost-server-mattermost-team-edition -n mattermost

I don’t know if it will help because my English is not good.

on-prem , k8s v1.24.11
mattermost team edition v7.9.1, helm chart installed
storage use minio bucket.

i installed based on this guide.

My problem was also a permission problem when installing the plugin.

added env to values.yaml


also, can test at mattermost
*System Console - File Storage - Enable Secure Amazon S3 Connections: false

Hi @new2001yy and welcome to the Mattermost forums!

Are you using an insecure deployment of minio maybe for your S3 backend? That would explain why you have to disable the SSL security for the S3 backends.

I found a workaround. Add this to you helm values:

  - command:
      - sh
      - '-c'
      - chown -R 2000:2000 /client/plugins
    image: busybox
    name: changeowner
      - mountPath: /client/plugins
        name: mattermost-plugins

This runs a init container which changes the owner of the plugins folder.

Interesting workaround - thanks for sharing!

Thanks! Will take a look at that soon