-
Notifications
You must be signed in to change notification settings - Fork 608
docs: add csp section to docs #8908
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
NARSimoes
wants to merge
4
commits into
master
Choose a base branch
from
nasimoes-docs-vm-offers
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
4 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
124 changes: 124 additions & 0 deletions
124
source/deployment-guide/csp-marketplaces/azure/mattermost-azure-native-app.rst
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,124 @@ | ||
| :orphan: | ||
| :nosearch: | ||
|
|
||
| Mattermost is published as an **Azure Marketplace** solution that provisions a production-style Mattermost stack in your own subscription using Azure-managed services for compute, database, shared file storage, and load balancing. This option is intended for organizations that want a resilient Mattermost deployment they can scale and operate within their existing Azure tenant. | ||
|
|
||
| Prerequisites | ||
| ------------- | ||
|
|
||
| * An active **Azure subscription** with permission to create resource groups and accept **Azure Marketplace** billing terms for the offer. | ||
| * Familiarity with the **Azure portal** (resource groups, networking, virtual machines, and Application Gateway). | ||
| * For multi-node deployments (more than one application instance), a valid **Mattermost Enterprise license** file. Single-node deployments do not require a license. | ||
| * If you plan to enable **HTTPS** at deployment time: | ||
|
|
||
| * A **PFX (PKCS#12)** certificate bundle and its password. | ||
| * A **custom domain (FQDN)** that you will point to the Application Gateway after deployment. | ||
|
|
||
| What gets deployed | ||
| ------------------ | ||
|
|
||
| The template provisions a self-contained, production-style stack in the resource group you select, including: | ||
|
|
||
| 1. **Virtual Machine Scale Set (Linux):** Runs Mattermost on Ubuntu Pro 24.04 LTS images published by Mattermost. Instance count and VM size are driven by the scaling tier you choose. | ||
| 2. **Application Gateway with public IP:** Acts as the entry point for Mattermost traffic, with optional **HTTPS listener** (using your PFX certificate) and HTTP-to-HTTPS redirection when HTTPS is enabled. | ||
| 3. **Azure Database for PostgreSQL Flexible Server:** Managed PostgreSQL service that stores Mattermost data, with optional **same-zone** or **zone-redundant** high availability and configurable backup retention and geo-redundancy. | ||
| 4. **Azure Files (NFS) with private endpoint:** Shared storage for Mattermost data (uploads, plugins, and other shared files), reachable only from inside the virtual network. | ||
| 5. **Virtual network and subnets:** A dedicated VNet for the deployment, with separate subnets for the Application Gateway, the Mattermost application instances, the database, and the storage private endpoint. | ||
| 6. **NAT gateway:** Provides controlled outbound internet access for the application instances (for example, to fetch packages and the Mattermost configuration scripts). | ||
| 7. **Private DNS zones:** Used to resolve the PostgreSQL Flexible Server and Azure Files private endpoint from inside the VNet. | ||
|
|
||
| Step 1: Select a plan and start creation | ||
| ---------------------------------------- | ||
|
|
||
| Open the **Mattermost - Azure-Native (VM-based)** offer in the Azure Marketplace, click **Get it now**, select the plan, and then click **Create** to open the deployment wizard. | ||
|
|
||
| Step 2: Basics | ||
| -------------- | ||
|
|
||
| On the **Basics** tab, configure the following: | ||
|
|
||
| 1. **Subscription:** Choose the Azure subscription where the deployment will live. | ||
| 2. **Resource group:** Select an existing resource group or create a new one. A **new** resource group keeps the production stack easy to manage and clean up. | ||
| 3. **Region:** Select the deployment region. Choose a region that supports the PostgreSQL Flexible Server SKUs you plan to use, and that has the **availability zones** you need if you intend to enable PostgreSQL high availability. | ||
| 4. **Resource name prefix:** Short prefix (2–12 lowercase letters, digits, or hyphens) used to name the Azure resources created by the template (for example, ``mm-prod``). | ||
|
|
||
| Step 3: Application | ||
| ------------------- | ||
|
|
||
| On the **Application** tab, configure how the Mattermost application is sized and how administrators access the VMs. | ||
|
|
||
| 1. **Scaling tier:** Pick the user scale you are planning for. The wizard uses this to suggest sensible defaults for the **VMSS instance count**, **VM size**, and **PostgreSQL SKU**, and to determine whether **read replicas** are created for the database. Suggested tiers: | ||
|
|
||
| * **Up to 200 users:** 1 node, ``Standard_F2s_v2``. | ||
| * **Up to 2,000 users:** 2 nodes, ``Standard_F2s_v2``. | ||
| * **Up to 15,000 users:** 2 nodes, ``Standard_F4s_v2``. | ||
| * **Up to 30,000 users:** 2 nodes, ``Standard_F8s_v2``. | ||
|
|
||
| 2. **VMSS instance count:** Number of Mattermost application nodes (1–20). Defaults to the suggested value for your scaling tier; adjust if needed. | ||
| 3. **Enterprise license file:** Required when the instance count is greater than 1 (multi-node high-availability clustering). Upload your Mattermost Enterprise license file. Single-node deployments don't require a license. | ||
| 4. **VM SKU:** Size of each VMSS instance. The wizard surfaces recommended Linux sizes first; you can select any supported Linux size available in your region. | ||
| 5. **Admin username:** Linux administrator account used to sign in to the VM instances. | ||
| 6. **Authentication type:** Choose **Password** or **SSH public key** for Linux sign-in. **SSH public key** is recommended for production deployments. | ||
| 7. **Mattermost Version:** The Mattermost version to install (for example, ``11.6.0``). See the :doc:`Mattermost release policy </product-overview/release-policy>` for supported versions. | ||
|
|
||
| Step 4: Database | ||
| ---------------- | ||
|
|
||
| On the **Database** tab, configure the managed PostgreSQL service and the shared NFS file share. | ||
|
|
||
| 1. **PostgreSQL compute SKU:** Memory-optimized Flexible Server SKU. Defaults to the SKU recommended for your scaling tier; pick a SKU that is supported in your region. Available choices include ``Standard_E2ads_v5/v6``, ``Standard_E4ads_v5/v6``, and ``Standard_E8ads_v5/v6``. | ||
| 2. **PostgreSQL high availability:** Choose how PostgreSQL is made resilient: | ||
|
|
||
| * **Disabled:** Single primary instance. Suitable for small deployments and lower-cost evaluations. | ||
| * **Same zone:** Primary and standby in the same availability zone. | ||
| * **Zone redundant:** Primary and standby in different availability zones; recommended for production HA. | ||
|
|
||
| 3. **Primary availability zone** and **standby availability zone:** Shown when HA is enabled. For zone-redundant HA, the primary and standby zones must be different. Pick zones supported in your region for the PostgreSQL SKU you chose. | ||
| 4. **PostgreSQL admin username and password:** Administrator credentials for the Flexible Server. Avoid reserved names such as ``azure_superuser``. The password must meet `Azure Flexible Server password complexity requirements <https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-security#password>`_. | ||
| 5. **NFS share size (GiB):** Size of the Azure Files (NFS) share used by Mattermost for shared application data. Minimum 100 GiB. | ||
| 6. **Geo-redundant backup:** Replicates PostgreSQL backups to Azure's paired region for cross-region disaster recovery. Recommended for production. **This setting cannot be changed after deployment.** | ||
|
|
||
| .. note:: | ||
|
|
||
| Backup retention for PostgreSQL is set to 35 days at deployment time. You can change retention from the Azure portal after the deployment completes. | ||
|
|
||
| Step 5: Networking | ||
| ------------------ | ||
|
|
||
| On the **Networking** tab, configure the virtual network and how Mattermost is exposed to users. | ||
|
|
||
| 1. **VNet address space (CIDR):** The address space for the virtual network created by the template. Defaults to ``10.0.0.0/22``. Pick a range that does not overlap with other VNets you plan to peer with. | ||
| 2. **Public IP address:** Typically **create new**. You must set a **DNS prefix** (label) that is **globally unique** across Azure public cloud; it forms part of your URL and allows public access to your workspace. If the label is already taken, deployment will fail. | ||
| 3. **Enable HTTPS on Application Gateway:** When enabled, the Application Gateway terminates TLS using your PFX certificate and HTTP traffic is redirected to HTTPS. When disabled, Mattermost is served over HTTP on the Azure-assigned hostname (suitable for testing, **not recommended for production**). | ||
| 4. **PFX certificate** and **PFX password:** Shown when HTTPS is enabled. Upload your PKCS#12 bundle and provide the password used to protect it. | ||
| 5. **Custom domain (FQDN):** Shown when HTTPS is enabled. The public hostname Mattermost will use (for example, ``mattermost.example.com``). After deployment, you must create a **CNAME** record pointing this hostname to the Azure-assigned DNS name of the Application Gateway public IP. | ||
|
|
||
| Step 6: Review and create | ||
| ------------------------- | ||
|
|
||
| Review your settings, accept any **Marketplace** terms if prompted, then select **Create**. Provisioning the full stack typically takes longer than a single-VM deployment because of the database, storage, and Application Gateway resources. First-boot configuration on the Mattermost instances may take additional time before the application is reachable. | ||
|
|
||
| **After deployment completes:** | ||
|
|
||
| * In the Azure portal, open the **resource group** you used. | ||
| * Open the **Application Gateway public IP** resource (named ``<prefix>-ag-pip``). Under **Essentials**, note the **DNS name** (Azure-assigned FQDN). | ||
| * If you deployed **without HTTPS**, your site URL is: | ||
|
|
||
| ``http://<dns-label>.<region>.cloudapp.azure.com`` | ||
|
|
||
| * If you deployed **with HTTPS**, create a **CNAME** record at your DNS provider that points your **custom domain** to the Azure-assigned DNS name of the Application Gateway public IP. Once DNS propagates, your site URL is: | ||
|
|
||
| ``https://<your-custom-domain>`` | ||
|
|
||
| Step 7: Open Mattermost and create your administrator | ||
| ----------------------------------------------------- | ||
|
|
||
| In a browser, go to your Mattermost URL. Mattermost will prompt you to **create the first user**, which becomes the **System Administrator**. That account is different from the **Linux** username and password (or SSH key) you configured in Step 3. | ||
|
|
||
| Congratulations! You've successfully deployed a production-style Mattermost stack on Azure. | ||
|
|
||
| Next steps | ||
| ---------- | ||
|
|
||
| * For sizing guidance and reference architectures, see :doc:`high-availability-cluster-based-deployment </administration-guide/scale/high-availability-cluster-based-deployment>` and :doc:`server architecture </administration-guide/scale/server-architecture>`. | ||
| * For ongoing operations (upgrades, backups, monitoring), follow the standard Mattermost server administration documentation. |
78 changes: 78 additions & 0 deletions
78
source/deployment-guide/csp-marketplaces/azure/quick-start-evaluation.rst
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| :orphan: | ||
| :nosearch: | ||
|
|
||
| Mattermost is published as an **Azure Marketplace** solution that deploys a single Ubuntu virtual machine with Mattermost, PostgreSQL, network configurations, and the necessary Azure resources. This quick start evaluation option is preferred for customers already using Azure, as it integrates seamlessly within their existing infrastructure. | ||
|
|
||
| Prerequisites | ||
| ~~~~~~~~~~~~~ | ||
|
|
||
| * An active **Azure subscription** with permission to create resources and accept **Azure Marketplace** billing terms for the offer. | ||
| * Familiarity with the **Azure portal** (resource groups, networking, and virtual machines). | ||
|
|
||
| What gets deployed | ||
| ~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| The template provisions a small, self-contained stack in the resource group you select, including: | ||
|
|
||
| 1. **Virtual machine (Linux):** Runs Mattermost, PostgreSQL, and the reverse proxy. | ||
| 2. **Public IP address:** Allows access to the Mattermost workspace over the public internet, enabling users to connect to the platform securely. | ||
| 3. **Network interface:** Facilitates communication between the Virtual Machine and other Azure resources through a defined network layer. | ||
| 4. **Network security group:** Acts as a virtual firewall, controlling inbound and outbound traffic to protect the deployed resources from unauthorized access. | ||
| 5. **Managed OS disk:** Provides persistent storage mounted to the Virtual Machine for storing files generated by Mattermost, including uploaded documents and system configurations. | ||
| 6. **Virtual network:** An isolated network environment for the deployed resources, enabling private and controlled connectivity between infrastructure components. This can be a newly created or existing environment depending on your selection in the portal. | ||
|
|
||
|
|
||
| Step 1: Select a plan and start creation | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| Go to the `Mattermost - Quick Start Evaluation (VM) <https://azuremarketplace.microsoft.com/en-us/marketplace/apps/mattermost.mattermost-all-in-one>`_ Azure Marketplace application to begin. Click **Get it now**, then select the **Mattermost - Quick Start Evaluation (VM)** plan, and click **Create** to open the deployment wizard. | ||
|
|
||
|
|
||
| Step 2: Basic Configuration | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| On the **Basics** tab, configure the following: | ||
|
|
||
| 1. **Subscription:** Choose the Azure subscription where the deployment will live. | ||
| 2. **Resource group:** Either select an existing resource group or create a new one. Using a **new** resource group keeps evaluation resources easy to find. | ||
| 3. **Region:** Select the deployment region for your Virtual Machine (for example, **East US** or **West Europe**). | ||
| 4. **Virtual Machine name:** Provide a unique name for your Virtual Machine. | ||
| 5. **Username:** Linux administrator account on the VM. | ||
| 6. **Email:** Used for Let's Encrypt registration when the instance requests a TLS certificate. Use a mailbox you can access since you may receive operational emails from the certificate authority. | ||
| 7. **Support email:** Contact email for end users to reach the instance administrator for troubleshooting. | ||
| 8. **Authentication type:** **Password** or **SSH public key** only for Linux sign-in to the VM. Password is often simpler for a quick trial; SSH key is appropriate if your organization requires key-based Linux access. | ||
|
|
||
| Step 3: Virtual Machine Settings and Network Configuration | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| On **Virtual Machine Settings** tab, configure the following: | ||
|
|
||
| 1. **Virtual machine size:** For trials, we recommend **Standard_F2s_v2** size but you can choose any other size available in your region. | ||
| 2. **Public IP address:** Typically **create new**. You must set a **DNS prefix** (label) that is **globally unique** in Azure for that cloud/region scope; it forms part of your URL. This DNS will allow public access to your workspace. If the label is already taken, deployment can fail. | ||
| 3. **Virtual network:** **Create new** with the suggested address space, or attach an existing VNet and subnet that meet the constraints. Using a new virtual network avoids collisions with overlapping address spaces in the same subscription. | ||
|
|
||
| The portal may show a preview of your URL in the form ``https://<dns-label>.<region>.cloudapp.azure.com``. That is the address you will use once TLS and Mattermost are ready. | ||
|
|
||
| Step 4: Review and create | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| Review settings, accept any **Marketplace** terms if prompted, then select **Create**. Provisioning usually takes a few minutes, and the first-boot configuration may take more time before HTTPS works reliably. | ||
|
|
||
| **After deployment completes:** | ||
|
|
||
| * In the Azure portal, open the **resource group** you used. | ||
| * Open the **Public IP address** resource (often named ``<your-vm-name>-ip`` unless you changed it). | ||
| * Under **Essentials**, note the **DNS name**. Your site URL is: | ||
|
|
||
| ``https://<dns-label>.<region>.cloudapp.azure.com`` | ||
|
|
||
| Example: ``https://myorg.eastus.cloudapp.azure.com`` | ||
|
|
||
| Use **https**; the deployment is intended to serve Mattermost over TLS. | ||
|
|
||
| Step 5: Open Mattermost and create your administrator | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| In a browser, go to your **HTTPS** URL. Mattermost will prompt you to **create the first user**, which becomes the **System Administrator**. That account is different from the **Linux** username and password (or SSH key) you configured in Step 2. | ||
|
|
||
| Congratulations! You’ve successfully deployed Mattermost for evaluation. |
15 changes: 15 additions & 0 deletions
15
source/deployment-guide/csp-marketplaces/csp-marketplaces-index.rst
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| CSP Marketplaces | ||
| ================ | ||
|
|
||
| This section provides instructions for deploying Mattermost from cloud service provider (CSP) marketplaces. | ||
|
|
||
| .. toctree:: | ||
| :maxdepth: 1 | ||
| :titlesonly: | ||
| :hidden: | ||
|
|
||
| Quick Start Evaluation </deployment-guide/csp-marketplaces/quick-start-evaluation> | ||
| Mattermost - Azure-Native (VM-based) </deployment-guide/csp-marketplaces/mattermost-azure-native-app> | ||
|
|
||
| * :doc:`Quick Start Evaluation </deployment-guide/csp-marketplaces/quick-start-evaluation>` - Evaluate Mattermost from CSP marketplaces (Azure today; more providers coming). | ||
| * :doc:`Mattermost - Azure-Native (VM-based) </deployment-guide/csp-marketplaces/mattermost-azure-native-app>` - Deploy a production-style Mattermost stack on Azure from the Azure Marketplace. |
12 changes: 12 additions & 0 deletions
12
source/deployment-guide/csp-marketplaces/mattermost-azure-native-app.rst
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| Mattermost - Azure-Native (VM-based) | ||
| ==================================== | ||
|
|
||
| Deploy a production-style Mattermost stack on Azure directly from the Azure Marketplace. | ||
|
|
||
| This guide walks you through the **Mattermost - Azure-Native (VM-based)** offer, which provisions a complete Mattermost environment in your Azure subscription using Azure-managed services for compute, database, file storage, and load balancing. It is intended for organizations that need a resilient deployment they can scale and operate within their own Azure tenant. | ||
|
|
||
| .. tab:: Azure Marketplace | ||
| :parse-titles: | ||
|
|
||
| .. include:: azure/mattermost-azure-native-app.rst | ||
| :start-after: :nosearch: |
10 changes: 10 additions & 0 deletions
10
source/deployment-guide/csp-marketplaces/quick-start-evaluation.rst
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| Quick Start Evaluation | ||
| ====================== | ||
|
|
||
| This guide provides instructions for quickly trying out Mattermost from cloud service provider marketplaces. Steps are grouped by marketplace in the tabs below; Azure Marketplace is documented today, and additional providers will be added here over time. | ||
|
|
||
| .. tab:: Azure Marketplace | ||
| :parse-titles: | ||
|
|
||
| .. include:: azure/quick-start-evaluation.rst | ||
| :start-after: :nosearch: | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.