Configuring Rocket.Chat with Kubernetes

The Rocket.Chat Helm chart provides various options for configuring your deployment. You can:

  • Define your configuration options using a values.yaml file, as demonstrated in the deployment guide. This method is the recommended approach.

  • Pass configuration parameters directly to the helm commands using the --set key=value syntax.  For example,

    helm install rocketchat rocketchat/rocketchat --set mongodb.auth.passwords={$(echo -n $(openssl rand -base64 32))},mongodb.auth.rootPassword=$(echo -n $(openssl rand -base64 32))

The following table lists the configurable parameters of the Rocket.Chat chart and their default values.

Parameter

Description

Default

image.repository

Image repository

registry.rocket.chat/rocketchat/rocket.chat

image.tag

Image tag

3.18.3

image.pullPolicy

Image pull policy

IfNotPresent

host

Hostname for Rocket.Chat. Also used for ingress (if enabled)

""

replicaCount

Number of replicas to run

1

smtp.enabled

Enable SMTP for sending mails

false

smtp.existingSecret

Use existing secret for SMTP account

""

smtp.username

Username of the SMTP account

""

smtp.password

Password of the SMTP account

""

smtp.host

Hostname of the SMTP server

""

smtp.port

Port of the SMTP server

587

extraEnv

Extra environment variables for Rocket.Chat. Used with tpl function, so this needs to be a string

""

extraVolumes

Extra volumes allowing inclusion of certificates or any sort of file that might be required (see bellow)

[]

extraVolumeMounts

Where the aforementioned extra volumes should be mounted inside the container

[]

podAntiAffinity

Pod anti-affinity can prevent the scheduler from placing RocketChat replicas on the same node. The default value "soft" means that the scheduler should prefer to not schedule two replica pods onto the same node but no guarantee is provided. The value "hard" means that the scheduler is required to not schedule two replica pods onto the same node. The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.

""

podAntiAffinityTopologyKey

If anti-affinity is enabled sets the topologyKey to use for anti-affinity. This can be changed to, for example failure-domain.beta.kubernetes.io/zone

kubernetes.io/hostname

affinity

Assign custom affinity rules to the RocketChat instance https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

{}

minAvailable

Minimum number / percentage of pods that should remain scheduled

1

existingMongodbSecret

An already existing secret containing MongoDB Connection URL

""

externalMongodbUrl

MongoDB URL if using an externally provisioned MongoDB

""

externalMongodbOplogUrl

MongoDB OpLog URL if using an externally provisioned MongoDB. Required if externalMongodbUrl is set

""

mongodb.enabled

Enable or disable MongoDB dependency. Refer to the stable/mongodb docs for more information

true

persistence.enabled

Enable persistence using a PVC. This is not necessary if you're using the default GridFS file storage

false

persistence.storageClass

Storage class of the PVC to use

""

persistence.accessMode

Access mode of the PVC

ReadWriteOnce

persistence.size

Size of the PVC

8Gi

persistence.existingClaim

An existing PVC name for rocketchat volume

""

resources

Pod resource requests and limits

{}

securityContext.enabled

Enable security context for the pod

true

securityContext.runAsUser

User to run the pod as

999

securityContext.fsGroup

fs group to use for the pod

999

serviceAccount.create

Specifies whether a ServiceAccount should be created

true

serviceAccount.name

Name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template

""

ingress.enabled

If true, an ingress is created

false

ingress.pathType

Sets the value for pathType for the created Ingress resource

Prefix

ingress.annotations

Annotations for the ingress

{}

ingress.path

Path of the ingress

/

ingress.tls

A list of IngressTLS items

[]

license

Contents of the license file, if applicable

""

prometheusScraping.enabled

Turn on and off /metrics endpoint for Prometheus scraping

false

prometheusScraping.port

Port to use for the metrics for Prometheus to scrap on

9458

serviceMonitor.enabled

Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator (prometheusScraping should be enabled)

false

serviceMonitor.interval

The interval at which metrics should be scraped

30s

serviceMonitor.port

The port name at which container exposes Prometheus metrics

metrics

livenessProbe.enabled

Turn on and off liveness probe

true

livenessProbe.initialDelaySeconds

Delay before liveness probe is initiated

60

livenessProbe.periodSeconds

How often to perform the probe

15

livenessProbe.timeoutSeconds

When the probe times out

5

livenessProbe.failureThreshold

Minimum consecutive failures for the probe

3

livenessProbe.successThreshold

Minimum consecutive successes for the probe

1

microservices.enabled

Use microservices architecture

false

microservices.presence.replicas

Number of replicas to run for the given service

1

microservices.ddpStreamer.replicas

Idem

1

microservices.streamHub.replicas

Idem

1

microservices.accounts.replicas

Idem

1

microservices.authorization.replicas

Idem

1

microservices.nats.replicas

Idem

1

readinessProbe.enabled

Turn on and off readiness probe

true

readinessProbe.initialDelaySeconds

Delay before readiness probe is initiated

10

readinessProbe.periodSeconds

How often to perform the probe

15

readinessProbe.timeoutSeconds

When the probe times out

5

readinessProbe.failureThreshold

Minimum consecutive failures for the probe

3

readinessProbe.successThreshold

Minimum consecutive successes for the probe

1

registrationToken

Registration token for Rocket.Chat Cloud

""

service.annotations

Annotations for the Rocket.Chat service

{}

service.labels

Additional labels for the Rocket.Chat service

{}

service.type

The service type to use

ClusterIP

service.port

The service port

80

service.nodePort

The node port used if the service is of type NodePort

""

podDisruptionBudget.enabled

Enable or disable PDB for RC deployment

true

podLabels

Additional pod labels for the Rocket.Chat pods

{}

podAnnotations

Additional pod annotations for the Rocket.Chat pods

{}

You can also refer to the GitHub repository to explore all the available configuration options.

Whenever you update the values.yaml file, execute the following command to apply those updated configurations in your Rocket.Chat workspace:

helm upgrade rocketchat -f values.yaml rocketchat/rocketchat

Database setup

Rocket.Chat uses a MongoDB instance to persist its data. By default, the MongoDB chart is deployed and a single MongoDB instance is created as the primary in a replicaset. For additional configuration options, refer to the MongoDB chart documentation.

If you are using the default chart settings, ensure you set the mongodb.auth.rootPassword and mongodb.auth.passwords values. The root credentials are used to connect to the MongoDB OpLog.

Using an external database

This chart supports using an existing MongoDB instance. To disable the chart's MongoDB deployment, set the configuration option mongodb.enabled=false.

Configuring additional environment variables

You can add extra environment variables to your Rocket.Chat deployment. For example:

extraEnv: |
  - name: MONGO_OPTIONS
    value: '{"ssl": "true"}'

Specifying additional volumes

Sometimes, it's necessary to include extra sets of files by exposing them to the container as a mount point. The most common use case is the inclusion of SSL CA certificates.

extraVolumes: 
  - name: etc-certs
    hostPath:
    - path: /etc/ssl/certs
      type: Directory
extraVolumeMounts: 
  - mountPath: /etc/ssl/certs
    name: etc-certs   
    readOnly: true

Increasing server capacity and HA setup

image-1714668555379

To increase the server's capacity, you can increase the number of Rocket.Chat server instances across available computing resources in your cluster. For example,

kubectl scale --replicas=3 deployment/rocketchat

By default, the chart creates one MongoDB instance as a Primary in a replicaset. You can also scale up the capacity and availability of the MongoDB cluster independently.

See MongoDB chart for configuration information. To learn more on running Rocket.Chat in scaled configurations, visit the configure MongoDB replicaset guide.

Manage MongoDB secrets

The chart provides several ways to manage the connection for MongoDB apart from the primary mongodb.auth values. They include:

  • Values passed to the chart (externalMongodbUrl, externalMongodbOplogUrl)

  • An ExistingMongodbSecret containing the MongoURL and MongoOplogURL

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
type: Opaque
data:
  mongo-uri: mongodb://user:password@localhost:27017/rocketchat
  mongo-oplog-uri: mongodb://user:password@localhost:27017/local?replicaSet=rs0&authSource=admin

Upgrading

As a warning, this chart will not handle MongoDB upgrades and will depend on the user to ensure the supprted version is runnning.

The upgrade will fail if any of the following requirements are not met :

  • Must not skip a MongoDB release. For example, 4.2.x to 5.0.x will fail.

  • Current featureCompatibilityVersion must be compatible with the version the user is trying to upgrade to. For example—if the current database version and feature compatibility is 4.4 and 4.2, respectively, but the user is trying to upgrade to 5.0, it'll fail.

The chart will not check if the mongodb version is supported by the Rocket.Chat version considering deployments that might occur in an airgapped environment. You can check the release notes to confirm that.

To get the currently deployed MongoDB version, the easiest method is to get into the mongo shell and run db.version(). You are advised to pin your MongoDB dependency in the values file.

mongodb:
  image:
    tag: # find from https://hub.docker.com/r/bitnami/mongodb/tags

To learn more about the Rocket.Chat helm chart, visit the GitHub repository.

References