Merge pull request #14 from ehorning/feature/CORE-2736-add-dependencies

add cse to marketplace listing

Author: ehorning

README.md

@@ -12,3 +12,6 @@ to complete necessary fields prior to deployment.
 Virtru was founded on the core belief that privacy-preserving data protection is both a fundamental right and a force multiplier for organizations. Our products make it easy to share sensitive data, while you meet compliance, so you can collaborate with confidence and achieve your organizational mission. If you have questions, need support, or require help installing Virtru, please visit our support center.
 [Learn more](https://support.virtru.com/hc/en-us)
 
+## Deploying with `mpdev`
+
+To deploy to marketplace using Google's `mpdev` tool, first add the necessary secrets and configs to the `parameters` JSON block in `gke-deploy.sh`. Parameters set here can be used to override the default settings in `chart/gateway/values.yaml`. If deploying to production, set `ENVIRONMENT=production` in your local environment. Then run `./gke-deploy.sh` to deploy.

VERSION

@@ -1 +1 @@
-3.4.2
+3.5.0

chart/gateway/Chart.yaml

@@ -1,3 +1,14 @@
 apiVersion: v2
 name: gateway
 version: 1.0.0
+# Should be updated to use github or chartmuseum urls instead of relative
+# paths after https://github.com/virtru/virtru-charts/pull/19 is merged
+dependencies:
+- name: cse
+  version: 0.2.0
+  repository: https://charts.production.virtru.com
+  condition: cse.enabled
+- name: cks
+  version: 0.4.0
+  repository: https://charts.production.virtru.com
+  condition: cks.enabled

chart/gateway/values.yaml

@@ -1,10 +1,10 @@
 replicaCount: 2
 
 image:
-  repository: gcr.io/virtru-public/staging/gateway
+  repository: gcr.io/virtru-public/gateway
   pullPolicy: Always
   # Overrides the image tag whose default is the chart appVersion.
-  tag: "2.14.0"
+  tag: "2.15.0"
 
 imagePullSecrets: []
 nameOverride: ""
@@ -60,3 +60,47 @@ gatewayApiTokenName: my-token
 gatewayApiSecret: my-secret
 gatewayTransportMaps: '*=>[smtp-relay.gmail.com]:587'
 ubbagentImage: "gcr.io/cloud-marketplace-tools/metering/ubbagent:latest"
+
+cks:
+  enabled: False
+  image:
+    repository: "gcr.io/virtru-public/gateway/cks"
+    tag: "v1.3.4"
+  testPodAnnotations:
+    helm.sh/hook: test-success
+  replicaCount: 1
+  service:
+    type: LoadBalancer
+  virtruAuth:
+    authTokenJson: "fake-auth-token"
+
+cse:
+  enabled: False
+  ingress:
+    enabled: true
+    host: "http://cse.default.svc.cluster.local"
+  image:
+    repository: "gcr.io/virtru-public/gateway/cse"
+    tag: "v3.0.1-ccbc39e"
+  imagePullSecrets: []
+  testPodAnnotations:
+    helm.sh/hook: test-success
+  service:
+    type: LoadBalancer
+  appSecrets:
+    hmac:
+      tokenId: "fake-hmac-token-id"
+      tokenSecret: "fake-hmac-token-secret"
+    secretKey: "fake-secret-key"
+    ssl:
+      certificate: "fake-certificate"
+      privateKey: "fake-private-key"
+  appConfig:
+    accountsUrl: "https://api.virtru.com/accounts/api"
+    acmUrl: "https://api.virtru.com/acm/api"
+    jwksAuthzIssuers: "eyAidmlydHJ1LXRlc3QiOiAiaHR0cDovL2p3dC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsL2p3ay5qc29uIiB9Cg=="
+    jwksAuthnIssuers: "eyAidmlydHJ1LXRlc3QiOiAiaHR0cDovL2p3dC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsL2p3ay5qc29uIiB9Cg=="
+    jwtAud: "eyJhdXRobiI6InZpcnRydS10ZXN0IiwiYXV0aHoiOiJ2aXJ0cnUtdGVzdCJ9Cg=="
+    jwtKaclsUrl: "http://cse.default.svc.cluster.local"
+    processNumberOverride: "5"
+    useSsl: "true"

gke-deploy.sh

@@ -17,6 +17,10 @@
 
 set -eu
 
+cd chart/gateway
+helm dependency update
+cd -
+
 if [[ "${ENVIRONMENT:-}" = 'production' ]]; then
   export REGISTRY=gcr.io/virtru-public/gateway;
   printf 'Deploying to production. Using registry [%s]\n' $REGISTRY
@@ -50,7 +54,17 @@ parameters=$(cat <<virtruparams
   "gatewayApiSecret": "mysecret",
   "numberOfLicenses":"10",
   "primaryMailingDomain":"virtru.example.com",
-  "reportingSecret":"gs://cloud-marketplace-tools/reporting_secrets/fake_reporting_secret.yaml"
+  "reportingSecret":"gs://cloud-marketplace-tools/reporting_secrets/fake_reporting_secret.yaml",
+  "cse.appSecrets.hmac.tokenId":"my-hmac-token-id",
+  "cse.appSecrets.hmac.tokenSecret":"my-hmac-token-secret",
+  "cse.appSecrets.secretKey":"my-cse-secret-key",
+  "cse.appSecrets.ssl.certificate":"my-ssl-certificate",
+  "cse.appSecrets.ssl.privateKey":"my-ssl-private-key",
+  "cse.appConfig.jwksAuthzIssuers":"eyAidmlydHJ1LXRlc3QiOiAiaHR0cDovL2p3dC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsL2p3ay5qc29uIiB9Cg==",
+  "cse.appConfig.jwksAuthnIssuers":"eyAidmlydHJ1LXRlc3QiOiAiaHR0cDovL2p3dC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsL2p3ay5qc29uIiB9Cg==",
+  "cse.appConfig.jwtAud":"eyJhdXRobiI6InZpcnRydS10ZXN0IiwiYXV0aHoiOiJ2aXJ0cnUtdGVzdCJ9Cg==",
+  "cse.appConfig.jwtKaclsUrl":"cse.virtru.svc.cluster.local",
+  "cse.ingress.host":"cse.virtru.svc.cluster.local"
 }
 virtruparams
 )

schema.yaml

@@ -16,6 +16,12 @@ x-google-marketplace:
           type: REPO_WITH_REGISTRY
         image.tag:
           type: TAG
+    cse:
+      properties:
+        cse.image.repository:
+          type: REPO_WITH_REGISTRY
+        cse.image.tag:
+          type: TAG
     ubbagent:
       # Image for the Billing sidecar, from Google
       properties:
@@ -135,6 +141,84 @@ properties:
     type: string
     x-google-marketplace:
       type: REPORTING_SECRET
+  cse.enabled:
+    title: Include Google Client Side Encryption Key Management Server (KMS)
+    description: Standard Plan Required
+    type: boolean
+    enum:
+      - True
+      - False
+    default: True
+  cse.appSecrets.hmac.tokenId:
+    title: Google Client Side Encryption KMS Token ID
+    description: Token ID Provided by Virtru. Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: ""
+  cse.appSecrets.hmac.tokenSecret:
+    title: Google Client Side Encryption KMS Token Secret
+    description: Token Secret Provided by Virtru. Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: ""
+  cse.appSecrets.secretKey:
+    title: Google Client Side Encryption KMS Secret Key
+    description: Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: ""
+  cse.appSecrets.ssl.certificate:
+    title: Google Client Side Encryption SSL Certificate
+    description: Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: ""
+  cse.appSecrets.ssl.privateKey:
+    title: Google Client Side Encryption SSL Private Key
+    description: Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: ""
+  cse.appConfig.jwksAuthzIssuers:
+    title: Authz Issuers
+    description: Base64-encoded authz issuer json. Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: "default"
+  cse.appConfig.jwksAuthnIssuers:
+    title: Authn Issuers
+    description: Base64-encoded authn issuer json. Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: "default"
+  cse.appConfig.jwtAud:
+    title: Issuer Names
+    description: Base64-encoded json containing issuer names. Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: "default"
+  cse.appConfig.jwtKaclsUrl:
+    title: Google Client Side Encryption URL
+    description: Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: "http://cse.default.svc.cluster.local"
+  cse.ingress.host:
+    title: Google Client Side Encryption Domain Name
+    description: Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: "http://cse.default.svc.cluster.local"
 required:
 - name
 - namespace