Merge pull request #18 from virtru/fix/3558-update-cse-chart

remove ingress
virtru · Oct 19, 2021 · 9f601a7 · 9f601a7
2 parents 308a697 + cffb395
commit 9f601a7
Show file tree

Hide file tree

Showing 9 changed files with 143 additions and 19 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,31 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased](https://github.com/virtru/virtru-public/compare/main...HEAD)
+
+## [3.5.4](https://github.com/virtru/virtru-public/compare/3.5.4...3.5.3)
+- CORE-3558 ([#18](https://github.com/virtru/virtru-public/pull/18)) _patch_
+  - Disable connection tests for CSE and CKS
+  - Update CSE and CKS chart versions
+  - Update verification test parameters
+  - Retroactively update changelog
+
+## [3.5.3](https://github.com/virtru/virtru-public/compare/3.5.3...3.5.2)
+- CORE-3558 ([#17](https://github.com/virtru/virtru-public/pull/17)) _patch_
+  - Update CSE chart version
+
+## [3.5.2](https://github.com/virtru/virtru-public/compare/3.5.2...3.5.1)
+- CORE-3558 ([#16](https://github.com/virtru/virtru-public/pull/16)) _patch_
+  - Update CSE chart version, allow environment selection in verify script
+
+## [3.5.1](https://github.com/virtru/virtru-public/compare/3.5.1...3.5.0)
+- CORE-3241 ([#15](https://github.com/virtru/virtru-public/pull/15)) _patch_
+  - Update CSE image, fix host parameter format
+
+## [3.5.0](https://github.com/virtru/virtru-public/compare/3.5.0...gateway-3.4.2)
+- CORE-2736 ([#14](https://github.com/virtru/virtru-public/pull/14)): _minor_
+  - Add CSE and CKS dependencies
+
+## [3.4.2](https://github.com/virtru/virtru-public/compare/gateway-3.4.2...gateway-2.15.3)
 - CORE-2717 ([#12](https://github.com/virtru/virtru-public/pull/12)): _patch_
   - Add this Changlog with some retroactive history
   - Add VERSION file, bump to 2.15.5

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-3.5.3
+3.5.4
diff --git a/chart/gateway/Chart.yaml b/chart/gateway/Chart.yaml
@@ -1,12 +1,12 @@
 apiVersion: v2
 name: gateway
-version: 1.2.0
+version: 1.3.0
 dependencies:
 - name: cse
-  version: 0.4.1
+  version: 0.5.0
   repository: https://charts.production.virtru.com
   condition: cse.enabled
 - name: cks
-  version: 0.4.0
+  version: 0.6.0
   repository: https://charts.production.virtru.com
   condition: cks.enabled
diff --git a/chart/gateway/data-test/schema.yaml b/chart/gateway/data-test/schema.yaml
@@ -58,3 +58,92 @@ properties:
     default: "gs://cloud-marketplace-tools/reporting_secrets/fake_reporting_secret.yaml"
     x-google-marketplace:
       type: REPORTING_SECRET
+  cse.enabled:
+    title: Include Google Client Side Encryption Key Management Server (KMS)
+    description: Standard Plan Required
+    type: boolean
+    enum:
+      - true
+      - false
+    default: true
+  cse.appSecrets.hmac.tokenId:
+    title: Google Client Side Encryption KMS Token ID
+    description: Token ID Provided by Virtru. Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: "fake-id"
+  cse.appSecrets.hmac.tokenSecret:
+    title: Google Client Side Encryption KMS Token Secret
+    description: Token Secret Provided by Virtru. Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: "ZmFrZS1kYXRhCg=="
+  cse.appSecrets.secretKey:
+    title: Google Client Side Encryption KMS Secret Key
+    description: Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: "fake-key:ZmFrZS1kYXRhCg=="
+  cse.appSecrets.ssl.certificate:
+    title: Google Client Side Encryption SSL Certificate
+    description: Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: "ZmFrZS1kYXRhCg=="
+  cse.appSecrets.ssl.privateKey:
+    title: Google Client Side Encryption SSL Private Key
+    description: Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: "ZmFrZS1kYXRhCg=="
+  cse.appConfig.jwksAuthzIssuers:
+    title: Authz Issuers
+    description: Base64-encoded authz issuer json. Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: "iZmFrZS1kYXRhCg=="
+  cse.appConfig.jwksAuthnIssuers:
+    title: Authn Issuers
+    description: Base64-encoded authn issuer json. Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: "ZmFrZS1kYXRhCg=="
+  cse.appConfig.jwtAud:
+    title: Issuer Names
+    description: Base64-encoded json containing issuer names. Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: "ZmFrZS1kYXRhCg=="
+  cse.appConfig.jwtKaclsUrl:
+    title: Google Client Side Encryption URL
+    description: Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: "https://example.com"
+  cse.ingress.host:
+    title: Google Client Side Encryption Domain Name
+    description: Leave blank if not deploying Google Client Side Encryption KMS
+    type: string
+    x-google-marketplace:
+      type: STRING
+    default: "example.com"
+required:
+- name
+- namespace
+- gatewayHostname
+- gatewayApiTokenName
+- gatewayApiSecret
+- gatewayFlow
+- primaryMailingDomain
+- amplitudeToken
+- pricingPlan
+- numberOfLicenses
diff --git a/chart/gateway/templates/deployment-gateway.yaml b/chart/gateway/templates/deployment-gateway.yaml
@@ -69,15 +69,15 @@ spec:
           readinessProbe:
             tcpSocket:
               port: 25
-            initialDelaySeconds: 10
+            initialDelaySeconds: 30
             periodSeconds: 5
             successThreshold: 1
             failureThreshold: 3
-            timeoutSeconds: 1
+            timeoutSeconds: 20
           livenessProbe:
             tcpSocket:
               port: 25
-            initialDelaySeconds: 10
+            initialDelaySeconds: 60
             periodSeconds: 5
             successThreshold: 1
             failureThreshold: 2

diff --git a/chart/gateway/values.yaml b/chart/gateway/values.yaml
@@ -62,29 +62,33 @@ gatewayTransportMaps: '*=>[smtp-relay.gmail.com]:587'
 ubbagentImage: "gcr.io/cloud-marketplace-tools/metering/ubbagent:latest"
 
 cks:
-  enabled: False
+  enabled: false
   image:
     repository: "gcr.io/virtru-public/gateway/cks"
     tag: "v1.3.4"
-  testPodAnnotations:
-    helm.sh/hook: test-success
+  testerPod:
+    enabled: false
+    annotations:
+      helm.sh/hook: test-success
   replicaCount: 1
   service:
     type: LoadBalancer
   virtruAuth:
     authTokenJson: "fake-auth-token"
 
 cse:
-  enabled: False
+  enabled: true
   ingress:
-    enabled: true
+    enabled: false
     host: "http://cse.default.svc.cluster.local"
   image:
     repository: "gcr.io/virtru-public/gateway/cse"
     tag: "v3.0.1"
   imagePullSecrets: []
-  testPodAnnotations:
-    helm.sh/hook: test-success
+  testerPod:
+    enabled: false
+    annotations:
+      helm.sh/hook: test-success
   service:
     type: LoadBalancer
   appSecrets:
@@ -103,4 +107,3 @@ cse:
     jwtAud: "eyJhdXRobiI6InZpcnRydS10ZXN0IiwiYXV0aHoiOiJ2aXJ0cnUtdGVzdCJ9Cg=="
     jwtKaclsUrl: "http://cse.default.svc.cluster.local"
     processNumberOverride: "5"
-    useSsl: "true"
diff --git a/deployer/Dockerfile b/deployer/Dockerfile
@@ -45,4 +45,7 @@ ARG CHART_NAME
 COPY --from=build /tmp/$CHART_NAME.tar.gz /data/chart/
 COPY --from=build /tmp/test/$CHART_NAME.tar.gz /data-test/chart/
 COPY --from=build /tmp/apptest/schema.yaml /data-test/
-COPY --from=build /tmp/schema.yaml /data/
+COPY --from=build /tmp/schema.yaml /data/
+
+ENV WAIT_FOR_READY_TIMEOUT 3600
+ENV TESTER_TIMEOUT 3600
diff --git a/gke-verify.sh b/gke-verify.sh
@@ -8,6 +8,10 @@
 
 set -eu
 
+cd chart/gateway
+helm dependency update
+cd -
+
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 VERSION="$(< "${SCRIPT_DIR}/VERSION" )"
 

diff --git a/schema.yaml b/schema.yaml
@@ -146,9 +146,9 @@ properties:
     description: Standard Plan Required
     type: boolean
     enum:
-      - True
-      - False
-    default: True
+      - true
+      - false
+    default: true
   cse.appSecrets.hmac.tokenId:
     title: Google Client Side Encryption KMS Token ID
     description: Token ID Provided by Virtru. Leave blank if not deploying Google Client Side Encryption KMS