schema.yaml

x-google-marketplace:
#* schema level properties
  schemaVersion: v2

  applicationApiVersion: v1beta1
  # The published version is required and MUST match the tag
  # of the deployer image
  publishedVersion: '$TAG' # latest published image tag 
  publishedVersionMetadata:
    releaseNote: >-
      A first release.
  images:
    '':  # Primary image has no name.
      properties:
        image.repository:
          type: REPO_WITH_REGISTRY
        image.tag:
          type: TAG
    cse:
      properties:
        cse.image.repository:
          type: REPO_WITH_REGISTRY
        cse.image.tag:
          type: TAG
    cks:
      properties:
        cks.image.repository:
          type: REPO_WITH_REGISTRY
        cks.image.tag:
          type: TAG
    ubbagent:
      # Image for the Billing sidecar, from Google
      properties:
        ubbagentImage:
          type: FULL
          # When deployed through mpdev, the deployer will use the primary image path,
          # add /ubbagent, and arrive at the same path as the default below.
          default: "gcr.io/virtru-public/gateway/ubbagent:2.14"
          # At this path, there is a copy of "gcr.io/cloud-marketplace-tools/metering/ubbagent:latest"
          # This also effectively pins the ubbagent version, because Virtru is responsible for pushing to this location.

  clusterConstraints:
    k8sVersion: ">=1.16.0"
    assistedClusterCreation:
      type: STRICT
      gke:
       # todo tune these values to be more appropriate
        nodePool:
        - numNodes: 2 
          machineType: e2-standard-2
    resources:
    - replicas: 2
      requests:
        cpu: 300m
        memory: 250Mi
      affinity:
        simpleNodeAffinity:
          type: REQUIRE_MINIMUM_NODE_COUNT
          minimumNodeCount: 1
    istio:
      type: UNSUPPORTED

#* application properties
# Refer to https://github.com/GoogleCloudPlatform/marketplace-k8s-app-tools/blob/master/docs/schema.md
properties:
  name:
    type: string
    x-google-marketplace:
      type: NAME
  namespace:
    type: string
    x-google-marketplace:
      type: NAMESPACE
  gatewayHostname:
    title: Gateway Hostname
    description: The hostname for the Gateway instance(s)
    type: string
    x-google-marketplace:
      type: STRING
  gatewayApiTokenName:
    title: Gateway Token ID
    description: The Gateway token ID provided by Virtru
    type: string
    x-google-marketplace:
      type: STRING
  gatewayApiSecret:
    title: Gateway Token Secret
    description: The Gateway token secret provided by Virtru
    type: string
    x-google-marketplace:
      type: STRING
  primaryMailingDomain:
    title: Primary Mailing Domain
    description: The primary email domain for your organization
    type: string
    x-google-marketplace:
      type: STRING
  amplitudeToken:
    title: Amplitude API Key
    description: The Amplitude API token provided by Virtru
    type: string
    default: AMPLITUDE_TOKEN
    x-google-marketplace:
      type: STRING
  gatewayFlow:
    title: Gateway Usage
    description: >
      Select your Gateway Topology / Mode from the dropdown list of options. The
      most common for a single gateway is the Outbound DLP, which is set up
      for encrypting outgoing email messages based off a configurable set rules
      (managed in the Virtru Control Center by your Admin). The other options are
      more commonly used when setting up multiple gateways to accommodate additional
      appliances in your email routing flows.
    type: string
    enum:
      - "Outbound - Data Loss Prevention"
      - "Outbound - Encrypt Everything"
      - "Outbound - Decrypt Everything"
      - "Inbound - Encrypt Everything"
      - "Inbound - Decrypt Everything"
    x-google-marketplace:
      type: STRING
    default: "Outbound - Data Loss Prevention"
  pricingPlan:
    type: string
    title: Virtru Pricing Plan
    default: gateway___gmail_encryption__per_user_per_day_
    description: Which pricing plan did you select?
    enum:
      - "gateway___gmail_encryption__per_user_per_day_"
      - "gateway___gdrive_encryption__per_user_per_day_"
      - "gateway___gmail___gdrive_encryption__per_user_per_day_"
      - "gateway_network_level_encryption_per_day_"
      - "gateway__gmail_encryption_with_customer_hosted_keys___per_user_per_day_"
      - "gateway__gdrive_encryption_with_customer_hosted_keys___per_user_per_day_"
      - "gateway__gmail___gdrive_encryption_with_customer_hosted_keys__per_user_per_day_"
      - "gateway_network_level_encryption_with_customer_hosted_keys__per_user_per_day_"
    x-google-marketplace:
      type: STRING
  numberOfLicenses:
    title: Number of Seats/Licensed Users
    description: The number of seats/licenses for your organization
    type: string
    x-google-marketplace:
      type: STRING
  reportingSecret:
    type: string
    x-google-marketplace:
      type: REPORTING_SECRET
  cse.enabled:
    title: Include Google Client Side Encryption Key Management Server (KMS)
    description: Standard Plan Required
    type: boolean
    enum:
      - true
      - false
    default: true
  cse.appSecrets.hmac.tokenId:
    title: Google Client Side Encryption KMS Token ID
    description: Token ID Provided by Virtru. Leave blank if not deploying Google Client Side Encryption KMS
    type: string
    x-google-marketplace:
      type: STRING
    default: ""
  cse.appSecrets.hmac.tokenSecret:
    title: Google Client Side Encryption KMS Token Secret
    description: Token Secret Provided by Virtru. Leave blank if not deploying Google Client Side Encryption KMS
    type: string
    x-google-marketplace:
      type: STRING
    default: ""
  cse.appSecrets.secretKey:
    title: Google Client Side Encryption KMS Secret Key
    description: Leave blank if not deploying Google Client Side Encryption KMS
    type: string
    x-google-marketplace:
      type: STRING
    default: ""
  cse.appSecrets.ssl.certificate:
    title: Google Client Side Encryption SSL Certificate
    description: Base64-encoded SSL certificate. Leave blank if not deploying Google Client Side Encryption KMS
    type: string
    x-google-marketplace:
      type: STRING
    default: ""
  cse.appSecrets.ssl.privateKey:
    title: Google Client Side Encryption SSL Private Key
    description: Base64-encoded SSL private key. Leave blank if not deploying Google Client Side Encryption KMS
    type: string
    x-google-marketplace:
      type: STRING
    default: ""
  cse.appConfig.jwksAuthzIssuers:
    title: Authz Issuers
    description: Base64-encoded authz issuer json. Leave blank if not deploying Google Client Side Encryption KMS
    type: string
    x-google-marketplace:
      type: STRING
    default: "default"
  cse.appConfig.jwksAuthnIssuers:
    title: Authn Issuers
    description: Base64-encoded authn issuer json. Leave blank if not deploying Google Client Side Encryption KMS
    type: string
    x-google-marketplace:
      type: STRING
    default: "default"
  cse.appConfig.jwtAud:
    title: Issuer Names
    description: Base64-encoded json containing issuer names. Leave blank if not deploying Google Client Side Encryption KMS
    type: string
    x-google-marketplace:
      type: STRING
    default: "default"
  cse.appConfig.jwtKaclsUrl:
    title: Google Client Side Encryption URL
    description: Leave blank if not deploying Google Client Side Encryption KMS
    type: string
    x-google-marketplace:
      type: STRING
    default: "http://cse.default.svc.cluster.local"
  cse.ingress.host:
    title: Google Client Side Encryption Domain Name
    description: Leave blank if not deploying Google Client Side Encryption KMS
    type: string
    x-google-marketplace:
      type: STRING
    default: "cse.default.svc.cluster.local"
required:
- name
- namespace
- gatewayHostname
- gatewayApiTokenName
- gatewayApiSecret
- gatewayFlow
- primaryMailingDomain
- amplitudeToken
- pricingPlan
- numberOfLicenses