Commit a1a541f5 authored by Adam Lewenberg's avatar Adam Lewenberg
Browse files

move to otica

parent a0cd9c09
export HELM_CHART_NAME=apache-shib
# Environment variables for the Otica framework (scripts, shared config, etc.).
export FRAMEWORK_DIR=${HOME}/bin/otica
export FRAMEWORK_BUCKET=otica
export SCRIPTS_DIR=${FRAMEWORK_DIR}/scripts
export FRAMEWORK_GIT_REMOTE=origin
export FRAMEWORK_GIT_BRANCH=master
export APP_FOLDER=${APP}
# GCLOUD Configuration
export GOOGLE_CLOUD_PROJECT=uit-et-iedo-services
export GCP_PROJECT_ID=${GOOGLE_CLOUD_PROJECT}
export GCP_PROJECT_NAME=${GOOGLE_CLOUD_PROJECT}
export GCP_CONFIGURATION=${GCP_PROJECT_NAME}-${GCP_ENVIRONMENT}
export GCP_REGION=us-west1
export GCP_ZONE=${GCP_REGION}-a
export GCP_ENVIRONMENT=default
export GCP_DNS_DOMAIN=infra.stanford.edu
export GCP_DNS_MANAGED_ZONE=${GCP_PROJECT_ID}-iam-zone
export ACME_DNS_PROVIDER=${GCP_PROJECT_NAME}-dns
export GCP_NAT_TAGS=nat-stanford
export GCP_NAT_IP=35.233.227.217
export GCP_VPC_NAME=services
export GCP_NETWORK=services
# StackDriver Monitoring
export GCP_MONITORING_PROJECT_ID=${GCP_PROJECT_ID}
export GCP_SLACK_CHANNEL=et-iedo-alerts
# Force GCLOUD auth with user credentials
export GCP_USER_AUTH=true
# GCP artifacts bucket
export GCP_ARTIFACTS_BUCKET=${GCP_PROJECT_NAME}-artifacts
# Google group that are granted permissions to GCP resources (iam.tf)
export GCP_WORKGROUP=uit-et-eit_iedo-staff@stanford.edu
# Required by Terraform: APPLICATION_DEFAULT_CREDENTIALS
export TF_VERSION="= 0.14.7"
export GCP_INFRASTRUCTURE_BUCKET=${GCP_PROJECT_ID}-infrastructure
export TF_BACKEND_PREFIX=terraform/${GCP_PROJECT_ID}/${GCP_ENVIRONMENT}/${APP_FOLDER}
# Default Docker registry
export DOCKER_NAMESPACE=${GCP_PROJECT_ID}
export DOCKER_REGISTRY=gcr.io
export DOCKER_REGISTRY_USERNAME=_json_key
# Vault and secrets configuration
export VAULT_PROJECT_NAME=et-iedo
export VAULT_ADDR=https://vault.stanford.edu
export VAULT_AUTH_METHOD=ldap
export VAULT_CACHE=${HOME}/.vault-local
export SEC_PATH=secret/projects/${VAULT_PROJECT_NAME}/${GCP_PROJECT_NAME}
export GCP_KEY_PATH=${SEC_PATH}/common/gcp-provision
export GCP_KEY_FILE=${VAULT_CACHE}/${GCP_KEY_PATH}
export EXTERNAL_DNS_GCP_CREDENTIALS_PATH=${SEC_PATH}/common/dns-admin-key
export EXTERNAL_DNS_DOMAIN_FILTERS=infra.stanford.edu
export DOCKER_REGISTRY_PASSWORD_PATH=${SEC_PATH}/common/gcr-key
export DOCKER_REGISTRY_PASSWORD_PATH_GCR_USER=${SEC_PATH}/common/gcr-user
export DOCKER_REGISTRY_PASSWORD_PATH_GCR_PULL=${SEC_PATH}/common/gcr-pull
# GitLab CI configuration
export GITLAB_SERVER=https://code.stanford.edu
export GITLAB_SEC_FILE=../.gitlab-ci.sec
# Slack
export SLACK_WEBHOOK_PATH=${SEC_PATH}/common/slack/gitlab-integration
export SLACK_GITLAB_CHANNEL=
export SLACK_CICD_CHANNEL=
# Splunk
export SPLUNK_ADDON_SA=${SEC_PATH}/common/splunk-addon-sa
export SPLUNK_SINK_SERVICE_ACCOUNT_PATH=${SEC_PATH}/common/splunk-sink
# Sub-projects dir
export SUB_PROJECTS=sub-projects
# GKE Configuration
export GKE_CLUSTER_NAME=${GCP_ENVIRONMENT}-${GKE_CLUSTER_REGION}
export GKE_CLUSTER_REGION=us-west1
export GKE_CLUSTER_ZONE=${GKE_CLUSTER_REGION}-a
export KUBE_CONTEXT=gke_${GCP_PROJECT_ID}
# Set kube config default namespace
export KUBE_NAMESPACE=${APP_NAMESPACE}
# Internal subnets
export SUBNET_DMZ_PRIMARY_CIDR=10.0.4.0/24
export SUBNET_DEV_PRIMARY_CIDR=10.0.12.0/24
export SUBNET_DEV_SVC_CIDR=10.2.32.0/20
export SUBNET_DEV_POD_CIDR=10.12.0.0/16
export SUBNET_STAGE_PRIMARY_CIDR=10.0.11.0/24
export SUBNET_STAGE_SVC_CIDR=10.2.16.0/20
export SUBNET_STAGE_POD_CIDR=10.11.0.0/16
export SUBNET_PROD_PRIMARY_CIDR=10.0.10.0/24
export SUBNET_PROD_SVC_CIDR=10.2.0.0/20
export SUBNET_PROD_POD_CIDR=10.10.0.0/16
# Reserved CIDRs for GKE masters
# (GKE masters in a private cluster limited to a /28 range).
export GKE_MASTER_CIDR_PROD=172.16.0.16/28
export GKE_MASTER_CIDR_STAGE=172.16.0.32/28
export GKE_MASTER_CIDR_DEV=172.16.0.48/28
# Filestore (Capacity in number of TB)
export FS_CAPACITY=1
export FS_TIER=STANDARD
export FS_NAME=filestore-default
export FS_CIDR=172.16.1.8/29
# Other applications need to know the backup-monitor-user name and email
export BACKUP_MONITOR_USER=backup-monitor-user
export BACKUP_MONITOR_USER_EMAIL=${BACKUP_MONITOR_USER}@${GCP_PROJECT_NAME}.iam.gserviceaccount.com
# Cloud SQL
export MYSQL_SEC_PATH=${SEC_PATH}/cloud-sql/mysql
export MYSQL_MACHINE_TYPE=db-g1-small
export POSTGRES_SEC_PATH=${SEC_PATH}/cloud-sql/postgres
export POSTGRES_MACHINE_TYPE=db-g1-small
# Cloud SQL Proxy
export SQL_PROXY_HOSTNAME=sql-proxy-gcloud-sqlproxy.sql-proxy-${GCP_ENVIRONMENT}
export SQL_PROXY_MYSQL_PORT=3306
export SQL_PROXY_POSTGRES_PORT=5432
# Sometimes all that you need is a DOLLAR (render.sh)
export DOLLAR=$$
## >>> DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! <<<
##
## This file created by otica from otica.yaml and will be
## overwritten the next time it is run.
##
## Put local Makefile targets in common/makefile_parts/something.mk
##
## >>> DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! <<<
THIS_MAKEFILE := $(realpath $(lastword $(MAKEFILE_LIST)))
PATH := ${SCRIPTS_DIR}:${PATH}
# These are subdirectories of the Otica project:
ifndef COMMON
COMMON := ../common
endif
TEMPLATES := ${COMMON}/templates
DATA := ${DATA}/templates
SCRIPTS := ${SCRIPTS}/templates
ARTIFACTS := ${COMMON}/artifacts
BUILD_DIR := ${PWD}/build
## ENVIRONMENT VARIABLE FILES
include ${COMMON}/framework-env.sh
include ${COMMON}/env.sh
include env.sh
# Export all variables:
export
# FRAMEWORK SYNC
ifeq ($(MAKELEVEL),0)
ifndef SKIP_SYNC
_ := $(shell >&2 echo)
ifneq ($(wildcard ${FRAMEWORK_DIR}/.git/),)
_ := $(shell >&2 echo Updating Otica cloud framework from Git into ${FRAMEWORK_DIR}...)
_ := $(shell cd ${FRAMEWORK_DIR}; git pull ${FRAMEWORK_GIT_REMOTE} ${FRAMEWORK_GIT_BRANCH}; git checkout ${FRAMEWORK_GIT_BRANCH})
else
_ := $(shell >&2 echo Updating Otica cloud framework in ${FRAMEWORK_DIR}...)
_ := $(shell mkdir -p ${FRAMEWORK_DIR} && curl --retry 3 -s https://storage.googleapis.com/${FRAMEWORK_BUCKET}/framework.tar.gz?random=$$(date +%s) | tar -xzf - -C ${FRAMEWORK_DIR})
_ := $(shell >&2 echo - framework version: $$(cat ${FRAMEWORK_DIR}/sha.txt))
endif
endif
endif
# END FRAMEWORK SYNC
## FRAMEWORK-SUPPLIED MAKEFILES
include ${FRAMEWORK_DIR}/makefile_parts/shared.mk
include ${FRAMEWORK_DIR}/makefile_parts/vault.mk
include ${FRAMEWORK_DIR}/makefile_parts/config.mk
include ${FRAMEWORK_DIR}/makefile_parts/helm-develop.mk
## END OF CENTRALLY-SUPPLIED MAKEFILES
## LOCAL MAKEFILES IN COMMON
## END OF LOCAL MAKEFILES
# Get the release channel name from git branches,
# i.e. alpha, beta, and stable
# note: master branch is mapped to 'stable'
ifndef COMMIT_BRANCH
COMMIT_BRANCH=$(shell git rev-parse --abbrev-ref HEAD)
endif
export RELEASE_CHANNEL=$(shell echo ${COMMIT_BRANCH} | sed 's/master/stable/')
\ No newline at end of file
---
platform: gcp
environment:
otica:
# Copy from the top-level otica project env/ directory into common/.
- gcp-uit-et-iedo-services.sh
common:
# Settings specific to this sub-project that are common to all
# environment instances.
- env.sh
local:
# Settings for specific environments; should be in the directory where
# "make" is run (e.g., "dev/", "prod/", etc.)
- env.sh
makefile_parts:
framework:
- shared.mk
- vault.mk
- config.mk
- helm-develop.mk
common:
# - app.mk
## >>> DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! <<<
##
## This file created by otica from otica.yaml and will be
## overwritten the next time it is run.
##
## Put local Makefile targets in common/makefile_parts/something.mk
##
## >>> DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! <<<
THIS_MAKEFILE := $(realpath $(lastword $(MAKEFILE_LIST)))
PATH := ${SCRIPTS_DIR}:${PATH}
# These are subdirectories of the Otica project:
ifndef COMMON
COMMON := ../common
endif
TEMPLATES := ${COMMON}/templates
DATA := ${DATA}/templates
SCRIPTS := ${SCRIPTS}/templates
ARTIFACTS := ${COMMON}/artifacts
BUILD_DIR := ${PWD}/build
## ENVIRONMENT VARIABLE FILES
include ${COMMON}/framework-env.sh
include ${COMMON}/env.sh
include env.sh
# Export all variables:
export
# FRAMEWORK SYNC
ifeq ($(MAKELEVEL),0)
ifndef SKIP_SYNC
_ := $(shell >&2 echo)
ifneq ($(wildcard ${FRAMEWORK_DIR}/.git/),)
_ := $(shell >&2 echo Updating Otica cloud framework from Git into ${FRAMEWORK_DIR}...)
_ := $(shell cd ${FRAMEWORK_DIR}; git pull ${FRAMEWORK_GIT_REMOTE} ${FRAMEWORK_GIT_BRANCH}; git checkout ${FRAMEWORK_GIT_BRANCH})
else
_ := $(shell >&2 echo Updating Otica cloud framework in ${FRAMEWORK_DIR}...)
_ := $(shell mkdir -p ${FRAMEWORK_DIR} && curl --retry 3 -s https://storage.googleapis.com/${FRAMEWORK_BUCKET}/framework.tar.gz?random=$$(date +%s) | tar -xzf - -C ${FRAMEWORK_DIR})
_ := $(shell >&2 echo - framework version: $$(cat ${FRAMEWORK_DIR}/sha.txt))
endif
endif
endif
# END FRAMEWORK SYNC
## FRAMEWORK-SUPPLIED MAKEFILES
include ${FRAMEWORK_DIR}/makefile_parts/shared.mk
include ${FRAMEWORK_DIR}/makefile_parts/vault.mk
include ${FRAMEWORK_DIR}/makefile_parts/config.mk
include ${FRAMEWORK_DIR}/makefile_parts/helm-develop.mk
## END OF CENTRALLY-SUPPLIED MAKEFILES
## LOCAL MAKEFILES IN COMMON
## END OF LOCAL MAKEFILES
# Get the release channel name from git branches,
# i.e. alpha, beta, and stable
# note: master branch is mapped to 'stable'
ifndef COMMIT_BRANCH
COMMIT_BRANCH=$(shell git rev-parse --abbrev-ref HEAD)
endif
export RELEASE_CHANNEL=$(shell echo ${COMMIT_BRANCH} | sed 's/master/stable/')
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment