Newer
Older
# The source file is env.sh in the uit-authnz repository.
# If it is changed, re-run 'make sync-env' in uit-authnz repository.
export GCP_PROJECT_ID=${GOOGLE_CLOUD_PROJECT}
export GCP_PROJECT_NAME=${GOOGLE_CLOUD_PROJECT}
export GCP_CONFIGURATION=${GCP_PROJECT_NAME}-${GCP_ENVIRONMENT}
export GCP_REGION=us-west1
export GCP_ZONE=${GCP_REGION}-a
export GCP_ENVIRONMENT=default
export GCP_DNS_DOMAIN=iam.stanford.edu
export ACME_DNS_PROVIDER=${GCP_PROJECT_NAME}-d
# Default Docker registry
export DOCKER_NAMESPACE=${GCP_PROJECT_ID}
export DOCKER_REGISTRY=gcr.io
# Force gcloud auth with user credentials
export GCP_USER_AUTH=true
# Google group that are granted permissions to GCP resources (iam.tf)
export GCP_WORKGROUP=authnz_ops@stanford.edu
# Required by Terraform: APPLICATION_DEFAULT_CREDENTIALS
export GCP_INFRASTRUCTURE_BUCKET=${GCP_PROJECT_ID}-infrastructure
export TF_BACKEND_PREFIX=terraform/${GCP_PROJECT_ID}/${GCP_ENVIRONMENT}/state
# PS Cloud Framework (Scripts, shared config, etc.)
export FRAMEWORK_DIR=${HOME}/bin/ps-cloud-framework
export FRAMEWORK_BUCKET=ps-cloud-framework
export SCRIPTS_DIR=${FRAMEWORK_DIR}/scripts
# Vault and secrets configuration
export VAULT_ADDR=https://vault.stanford.edu
export VAULT_AUTH_METHOD=ldap
export VAULT_CACHE=${HOME}/.vault-local
export SEC_PATH=secret/projects/${GCP_PROJECT_NAME}
export GCP_KEY_PATH=${SEC_PATH}/common/gcp-provision
export GCP_KEY_FILE=${VAULT_CACHE}/${GCP_KEY_PATH}
export EXTERNAL_DNS_GCP_CREDENTIALS_PATH=${SEC_PATH}/common/dns-admin-key
export EXTERNAL_DNS_DOMAIN_FILTERS=iam.stanford.edu
export DOCKER_REGISTRY_PASSWORD_PATH_GCR_USER=${SEC_PATH}/common/gcr-user
export DOCKER_REGISTRY_PASSWORD_PATH_GCR_PULL=${SEC_PATH}/common/gcr-pull
export SPLUNK_ADDON_SA=${SEC_PATH}/common/splunk-addon-sa
# GitLab ci configuration
export GITLAB_SERVER=https://code.stanford.edu
export GITLAB_SEC_FILE=../.gitlab-ci.sec
export SLACK_WEBHOOK_PATH=${SEC_PATH}/common/slack/gitlab-integration
export SLACK_GITLAB_CHANNEL=authnz-git-commits
export SLACK_CICD_CHANNEL=authnz-build
export SUB_PROJECTS=sub-projects
# GKE Configuration
export GKE_CLUSTER_NAME=${GCP_ENVIRONMENT}-${GCP_REGION}
export KUBE_CONTEXT=gke_${GCP_PROJECT_ID}
# set kube config default namespace
export KUBE_NAMESPACE=${APP_NAMESPACE}
# reserved cidrs for gke masters, /28 CIDR blocks
export GKE_MASTER_CIDR_PROD=172.16.0.16/28
export GKE_MASTER_CIDR_STAGE=172.16.0.32/28
export GKE_MASTER_CIDR_DEV=172.16.0.48/28
# reserved cidrs for firestore, /29 CIDR blocks
export FS_CIDR_PROD=172.16.1.8/29
export FS_CIDR_STAGE=172.16.1.16/29
export FS_CIDR_DEV=172.16.1.32/29
export FS_TIER=STANDARD
# capacity in number of TB
export FS_CAPACITY=1
export FS_NAME=filestore-${GCP_ENVIRONMENT}
# Other applications need to know the backup-monitor-user name and email
export BACKUP_MONITOR_USER=backup-monitor-user
export BACKUP_MONITOR_USER_EMAIL=${BACKUP_MONITOR_USER}@${GCP_PROJECT_NAME}.iam.gserviceaccount.com
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#########
# Storage buckets created and used in gke-cluster for each environment; put in here so kube-ldap can share the env.
# ldap backup bucket
export LDAP_BACKUP_BUCKET=${GCP_ENVIRONMENT}-${GCP_PROJECT_NAME}-ldap-backup
export LDAP_BACKUP_BUCKET_LOCATION=US
export FORCE_DESTROY_LDAP_BACKUP_BUCKET=true
# General data bucket (for idp, kdc, ldap etc.)
export DATA_BUCKET=${GCP_ENVIRONMENT}-${GCP_PROJECT_NAME}-data
export DATA_BUCKET_LOCATION=US
export FORCE_DESTROY_DATA_BUCKET=true
# General public data bucket (for idp, kdc, ldap etc.)
export DATA_PUBLIC_BUCKET=${GCP_ENVIRONMENT}-${GCP_PROJECT_NAME}-data-public
export DATA_PUBLIC_BUCKET_LOCATION=US
export FORCE_DESTROY_DATA_PUBLIC_BUCKET=true
# KDC backup bucket
export KDC_BACKUP_BUCKET=${GCP_ENVIRONMENT}-${GCP_PROJECT_NAME}-kdc-backup
export KDC_BACKUP_BUCKET_LOCATION=US
export FORCE_DESTROY_KDC_BACKUP_BUCKET=true
export KDC_NUMBER_NEWER_VERSIONS_BACKUP_BUCKET=30
# WALLET backup bucket
export WALLET_BACKUP_BUCKET=${GCP_ENVIRONMENT}-${GCP_PROJECT_NAME}-wallet-backup
export WALLET_BACKUP_BUCKET_LOCATION=US
export FORCE_DESTROY_WALLET_BACKUP_BUCKET=true
export WALLET_NUMBER_NEWER_VERSIONS_BACKUP_BUCKET=30