Skip to content
Snippets Groups Projects
gcp-env.sh 4.33 KiB
Newer Older
Xueshan Feng's avatar
Xueshan Feng committed
# GENERATED GCP SHARED ENVIRONMENT VARIABLES. DO NOT EDIT.
Xueshan Feng's avatar
Xueshan Feng committed
# The source file is env.sh in the uit-authnz repository.
# If it is changed, re-run 'make sync-env' in uit-authnz repository.
Xueshan Feng's avatar
Xueshan Feng committed
#
Xueshan Feng's avatar
Xueshan Feng committed
# Terraform version
export TF_VERSION = "= 0.12.19"

Xueshan Feng's avatar
Xueshan Feng committed
# GCLOUD Configuration
Xueshan Feng's avatar
Xueshan Feng committed
export GOOGLE_CLOUD_PROJECT=uit-authnz
Xueshan Feng's avatar
Xueshan Feng committed
export GCP_PROJECT_ID=${GOOGLE_CLOUD_PROJECT}
export GCP_PROJECT_NAME=${GOOGLE_CLOUD_PROJECT}
export GCP_CONFIGURATION=${GCP_PROJECT_NAME}-${GCP_ENVIRONMENT}
export GCP_REGION=us-west1
export GCP_ZONE=${GCP_REGION}-a
export GCP_ENVIRONMENT=default
Xueshan Feng's avatar
Xueshan Feng committed
export GCP_DNS_DOMAIN=iam.stanford.edu
export ACME_DNS_PROVIDER=${GCP_PROJECT_NAME}-d
Xueshan Feng's avatar
Xueshan Feng committed
export GCP_NETWORK=services

Xueshan Feng's avatar
Xueshan Feng committed
# Default Docker registry
export DOCKER_NAMESPACE=${GCP_PROJECT_ID}
export DOCKER_REGISTRY=gcr.io

Xueshan Feng's avatar
Xueshan Feng committed
# Force gcloud auth with user credentials
export GCP_USER_AUTH=true

Xueshan Feng's avatar
Xueshan Feng committed
# Google group that are granted permissions to GCP resources (iam.tf)
export GCP_WORKGROUP=authnz_ops@stanford.edu
Xueshan Feng's avatar
Xueshan Feng committed

# Required by Terraform: APPLICATION_DEFAULT_CREDENTIALS
export GCP_INFRASTRUCTURE_BUCKET=${GCP_PROJECT_ID}-infrastructure
export TF_BACKEND_PREFIX=terraform/${GCP_PROJECT_ID}/${GCP_ENVIRONMENT}/state

# PS Cloud Framework (Scripts, shared config, etc.)
export FRAMEWORK_DIR=${HOME}/bin/ps-cloud-framework
export FRAMEWORK_BUCKET=ps-cloud-framework
export SCRIPTS_DIR=${FRAMEWORK_DIR}/scripts

# Vault and secrets configuration
export VAULT_ADDR=https://vault.stanford.edu
export VAULT_AUTH_METHOD=ldap
export VAULT_CACHE=${HOME}/.vault-local
export SEC_PATH=secret/projects/${GCP_PROJECT_NAME}
export GCP_KEY_PATH=${SEC_PATH}/common/gcp-provision
export GCP_KEY_FILE=${VAULT_CACHE}/${GCP_KEY_PATH}
export EXTERNAL_DNS_GCP_CREDENTIALS_PATH=${SEC_PATH}/common/dns-admin-key
Xueshan Feng's avatar
Xueshan Feng committed
export EXTERNAL_DNS_DOMAIN_FILTERS=iam.stanford.edu
export DOCKER_REGISTRY_PASSWORD_PATH_GCR_USER=${SEC_PATH}/common/gcr-user
export DOCKER_REGISTRY_PASSWORD_PATH_GCR_PULL=${SEC_PATH}/common/gcr-pull
export SPLUNK_ADDON_SA=${SEC_PATH}/common/splunk-addon-sa
Xueshan Feng's avatar
Xueshan Feng committed

Xueshan Feng's avatar
Xueshan Feng committed
# Drone server for CI/CD
Xueshan Feng's avatar
Xueshan Feng committed
export DRONE_SERVER=https://drone.svc.stanford.edu

Xueshan Feng's avatar
Xueshan Feng committed
# GitLab ci configuration
export GITLAB_SERVER=https://code.stanford.edu
export GITLAB_SEC_FILE=../.gitlab-ci.sec
export SLACK_WEBHOOK_PATH=${SEC_PATH}/common/slack/gitlab-integration
export SLACK_GITLAB_CHANNEL=authnz-git-commits
export SLACK_CICD_CHANNEL=authnz-build


Xueshan Feng's avatar
Xueshan Feng committed


# Sub-projects dir
Xueshan Feng's avatar
Xueshan Feng committed
export SUB_PROJECTS=sub-projects

# GKE Configuration
export GKE_CLUSTER_NAME=${GCP_ENVIRONMENT}-${GCP_REGION}
export KUBE_CONTEXT=gke_${GCP_PROJECT_ID}

# set kube config default namespace
export KUBE_NAMESPACE=${APP_NAMESPACE}

# reserved cidrs for gke masters,  /28 CIDR blocks
export GKE_MASTER_CIDR_PROD=172.16.0.16/28
export GKE_MASTER_CIDR_STAGE=172.16.0.32/28
export GKE_MASTER_CIDR_DEV=172.16.0.48/28

# reserved cidrs for firestore,  /29 CIDR blocks
Xueshan Feng's avatar
Xueshan Feng committed
export FS_CIDR_PROD=172.16.1.8/29
export FS_CIDR_STAGE=172.16.1.16/29
Xueshan Feng's avatar
Xueshan Feng committed
export FS_CIDR_DEV=172.16.1.32/29
export FS_TIER=STANDARD
# capacity in number of TB
export FS_CAPACITY=1
export FS_NAME=filestore-${GCP_ENVIRONMENT}

Xueshan Feng's avatar
Xueshan Feng committed
# Other applications need to know the backup-monitor-user name and email
export BACKUP_MONITOR_USER=backup-monitor-user
export BACKUP_MONITOR_USER_EMAIL=${BACKUP_MONITOR_USER}@${GCP_PROJECT_NAME}.iam.gserviceaccount.com
Xueshan Feng's avatar
Xueshan Feng committed

Xueshan Feng's avatar
Xueshan Feng committed
#########
# Storage buckets created and used in gke-cluster for each environment; put in here so kube-ldap can share the env.

# ldap backup bucket
export LDAP_BACKUP_BUCKET=${GCP_ENVIRONMENT}-${GCP_PROJECT_NAME}-ldap-backup
export LDAP_BACKUP_BUCKET_LOCATION=US
export FORCE_DESTROY_LDAP_BACKUP_BUCKET=true

# General data bucket (for idp, kdc, ldap etc.)
export DATA_BUCKET=${GCP_ENVIRONMENT}-${GCP_PROJECT_NAME}-data
export DATA_BUCKET_LOCATION=US
export FORCE_DESTROY_DATA_BUCKET=true

# General public data bucket (for idp, kdc, ldap etc.)
export DATA_PUBLIC_BUCKET=${GCP_ENVIRONMENT}-${GCP_PROJECT_NAME}-data-public
export DATA_PUBLIC_BUCKET_LOCATION=US
export FORCE_DESTROY_DATA_PUBLIC_BUCKET=true

# KDC backup bucket
export KDC_BACKUP_BUCKET=${GCP_ENVIRONMENT}-${GCP_PROJECT_NAME}-kdc-backup
export KDC_BACKUP_BUCKET_LOCATION=US
export FORCE_DESTROY_KDC_BACKUP_BUCKET=true
export KDC_NUMBER_NEWER_VERSIONS_BACKUP_BUCKET=30

# WALLET backup bucket
export WALLET_BACKUP_BUCKET=${GCP_ENVIRONMENT}-${GCP_PROJECT_NAME}-wallet-backup
export WALLET_BACKUP_BUCKET_LOCATION=US
export FORCE_DESTROY_WALLET_BACKUP_BUCKET=true
export WALLET_NUMBER_NEWER_VERSIONS_BACKUP_BUCKET=30