forked from GoogleCloudPlatform/pci-gke-blueprint
-
Notifications
You must be signed in to change notification settings - Fork 0
/
workstation.env.example
64 lines (51 loc) · 2.87 KB
/
workstation.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# Choose your Organization
export TF_VAR_org_id=YOUR_ORG_ID
# Set your Gsuite or Cloud Identity ID. The G Suite ID is the DIRECTORY_CUSTOMER_ID as
# outputted by 'gcloud organizations list'
export TF_VAR_gsuite_id=YOUR_GSUITE_ID
# Choose your Billing Account
export TF_VAR_billing_account=YOUR_BILLING_ACCOUNT_ID
# Folder that contains all projects for this demo
# If an appropriate folder doesn't already exist, please create one before
# continuing
export TF_VAR_folder_id=YOUR_PROJECT_FOLDER
# Override the following project prefix if desired (max 17 characters)
export TF_VAR_project_prefix=demo-pci
# project names
export TF_VAR_project_network="${TF_VAR_project_prefix}-network"
export TF_VAR_project_management="${TF_VAR_project_prefix}-management"
export TF_VAR_project_in_scope="${TF_VAR_project_prefix}-in-scope"
export TF_VAR_project_out_of_scope="${TF_VAR_project_prefix}-out-of-scope"
# The Project ID where Terraform state and service accounts are created.
export TF_ADMIN_PROJECT=${USER}-terraform-admin
# Set the name of the Google Cloud Storage bucket for terraform state files.
# GCS buckets are globally unique.
export TF_ADMIN_BUCKET=terraform-admin-<INSERT-RANDOM-IDENTIFIER-HERE>
# Set default application credentials
export GOOGLE_APPLICATION_CREDENTIALS=~/.config/gcloud/${USER}-terraform-admin.json
# Set a DNS hostname ("www", "store", etc. ) and zone name
# ("mycompany.com", "dev.mycompany.com" ) to use. This will be used for DNS
# records as well as managed TLS certificates for the frontend load balancer
export TF_VAR_frontend_hostname="store"
export TF_VAR_frontend_zone_dns_name="mycompany.com"
export DOMAIN_NAME="${TF_VAR_frontend_hostname}.${TF_VAR_frontend_zone_dns_name}"
# RBAC settings. See docs/Google-Groups-and-RBAC.md
GOOGLE_GROUPS_DOMAIN="mydomain.com"
# Google Group name to be used for GKE RBAC via Google Groups.
# See https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#groups-setup-gsuite
export TF_VAR_gke_security_group_name="gke-security-groups@${GOOGLE_GROUPS_DOMAIN}"
IN_SCOPE_NAMESPACE="in-scope"
IN_SCOPE_CONTEXT="in-scope"
IN_SCOPE_POD_READERS_GROUP="in-scope-developers@${GOOGLE_GROUPS_DOMAIN}"
IN_SCOPE_NAMESPACE_ADMINS_GROUP="in-scope-admins@${GOOGLE_GROUPS_DOMAIN}"
OUT_OF_SCOPE_NAMESPACE="out-of-scope"
OUT_OF_SCOPE_CONTEXT="out-of-scope"
OUT_OF_SCOPE_POD_READERS_GROUP="out-of-scope-developers@${GOOGLE_GROUPS_DOMAIN}"
OUT_OF_SCOPE_NAMESPACE_ADMINS_GROUP="out-of-scope-admins@${GOOGLE_GROUPS_DOMAIN}"
# The IDs of the Terraform users or Service Accounts to be applied to VPC Service Controls
export TF_VAR_terraform_service_account="serviceAccount:terraform@${TF_ADMIN_PROJECT}.iam.gserviceaccount.com"
# Begin application deployment variables
# SRC_PATH is where you have your git repos and other source dirs
export SRC_PATH="<INSERT FULL PATH TO SRC DIR>"
# The name of this repository
export REPOSITORY_NAME="/pci-gke-blueprint"