forked from googlecloudrobotics/core
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.sh.tmpl
62 lines (49 loc) · 2.65 KB
/
config.sh.tmpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/usr/bin/env bash
### Required settings ###
# Project ID of your Cloud Robotics GCP project. This project can be created
# for you as part of the Terraform setup, or it can be created and configured
# manually, then imported with `deploy.sh set-project` or `terraform import`.
GCP_PROJECT_ID=my-project
# GCP region and zone where resources should be created.
GCP_REGION=europe-west1
GCP_ZONE=europe-west1-c
### Optional settings ###
# The Docker registry all Cloud Robotics images are deployed to when installing
# from srouces. It is ignored during binary installs.
# If unset, defaults to "gcr.io/${GCP_PROJECT_ID}"
#CLOUD_ROBOTICS_CONTAINER_REGISTRY=gcr.io/my-project
# A space-separated list of GCP alphanumeric project IDs for private image
# repositories. The installer will provision GCR access to these projects,
# both for the compute service account and for the robot service account.
#PRIVATE_IMAGE_REPOSITORIES="my-project my-other-project"
# A Google Group that should be a co-owner of the created GCP project.
# If you want to store your Terraform state in a GCS bucket, give a bucket name
# and a subdirectory of the bucket here. See
# https://www.terraform.io/docs/backends/types/gcs.html for docs.
#TERRAFORM_GCS_BUCKET="my-gcs-bucket"
#TERRAFORM_GCS_PREFIX="my/sub/directory"
# Symmetric cookie encryption key for the oauth2-proxy. Generate with:
# python -c 'import os,base64; print base64.urlsafe_b64encode(os.urandom(16))'
#CLOUD_ROBOTICS_COOKIE_SECRET=A_CyACoujODhfn2yDMy5tw==
# Oauth2 client ID and client secret from
# https://console.cloud.google.com/apis/credentials. If you leave these empty,
# you won't be able to log in with a browser (but CLI access will work fine).
#CLOUD_ROBOTICS_OAUTH2_CLIENT_ID=....apps.googleusercontent.com
#CLOUD_ROBOTICS_OAUTH2_CLIENT_SECRET=...
# Domain to be used for the ingress
# If unset, defaults to "www.endpoints.${GCP_PROJECT_ID}.cloud.goog"
#CLOUD_ROBOTICS_DOMAIN=www.example.com
# Enable google cloud robotics layer 2
APP_MANAGEMENT=true
# Require explicit RBAC policies for the cr-syncer. If false, the
# robot-service@ service account has broad permissions in the GKE cluster.
# If true, you will have to create RBAC policies when enabling the cr-syncer
# for your own CustomResourceDefinitions. As this is more secure, we plan
# to enable everywhere after migration.
#
# Setting this will prevent the cr-syncer from automatically removing old
# finalizers, which can block the deletion of old resources. You should either
# update the cloud-robotics stack before setting CR_SYNCER_RBAC=true, or
# manually remove the finalizers with kubectl edit.
CR_SYNCER_RBAC=false