mirror of
https://github.com/google/nomulus.git
synced 2025-05-07 15:28:22 +02:00
983bd27ee0
This allows us to not ship the proxy with certificates/private keys. The secret is still encrypted by KMS. Reading the secret only happens once when the first EPP request comes in, which should not incur any tangible performance penalty. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=191771680
35 lines
760 B
HCL
35 lines
760 B
HCL
# GCP project in which the proxy runs.
|
|
variable "proxy_project_name" {}
|
|
|
|
# GCP project in which Nomulus runs.
|
|
variable "nomulus_project_name" {}
|
|
|
|
# GCP project from which the proxy image is pulled.
|
|
variable "gcr_project_name" {}
|
|
|
|
# The base domain name of the proxy, without the whois. or epp. part.
|
|
variable "proxy_domain_name" {}
|
|
|
|
# The GCS bucket that stores the encrypted SSL certificate.
|
|
variable "proxy_certificate_bucket" {}
|
|
|
|
# Cloud KMS keyring name
|
|
variable "proxy_key_ring" {
|
|
default = "proxy-key-ring"
|
|
}
|
|
|
|
# Cloud KMS key name
|
|
variable "proxy_key" {
|
|
default = "proxy-key"
|
|
}
|
|
|
|
# Node ports exposed by the proxy.
|
|
variable "proxy_ports" {
|
|
type = "map"
|
|
|
|
default = {
|
|
health_check = 30000
|
|
whois = 30001
|
|
epp = 30002
|
|
}
|
|
}
|