Initial commit for DO provisioner

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

Author: alexellis

init.yaml

@@ -90,7 +90,7 @@ secrets:
 registry: docker.io/ofctest/
 
 ### Your root DNS domain name, this can be a sub-domain i.e. staging.o6s.io / prod.o6s.io
-root_domain: "stag.o6s.io"
+root_domain: "myfaas.club"
 
 ## Populate from GitHub App
 github:
@@ -126,23 +126,26 @@ enable_oauth: false
 ## TLS
 ### When enabled cert-manager will be used to provision wildcard TLS certificates for
 ### your OpenFaaS Cloud.
-tls: false
+tls: true
 tls_config:
 
   email: "email@domain"
 
-  issuer_type: "prod"
-  # issuer_type: "staging"
+  # issuer_type: "prod"
+  issuer_type: "staging"
 
   ## Select DNS web service between Amazon Route 53 (route53) and Google Cloud DNS (clouddns)
   # by uncommenting the required option
 
   ### Google Cloud DNS
-  dns_service: clouddns
-  project_id: "my-openfaas-cloud"
+  # dns_service: clouddns
+  # project_id: "my-openfaas-cloud"
 
   ### AWS Route53
   # dns_service: route53
   # region: us-east-1
   # access_key_id: ASYAKIUJE8AYRQQ7DU3M
 
+  ### DigitalOcean
+  dns_service: digitalocean
+  digitalocean_access_token: ""

main.go

@@ -134,7 +134,6 @@ func main() {
 
 func process(plan types.Plan) error {
 
-	fmt.Println(plan)
 	if plan.Orchestration == OrchestrationK8s {
 		fmt.Println("Orchestration: Kubernetes")
 	} else if plan.Orchestration == OrchestrationSwarm {
@@ -443,9 +442,8 @@ func createNamespaces() error {
 
 func createSecrets(plan types.Plan) error {
 
-	fmt.Println(plan.Secrets)
-
 	for _, secret := range plan.Secrets {
+		fmt.Printf("Creating secret: %s\n", secret.Name)
 
 		var command execute.ExecTask
 		if plan.Orchestration == OrchestrationK8s {

pkg/tls/tls.go

@@ -10,30 +10,35 @@ import (
 	"github.com/openfaas-incubator/ofc-bootstrap/pkg/types"
 )
 
-type TlsTemplate struct {
-	RootDomain  string
-	Email       string
-	DNSService  string
-	ProjectID   string
-	IssuerType  string
-	Region      string
-	AccessKeyID string
+// TLSTemplate TLS configuration
+type TLSTemplate struct {
+	RootDomain              string
+	Email                   string
+	DNSService              string
+	ProjectID               string
+	IssuerType              string
+	Region                  string
+	AccessKeyID             string
+	DigitalOceanAccessToken string
 }
 
 var tlsTemplatesPath = "templates/k8s/tls/"
 
+// Apply executes the plan
 func Apply(plan types.Plan) error {
 
 	tlsTemplatesList, _ := listTLSTemplates()
-	tlsTemplate := TlsTemplate{
-		RootDomain:  plan.RootDomain,
-		Email:       plan.TLSConfig.Email,
-		DNSService:  plan.TLSConfig.DNSService,
-		ProjectID:   plan.TLSConfig.ProjectID,
-		IssuerType:  plan.TLSConfig.IssuerType,
-		Region:      plan.TLSConfig.Region,
-		AccessKeyID: plan.TLSConfig.AccessKeyID,
+	tlsTemplate := TLSTemplate{
+		RootDomain:              plan.RootDomain,
+		Email:                   plan.TLSConfig.Email,
+		DNSService:              plan.TLSConfig.DNSService,
+		ProjectID:               plan.TLSConfig.ProjectID,
+		IssuerType:              plan.TLSConfig.IssuerType,
+		Region:                  plan.TLSConfig.Region,
+		AccessKeyID:             plan.TLSConfig.AccessKeyID,
+		DigitalOceanAccessToken: plan.TLSConfig.DigitalOceanAccessToken,
 	}
+
 	for _, template := range tlsTemplatesList {
 		tempFilePath, tlsTemplateErr := generateTemplate(template, tlsTemplate)
 		if tlsTemplateErr != nil {
@@ -66,7 +71,7 @@ func listTLSTemplates() ([]string, error) {
 	return list, nil
 }
 
-func generateTemplate(fileName string, tlsTemplate TlsTemplate) (string, error) {
+func generateTemplate(fileName string, tlsTemplate TLSTemplate) (string, error) {
 
 	data, err := ioutil.ReadFile(tlsTemplatesPath + fileName)
 	if err != nil {

pkg/types/types.go

@@ -70,10 +70,11 @@ type S3 struct {
 }
 
 type TLSConfig struct {
-	Email       string `yaml:"email"`
-	DNSService  string `yaml:"dns_service"`
-	ProjectID   string `yaml:"project_id"`
-	IssuerType  string `yaml:"issuer_type"`
-	Region      string `yaml:"region"`
-	AccessKeyID string `yaml:"access_key_id"`
+	Email                   string `yaml:"email"`
+	DNSService              string `yaml:"dns_service"`
+	ProjectID               string `yaml:"project_id"`
+	IssuerType              string `yaml:"issuer_type"`
+	Region                  string `yaml:"region"`
+	AccessKeyID             string `yaml:"access_key_id"`
+	DigitalOceanAccessToken string `yaml:"digitalocean_access_token"`
 }

scripts/install-cert-manager.sh

@@ -1,7 +1,10 @@
 #!/bin/bash
 
+kubectl apply \
+    -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6/deploy/manifests/00-crds.yaml
+
 helm install \
     --name cert-manager \
     --namespace kube-system \
-    --version v0.4.0 \
-    stable/cert-manager
+    --version v0.6.0 \
+    stable/cert-manager

scripts/reset.sh

@@ -1,12 +1,19 @@
 #!/bin/bash
 
 helm delete --purge cert-manager nginxingress openfaas cloud-minio
+
+kubectl delete certificates --all  -n openfaas
 kubectl delete ns openfaas openfaas-fn
+
 kubectl delete crd sealedsecrets.bitnami.com
+kubectl delete \
+    -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6/deploy/manifests/00-crds.yaml
+
 kubectl delete deploy/sealed-secrets-controller -n kube-system
 kubectl delete deploy/tiller-deploy -n kube-system
 kubectl delete sa/tiller -n kube-system
 kubectl delete clusterrolebinding/tiller -n kube-system
-kubectl delete certificates --all  -n openfaas
+
+kubectl delete secret/clouddns-service-account -n kube-system
 
 rm -rf ./tmp

templates/k8s/tls/issuer-prod.yml

@@ -25,4 +25,8 @@ spec:
           secretAccessKeySecretRef:
             name: "{{.DNSService}}-credentials-secret"
             key: secret-access-key
-          {{ end }}
+          {{else if eq .DNSService "digitalocean" }}
+            tokenSecretRef:
+              name: digitalocean-dns
+              key: "{{.DigitalOceanAccessToken}}"
+          {{ end }}

templates/k8s/tls/issuer-staging.yml

@@ -25,4 +25,8 @@ spec:
           secretAccessKeySecretRef:
             name: "{{.DNSService}}-credentials-secret"
             key: secret-access-key
-          {{ end }}
+          {{else if eq .DNSService "digitalocean" }}
+            tokenSecretRef:
+              name: digitalocean-dns
+              key: "{{.DigitalOceanAccessToken}}"
+          {{ end }}