Replace templating and custom deployment with Helm

This commit replaces the custom OFC installation scripts (shell script
and golang) with the OFC Helm chart which is pulled from the OFC release
specified in the init.yaml.

This has been tested using my init.yaml taken from a working cluster and
applied to a new cluster (same init.yaml) with the new deployment method
using the chart

Signed-off-by: Alistair Hey <alistair@heyal.co.uk>

Author: Waterdrips

cmd/apply.go

@@ -4,7 +4,9 @@
 package cmd
 
 import (
+	"errors"
 	"fmt"
+	"github.com/openfaas-incubator/ofc-bootstrap/pkg/stack"
 	"io/ioutil"
 	"log"
 	"os"
@@ -18,13 +20,10 @@ import (
 	execute "github.com/alexellis/go-execute/pkg/v1"
 	"github.com/alexellis/k3sup/pkg/config"
 	"github.com/alexellis/k3sup/pkg/env"
-	"github.com/openfaas-incubator/ofc-bootstrap/pkg/ingress"
-	"github.com/openfaas-incubator/ofc-bootstrap/pkg/stack"
-	"github.com/openfaas-incubator/ofc-bootstrap/pkg/tls"
 	"github.com/openfaas-incubator/ofc-bootstrap/pkg/validators"
 
 	"github.com/openfaas-incubator/ofc-bootstrap/pkg/types"
-	yaml "gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v2"
 )
 
 func init() {
@@ -141,7 +140,7 @@ func runApplyCommandE(command *cobra.Command, _ []string) error {
 		"faas-cli version",
 	}
 
-	validateToolsErr := validateTools(tools, additionalPaths)
+	validateToolsErr := validateTools(tools)
 
 	if validateToolsErr != nil {
 		panic(validateToolsErr)
@@ -184,7 +183,7 @@ type Vars struct {
 	YamlFile string
 }
 
-func taskGivesStdout(tool string, additionalPaths []string) error {
+func taskGivesStdout(tool string) error {
 
 	parts := strings.Split(tool, " ")
 
@@ -210,10 +209,10 @@ func taskGivesStdout(tool string, additionalPaths []string) error {
 	return nil
 }
 
-func validateTools(tools []string, additionalPaths []string) error {
+func validateTools(tools []string) error {
 
 	for _, tool := range tools {
-		err := taskGivesStdout(tool, additionalPaths)
+		err := taskGivesStdout(tool)
 		if err != nil {
 			return err
 		}
@@ -350,23 +349,12 @@ func process(plan types.Plan, prefs InstallPreferences, additionalPaths []string
 		}
 	}
 
-	ingressErr := ingress.Apply(plan)
-	if ingressErr != nil {
-		log.Println(ingressErr)
-	}
-
-	if plan.TLS {
-		tlsErr := tls.Apply(plan)
-		if tlsErr != nil {
-			log.Println(tlsErr)
-		}
-	}
-
 	fmt.Println("Creating stack.yml")
 
 	planErr := stack.Apply(plan)
 	if planErr != nil {
 		log.Println(planErr)
+		return planErr
 	}
 
 	if !prefs.SkipSealedSecrets {
@@ -389,6 +377,11 @@ func process(plan types.Plan, prefs InstallPreferences, additionalPaths []string
 		return cloneErr
 	}
 
+	ofcValuesErr := writeOFCValuesYaml(plan)
+	if ofcValuesErr != nil {
+		return ofcValuesErr
+	}
+
 	deployErr := deployCloudComponents(plan, additionalPaths)
 	if deployErr != nil {
 		return deployErr
@@ -397,33 +390,80 @@ func process(plan types.Plan, prefs InstallPreferences, additionalPaths []string
 	return nil
 }
 
-func helmRepoAdd(name, repo string) error {
-	log.Printf("Adding %s helm repo\n", name)
+func writeOFCValuesYaml(plan types.Plan) error {
+	ofcOptions := &types.OFCValues{}
 
-	task := execute.ExecTask{
-		Command:     "helm",
-		Args:        []string{"repo", "add", name, repo},
-		StreamStdio: true,
+	ofcOptions.NetworkPolicies.Enabled = plan.NetworkPolicies
+
+	if plan.EnableOAuth {
+		ofcOptions.EdgeAuth.EnableOauth2 = true
+		ofcOptions.EdgeAuth.OauthProvider = plan.SCM
+		ofcOptions.EdgeAuth.ClientID = plan.OAuth.ClientId
+		ofcOptions.EdgeAuth.OauthProviderBaseURL = plan.OAuth.OAuthProviderBaseURL
+	} else {
+		ofcOptions.EdgeAuth.EnableOauth2 = false
 	}
 
-	taskRes, taskErr := task.Execute()
+	ofcOptions.NetworkPolicies.Enabled = plan.NetworkPolicies
+	ofcOptions.Global.EnableECR = plan.EnableECR
 
-	if taskErr != nil {
-		return taskErr
+	if plan.TLS {
+		ofcOptions.TLS.IssuerType = plan.TLSConfig.IssuerType
+		ofcOptions.TLS.Enabled = true
+		ofcOptions.TLS.Email = plan.TLSConfig.Email
+		ofcOptions.TLS.DNSService = plan.TLSConfig.DNSService
+		switch ofcOptions.TLS.DNSService {
+		case types.CloudDNS:
+			ofcOptions.TLS.CloudDNS.ProjectID = plan.TLSConfig.ProjectID
+		case types.Cloudflare:
+			ofcOptions.TLS.Cloudflare.Email = plan.TLSConfig.Email
+			ofcOptions.TLS.Cloudflare.ProjectID = plan.TLSConfig.ProjectID
+		case types.Route53:
+			ofcOptions.TLS.Route53.AccessKeyID = plan.TLSConfig.AccessKeyID
+			ofcOptions.TLS.Route53.Region = plan.TLSConfig.Region
+		case types.DigitalOcean:
+			// No special config for DO DNS
+		default:
+			log.Fatalf("dns service not recognised: %s", ofcOptions.TLS.DNSService)
+		}
+
+	} else {
+		ofcOptions.TLS.Enabled = false
 	}
 
-	if len(taskRes.Stderr) > 0 {
-		log.Println(taskRes.Stderr)
+	if plan.CustomersSecret {
+		ofcOptions.Customers.CustomersSecret = true
+	} else {
+		if len(plan.CustomersURL) == 0 {
+			return errors.New("unable to continue without a customers secret or url")
+		}
+		ofcOptions.Customers.URL = plan.CustomersURL
+	}
+
+	ofcOptions.Global.EnableECR = plan.EnableECR
+	ofcOptions.Global.RootDomain = plan.RootDomain
+
+	ofcOptions.Ingress.MaxConnections = plan.IngressConfig.MaxConnections
+	ofcOptions.Ingress.RequestsPerMinute = plan.IngressConfig.RequestsPerMinute
+	yamlBytes, err := yaml.Marshal(&ofcOptions)
+	if err != nil {
+		log.Fatalf("error: %v", err)
+	}
+	filePath := "./tmp/ofc-values.yaml"
+	fileErr := ioutil.WriteFile(filePath, yamlBytes, 0644)
+	if fileErr != nil {
+		return fileErr
 	}
 
 	return nil
 }
 
-func helmRepoAddStable() error {
-	log.Println("Adding stable helm repo")
+func helmRepoAdd(name, repo string) error {
+	log.Printf("Adding %s helm repo\n", name)
 
 	task := execute.ExecTask{
 		Command:     "helm",
+		Args:        []string{"repo", "add", name, repo},
 		StreamStdio: true,
 	}
 
@@ -660,19 +700,6 @@ func createSecrets(plan types.Plan) error {
 	return nil
 }
 
-func sealedSecretsReady() bool {
-
-	task := execute.ExecTask{
-		Command:     "./scripts/get-sealedsecretscontroller.sh",
-		Shell:       true,
-		StreamStdio: true,
-	}
-
-	res, err := task.Execute()
-	fmt.Println("sealedsecretscontroller", res.ExitCode, res.Stdout, res.Stderr, err)
-	return res.Stdout == "1"
-}
-
 func exportSealedSecretPubCert() string {
 
 	task := execute.ExecTask{

example.init.yaml

@@ -333,3 +333,7 @@ enable_ingress_operator: false
 ### Usage: release tag, a SHA or branch name
 openfaas_cloud_version: 0.14.2
 
+## Settings for the ingress records
+ingress_config:
+  max_connections: 20
+  requests_per_minute: 600

pkg/ingress/ingress.go

@@ -50,7 +50,6 @@ type awsConfig struct {
 	ECRRegion string
 }
 
-// Apply creates `templates/gateway_config.yml` to be referenced by stack.yml
 func Apply(plan types.Plan) error {
 	scheme := "http"
 	if plan.TLS {
@@ -67,7 +66,6 @@ func Apply(plan types.Plan) error {
 		Registry:             plan.Registry,
 		RootDomain:           plan.RootDomain,
 		CustomersURL:         plan.CustomersURL,
-		Scheme:               scheme,
 		S3:                   plan.S3,
 		CustomTemplates:      plan.Deployment.FormatCustomTemplates(),
 		EnableDockerfileLang: plan.EnableDockerfileLang,
@@ -105,26 +103,6 @@ func Apply(plan types.Plan) error {
 		return dashboardConfigErr
 	}
 
-	if plan.EnableOAuth {
-		ofCustomersSecretPath := ""
-		if plan.CustomersSecret {
-			ofCustomersSecretPath = "/var/secrets/of-customers/of-customers"
-		}
-
-		if ofAuthDepErr := generateTemplate("edge-auth-dep", plan, authConfig{
-			RootDomain:            plan.RootDomain,
-			ClientId:              plan.OAuth.ClientId,
-			CustomersURL:          plan.CustomersURL,
-			Scheme:                scheme,
-			OAuthProvider:         plan.SCM,
-			OAuthProviderBaseURL:  plan.OAuth.OAuthProviderBaseURL,
-			OFCustomersSecretPath: ofCustomersSecretPath,
-			TLSEnabled:            plan.TLS,
-		}); ofAuthDepErr != nil {
-			return ofAuthDepErr
-		}
-	}
-
 	isGitHub := plan.SCM == "github"
 	if stackErr := generateTemplate("stack", plan, stackConfig{
 		GitHub:              isGitHub,
@@ -133,12 +111,6 @@ func Apply(plan types.Plan) error {
 		return stackErr
 	}
 
-	if builderErr := generateTemplate("of-builder-dep", plan, builderConfig{
-		ECR: plan.EnableECR,
-	}); builderErr != nil {
-		return builderErr
-	}
-
 	if ecrErr := generateTemplate("aws", plan, awsConfig{
 		ECRRegion: plan.ECRConfig.ECRRegion,
 	}); ecrErr != nil {