Allow cloud components only to be upgraded

This should allow passing the --update-cloud flag which will
only upgrade/install the OFC core components (chart AND stack.yaml etc)

This also fixes the ClusterIssuer -> Issuer move so the secrets for DNS
need to be in the issuer namespace

Signed-off-by: Alistair Hey <[email protected]>

Author: Waterdrips

USER_GUIDE.md

@@ -4,7 +4,7 @@ You will need admin access to a Kubernetes cluster, some CLI tooling and a GitHu
 
 ## Pre-reqs
 
-This tool automates the installation of OpenFaaS Cloud on Kubernetes. Before starting you will need to install some tools and then create either a local or remote cluster.
+This tool automates the installation of OpenFaaS Cloud on Kubernetes. Before starting, you will need to install some tools and then create either a local or remote cluster.
 
 For your cluster the following specifications are recommended:
 
@@ -513,28 +513,8 @@ At this point you can also view your UI dashboard at: http://127.0.0.1:31112
 
 ## Re-deploy the OpenFaaS Cloud functions (advanced)
 
-If you run the step above `Access your OpenFaaS UI or API`, then you can edit settings for OpenFaaS Cloud and redeploy your functions. This is an advanced step.
-
-```
-cd tmp/openfaas-cloud/
-
-# Edit stack.yml
-# Edit github.yml or gitlab.yml
-# Edit gateway_config.yml
-# Edit buildshiprun_limits.yml
-
-# Edit aws.yml if you want to change AWS ECR settings such as the region
-
-# Update all functions
-faas-cli deploy -f stack.yml
-
-
-# Update AWS ECR functions if needed
-faas-cli deploy -f aws.yml
-
-# Update a single function, such as "buildshiprun"
-faas-cli deploy -f stack.yml --filter=buildshiprun
-```
+Run `ofc-bootstrap` passing `--update-cloud` as a flag.
+This will re-deploy the ofc helm chart using the new settings in init.yaml
 
 ## Invite your team
 
@@ -549,29 +529,9 @@ alexellis
 
 When you want to switch to the Production issuer from staging do the following:
 
-Flush out the staging certificates and orders
+Update the staging setting in init.yaml to "prod" and re-run `ofc-bootstrap` passing `--update-cloud` as a flag.
+This will re-deploy the ofc helm chart using the new settings.
 
-```sh
-kubectl delete certificates --all  -n openfaas
-kubectl delete secret -n openfaas -l="cert-manager.io/certificate-name"
-kubectl delete order -n openfaas --all
+```sh 
+ofc-bootstrap apply -f init.yaml --update-cloud
 ```
-
-Now update the staging references to "prod":
-
-```sh
-sed -i '' s/letsencrypt-staging/letsencrypt-prod/g ./tmp/generated-ingress-ingress-wildcard.yaml
-sed -i '' s/letsencrypt-staging/letsencrypt-prod/g ./tmp/generated-ingress-ingress-auth.yaml
-sed -i '' s/letsencrypt-staging/letsencrypt-prod/g ./tmp/generated-tls-auth-domain-cert.yml
-sed -i '' s/letsencrypt-staging/letsencrypt-prod/g ./tmp/generated-tls-wildcard-domain-cert.yml
-```
-
-Now create the new ingress and certificates:
-
-```sh
-kubectl apply -f ./tmp/generated-ingress-ingress-wildcard.yaml
-kubectl apply -f ./tmp/generated-ingress-ingress-auth.yaml
-kubectl apply -f ./tmp/generated-tls-auth-domain-cert.yml
-kubectl apply -f ./tmp/generated-tls-wildcard-domain-cert.yml
-```
-

cmd/apply.go

@@ -34,6 +34,7 @@ func init() {
 	applyCmd.Flags().Bool("skip-minio", false, "Skip Minio installation")
 	applyCmd.Flags().Bool("skip-create-secrets", false, "Skip creating secrets")
 	applyCmd.Flags().Bool("print-plan", false, "Print merged plan and exit")
+	applyCmd.Flags().Bool("update-cloud", false, "set to true to only upgrade OFC components")
 }
 
 var applyCmd = &cobra.Command{
@@ -158,15 +159,28 @@ func runApplyCommandE(command *cobra.Command, _ []string) error {
 	os.MkdirAll("tmp", 0700)
 	ioutil.WriteFile("tmp/go.mod", []byte("\n"), 0700)
 
-	fmt.Fprint(os.Stdout, "Validating registry credentials file")
+	fmt.Fprint(os.Stdout, "Validating registry credentials file\n")
 
 	registryAuthErr := validateRegistryAuth(plan.Registry, plan.Secrets, plan.EnableECR)
 	if registryAuthErr != nil {
 		fmt.Fprint(os.Stderr, "error with registry credentials file. Please ensure it has been created correctly")
 	}
 
+	cloudOnly, err := command.Flags().GetBool("update-cloud")
+	if err != nil {
+		return err
+	}
+
+
+	if cloudOnly {
+		err := cloudComponentsInstall(plan); if err != nil {
+			return err
+		}
+		return nil
+	}
+
 	start := time.Now()
-	err = process(plan, prefs, additionalPaths)
+	err = process(plan, prefs)
 	done := time.Since(start)
 
 	if err != nil {
@@ -264,7 +278,7 @@ func filesExists(files []types.FileSecret) error {
 	return nil
 }
 
-func process(plan types.Plan, prefs InstallPreferences, additionalPaths []string) error {
+func process(plan types.Plan, prefs InstallPreferences) error {
 
 	if plan.OpenFaaSCloudVersion == "" {
 		plan.OpenFaaSCloudVersion = "master"
@@ -297,7 +311,7 @@ func process(plan types.Plan, prefs InstallPreferences, additionalPaths []string
 		return err
 	}
 
-	installIngressErr := installIngressController(plan.Ingress, additionalPaths)
+	installIngressErr := installIngressController(plan.Ingress)
 	if installIngressErr != nil {
 		log.Println(installIngressErr.Error())
 		return installIngressErr
@@ -332,7 +346,7 @@ func process(plan types.Plan, prefs InstallPreferences, additionalPaths []string
 		log.Println(functionAuthErr.Error())
 	}
 
-	ofErr := installOpenfaas(plan.ScaleToZero, plan.IngressOperator, additionalPaths)
+	ofErr := installOpenfaas(plan.ScaleToZero, plan.IngressOperator)
 	if ofErr != nil {
 		log.Println(ofErr)
 	}
@@ -372,7 +386,17 @@ func process(plan types.Plan, prefs InstallPreferences, additionalPaths []string
 		}
 	}
 
-	cloneErr := cloneCloudComponents(plan.OpenFaaSCloudVersion, additionalPaths)
+	err := cloudComponentsInstall(plan)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+
+func cloudComponentsInstall(plan types.Plan) error {
+	cloneErr := cloneCloudComponents(plan.OpenFaaSCloudVersion)
 	if cloneErr != nil {
 		return cloneErr
 	}
@@ -382,11 +406,10 @@ func process(plan types.Plan, prefs InstallPreferences, additionalPaths []string
 		return ofcValuesErr
 	}
 
-	deployErr := deployCloudComponents(plan, additionalPaths)
+	deployErr := deployCloudComponents(plan)
 	if deployErr != nil {
 		return deployErr
 	}
-
 	return nil
 }
 
@@ -431,13 +454,10 @@ func writeOFCValuesYaml(plan types.Plan) error {
 		ofcOptions.TLS.Enabled = false
 	}
 
-	if plan.CustomersSecret {
-		ofcOptions.Customers.CustomersSecret = true
-	} else {
-		if len(plan.CustomersURL) == 0 {
-			return errors.New("unable to continue without a customers secret or url")
-		}
-		ofcOptions.Customers.URL = plan.CustomersURL
+	ofcOptions.Customers.CustomersSecret = plan.CustomersSecret
+	ofcOptions.Customers.URL = plan.CustomersURL
+	if len(plan.CustomersURL) == 0 && !plan.CustomersSecret {
+		return errors.New("unable to continue without a customers secret or url")
 	}
 
 	ofcOptions.Global.EnableECR = plan.EnableECR
@@ -524,7 +544,7 @@ func createFunctionsAuth() error {
 	return nil
 }
 
-func installIngressController(ingress string, additionalPaths []string) error {
+func installIngressController(ingress string) error {
 	log.Println("Creating Ingress Controller")
 
 	var env []string
@@ -572,7 +592,7 @@ func installSealedSecrets() error {
 	return nil
 }
 
-func installOpenfaas(scaleToZero, ingressOperator bool, additionalPaths []string) error {
+func installOpenfaas(scaleToZero, ingressOperator bool) error {
 	log.Println("Creating OpenFaaS")
 
 	task := execute.ExecTask{
@@ -725,7 +745,7 @@ func certManagerReady() bool {
 	return res.Stdout == "True"
 }
 
-func cloneCloudComponents(tag string, additionalPaths []string) error {
+func cloneCloudComponents(tag string) error {
 	task := execute.ExecTask{
 		Command: "./scripts/clone-cloud-components.sh",
 		Shell:   true,
@@ -735,17 +755,15 @@ func cloneCloudComponents(tag string, additionalPaths []string) error {
 		StreamStdio: true,
 	}
 
-	res, err := task.Execute()
+	_, err := task.Execute()
 	if err != nil {
 		return err
 	}
 
-	fmt.Println(res)
-
 	return nil
 }
 
-func deployCloudComponents(plan types.Plan, additionalPaths []string) error {
+func deployCloudComponents(plan types.Plan) error {
 
 	authEnv := ""
 	if plan.EnableOAuth {

example.init.yaml

@@ -104,7 +104,7 @@ secrets:
         value_from: "~/Downloads/do-access-token"
     filters:
       - "do_dns01"
-    namespace: "cert-manager"
+    namespace: "openfaas"
 
   ## Use Google Cloud DNS
   ### Create a service account for DNS management and export it
@@ -114,7 +114,7 @@ secrets:
         value_from: "~/Downloads/service-account.json"
     filters:
       - "gcp_dns01"
-    namespace: "cert-manager"
+    namespace: "openfaas"
 
   ## Use Route 53
   ### Create role and download its secret access key
@@ -124,7 +124,7 @@ secrets:
         value_from: "~/Downloads/route53-secret-access-key"
     filters:
       - "route53_dns01"
-    namespace: "cert-manager"
+    namespace: "openfaas"
 
   ## Use Cloudflare
   ### Create role and download its secret access key
@@ -134,7 +134,7 @@ secrets:
         value_from: "~/Downloads/cloudflare-secret-access-key"
     filters:
       - "cloudflare_dns01"
-    namespace: "cert-manager"
+    namespace: "openfaas"
 
   # Used by Buildkit to push images to your registry
   - name: "registry-secret"

scripts/clone-cloud-components.sh

@@ -2,7 +2,7 @@
 
 rm -rf ./tmp/openfaas-cloud
 
-git clone https://github.com/openfaas/openfaas-cloud ./tmp/openfaas-cloud
+git clone https://github.com/openfaas/openfaas-cloud --depth 1 ./tmp/openfaas-cloud
 
 cd ./tmp/openfaas-cloud
 echo "Checking out openfaas/openfaas-cloud@$TAG"