diff --git a/docs/bootstrap/digitalocean-tls/README.md b/docs/bootstrap/digitalocean-tls/README.md new file mode 100644 index 0000000..fea88ea --- /dev/null +++ b/docs/bootstrap/digitalocean-tls/README.md @@ -0,0 +1,37 @@ +# Bootstrap faasd with TLS support on Digitalocean + +1) [Sign up to DigitalOcean](https://www.digitalocean.com/?refcode=2962aa9e56a1&utm_campaign=Referral_Invite&utm_medium=Referral_Program&utm_source=CopyPaste) +2) [Download Terraform](https://www.terraform.io) +3) Clone this gist using the URL from the address bar +4) Run `terraform init` +5) Configure terraform variables as needed by updating the `main.tfvars` file: + + | Variable | Description | Default | + | ------------ | ------------------- | --------------- | + | `do_token` | Digitalocean API token | None | + | `do_domain` | Public domain used for the faasd gateway | None | + | `letsencrypt_email` | Email used by when ordering TLS certificate from Letsencrypt | `""` | + | `do_create_record` | When set to `true`, a new DNS record will be created. This works only if your domain (`do_domain`) is managed by Digitalocean | `false` | + | `do_region` | Digitalocean region for creating the droplet | `fra1` | + | `ssh_key_file` | Path to public SSH key file |`~/.ssh/id_rsa.pub` | + +> Environment variables can also be used to set terraform variables when running the `terraform apply` command using the format `TF_VAR_name`. + +6) Run `terraform apply` + 1) Add `-var-file=main.tfvars` if you have set the variables in `main.tfvars`. + 2) OR [use environment variables](https://www.terraform.io/docs/commands/environment-variables.html#tf_var_name) for setting the terraform variables when running the `apply` command + +7) View the output for the login command and gateway URL i.e. + +``` +droplet_ip = 178.128.39.201 +gateway_url = https://faasd.example.com/ +login_cmd = faas-cli login -g https://faasd.example.com/ -p rvIU49CEcFcHmqxj +password = rvIU49CEcFcHmqxj +``` +8) Use your browser to access the OpenFaaS interface + +Note that the user-data may take a couple of minutes to come up since it will be pulling in various components and preparing the machine. +Also take into consideration the DNS propagation time for the new DNS record. + +A single host with 1GB of RAM will be deployed for you, to remove at a later date simply use `terraform destroy`. diff --git a/docs/bootstrap/digitalocean-tls/cloud-config.tpl b/docs/bootstrap/digitalocean-tls/cloud-config.tpl new file mode 100644 index 0000000..5bcdc2e --- /dev/null +++ b/docs/bootstrap/digitalocean-tls/cloud-config.tpl @@ -0,0 +1,57 @@ +#cloud-config +ssh_authorized_keys: + - ${ssh_key} + +groups: + - caddy + +users: + - name: caddy + gecos: Caddy web server + primary_group: caddy + groups: caddy + shell: /usr/sbin/nologin + homedir: /var/lib/caddy + +write_files: +- content: | + { + email ${letsencrypt_email} + } + + ${faasd_domain_name} { + reverse_proxy 127.0.0.1:8080 + } + + path: /etc/caddy/Caddyfile + +package_update: true + +packages: + - runc + +runcmd: +- curl -sLSf https://github.com/containerd/containerd/releases/download/v1.3.2/containerd-1.3.2.linux-amd64.tar.gz > /tmp/containerd.tar.gz && tar -xvf /tmp/containerd.tar.gz -C /usr/local/bin/ --strip-components=1 +- curl -SLfs https://raw.githubusercontent.com/containerd/containerd/v1.3.2/containerd.service | tee /etc/systemd/system/containerd.service +- systemctl daemon-reload && systemctl start containerd +- /sbin/sysctl -w net.ipv4.conf.all.forwarding=1 +- mkdir -p /opt/cni/bin +- curl -sSL https://github.com/containernetworking/plugins/releases/download/v0.8.5/cni-plugins-linux-amd64-v0.8.5.tgz | tar -xz -C /opt/cni/bin +- mkdir -p /go/src/github.com/openfaas/ +- mkdir -p /var/lib/faasd/secrets/ +- echo ${gw_password} > /var/lib/faasd/secrets/basic-auth-password +- echo admin > /var/lib/faasd/secrets/basic-auth-user +- cd /go/src/github.com/openfaas/ && git clone https://github.com/openfaas/faasd +- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.8.1/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd" +- cd /go/src/github.com/openfaas/faasd/ && /usr/local/bin/faasd install +- systemctl status -l containerd --no-pager +- journalctl -u faasd-provider --no-pager +- systemctl status -l faasd-provider --no-pager +- systemctl status -l faasd --no-pager +- curl -sSLf https://cli.openfaas.com | sh +- sleep 5 && journalctl -u faasd --no-pager +- wget https://github.com/caddyserver/caddy/releases/download/v2.0.0-rc.2/caddy_2.0.0-rc.2_linux_amd64.tar.gz -O /tmp/caddy.tar.gz && tar -zxvf /tmp/caddy.tar.gz -C /usr/bin/ caddy +- wget https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service -O /etc/systemd/system/caddy.service +- systemctl daemon-reload +- systemctl enable caddy +- systemctl start caddy diff --git a/docs/bootstrap/digitalocean-tls/main.tf b/docs/bootstrap/digitalocean-tls/main.tf new file mode 100644 index 0000000..a9e6ede --- /dev/null +++ b/docs/bootstrap/digitalocean-tls/main.tf @@ -0,0 +1,82 @@ +terraform { + required_version = ">= 0.12" +} + +variable "do_token" { + description = "Digitalocean API token" +} +variable "do_domain" { + description = "Your public domain" +} +variable "letsencrypt_email" { + description = "Email used to order a certificate from Letsencrypt" +} +variable "do_create_record" { + default = false + description = "Whether to create a DNS record on Digitalocean" +} +variable "do_region" { + default = "fra1" + description = "The Digitalocean region where the faasd droplet will be created." +} +variable "ssh_key_file" { + default = "~/.ssh/id_rsa.pub" + description = "Path to the SSH public key file" +} + +provider "digitalocean" { + token = var.do_token +} + +data "local_file" "ssh_key"{ + filename = pathexpand(var.ssh_key_file) +} + +resource "random_password" "password" { + length = 16 + special = true + override_special = "_-#" +} + +data "template_file" "cloud_init" { + template = "${file("cloud-config.tpl")}" + vars = { + gw_password=random_password.password.result, + ssh_key=data.local_file.ssh_key.content, + faasd_domain_name="faasd.${var.do_domain}" + letsencrypt_email=var.letsencrypt_email + } +} + +resource "digitalocean_droplet" "faasd" { + region = var.do_region + image = "ubuntu-18-04-x64" + name = "faasd" + size = "s-1vcpu-1gb" + user_data = data.template_file.cloud_init.rendered +} + +resource "digitalocean_record" "faasd" { + domain = var.do_domain + type = "A" + name = "faasd" + value = digitalocean_droplet.faasd.ipv4_address + # Only creates record if do_create_record is true + count = var.do_create_record == true ? 1 : 0 +} + +output "droplet_ip" { + value = digitalocean_droplet.faasd.ipv4_address +} + +output "gateway_url" { + value = "https://faasd.${var.do_domain}/" +} + +output "password" { + value = random_password.password.result +} + +output "login_cmd" { + value = "faas-cli login -g https://faasd.${var.do_domain}/ -p ${random_password.password.result}" +} diff --git a/docs/bootstrap/digitalocean-tls/main.tfvars b/docs/bootstrap/digitalocean-tls/main.tfvars new file mode 100644 index 0000000..f73292e --- /dev/null +++ b/docs/bootstrap/digitalocean-tls/main.tfvars @@ -0,0 +1,3 @@ +do_token = "" +do_domain = "" +letsencrypt_email = "" diff --git a/docs/bootstrap/digitalocean/README.md b/docs/bootstrap/digitalocean/README.md new file mode 100644 index 0000000..dd47029 --- /dev/null +++ b/docs/bootstrap/digitalocean/README.md @@ -0,0 +1,20 @@ +# Bootstrap faasd on Digitalocean + +1) [Sign up to DigitalOcean](https://www.digitalocean.com/?refcode=2962aa9e56a1&utm_campaign=Referral_Invite&utm_medium=Referral_Program&utm_source=CopyPaste) +2) [Download Terraform](https://www.terraform.io) +3) Clone this gist using the URL from the address bar +4) Run `terraform init` +5) Run `terraform apply -var="do_token=$(cat $HOME/digitalocean-access-token)"` +6) View the output for the login command and gateway URL i.e. + +``` +gateway_url = http://178.128.39.201:8080/ +login_cmd = faas-cli login -g http://178.128.39.201:8080/ -p rvIU49CEcFcHmqxj +password = rvIU49CEcFcHmqxj +``` + +Note that the user-data may take a couple of minutes to come up since it will be pulling in various components and preparing the machine. + +A single host with 1GB of RAM will be deployed for you, to remove at a later date simply use `terraform destroy`. + +If required, you can remove the VM via `terraform destroy -var="do_token=$(cat $HOME/digitalocean-access-token)"` diff --git a/docs/bootstrap/digitalocean/cloud-config.tpl b/docs/bootstrap/digitalocean/cloud-config.tpl new file mode 100644 index 0000000..87a177f --- /dev/null +++ b/docs/bootstrap/digitalocean/cloud-config.tpl @@ -0,0 +1,29 @@ +#cloud-config +ssh_authorized_keys: + - ${ssh_key} + +package_update: true + +packages: + - runc + +runcmd: +- curl -sLSf https://github.com/containerd/containerd/releases/download/v1.3.2/containerd-1.3.2.linux-amd64.tar.gz > /tmp/containerd.tar.gz && tar -xvf /tmp/containerd.tar.gz -C /usr/local/bin/ --strip-components=1 +- curl -SLfs https://raw.githubusercontent.com/containerd/containerd/v1.3.2/containerd.service | tee /etc/systemd/system/containerd.service +- systemctl daemon-reload && systemctl start containerd +- /sbin/sysctl -w net.ipv4.conf.all.forwarding=1 +- mkdir -p /opt/cni/bin +- curl -sSL https://github.com/containernetworking/plugins/releases/download/v0.8.5/cni-plugins-linux-amd64-v0.8.5.tgz | tar -xz -C /opt/cni/bin +- mkdir -p /go/src/github.com/openfaas/ +- mkdir -p /var/lib/faasd/secrets/ +- echo ${gw_password} > /var/lib/faasd/secrets/basic-auth-password +- echo admin > /var/lib/faasd/secrets/basic-auth-user +- cd /go/src/github.com/openfaas/ && git clone https://github.com/openfaas/faasd +- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.8.1/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd" +- cd /go/src/github.com/openfaas/faasd/ && /usr/local/bin/faasd install +- systemctl status -l containerd --no-pager +- journalctl -u faasd-provider --no-pager +- systemctl status -l faasd-provider --no-pager +- systemctl status -l faasd --no-pager +- curl -sSLf https://cli.openfaas.com | sh +- sleep 5 && journalctl -u faasd --no-pager diff --git a/docs/bootstrap/digitalocean/main.tf b/docs/bootstrap/digitalocean/main.tf new file mode 100644 index 0000000..79f3e20 --- /dev/null +++ b/docs/bootstrap/digitalocean/main.tf @@ -0,0 +1,56 @@ +terraform { + required_version = ">= 0.12" +} + +variable "do_token" {} + +variable "ssh_key_file" { + default = "~/.ssh/id_rsa.pub" + description = "Path to the SSH public key file" +} + +provider "digitalocean" { + token = var.do_token +} + +resource "random_password" "password" { + length = 16 + special = true + override_special = "_-#" +} + +data "local_file" "ssh_key"{ + filename = pathexpand(var.ssh_key_file) +} + +data "template_file" "cloud_init" { + template = "${file("cloud-config.tpl")}" + vars = { + gw_password=random_password.password.result, + ssh_key=data.local_file.ssh_key.content, + } +} + +resource "digitalocean_droplet" "faasd" { + + region = "lon1" + image = "ubuntu-18-04-x64" + name = "faasd" + # Plans: https://developers.digitalocean.com/documentation/changelog/api-v2/new-size-slugs-for-droplet-plan-changes/ + #size = "512mb" + size = "s-1vcpu-1gb" + user_data = data.template_file.cloud_init.rendered +} + +output "password" { + value = random_password.password.result +} + +output "gateway_url" { + value = "http://${digitalocean_droplet.faasd.ipv4_address}:8080/" +} + +output "login_cmd" { + value = "faas-cli login -g http://${digitalocean_droplet.faasd.ipv4_address}:8080/ -p ${random_password.password.result}" +} +