Add the option to use Staging LE issuer for OpenFaaS Ingress

We may want to test that the app will correctly issue a cert but not actually get a prod cert. You are limited to 30 new sub-domains a week with LE. This lets you pass the --staging flag to `arkade install openfaas-ingress --staging` Signed-off-by: Alistair Hey <[email protected]>
alexellis · Feb 26, 2020 · 09b64e3 · 09b64e3
1 parent 99a1d4f
commit 09b64e3
Show file tree

Hide file tree

Showing 2 changed files with 70 additions and 12 deletions.
diff --git a/cmd/apps/openfaas_ingress_app.go b/cmd/apps/openfaas_ingress_app.go
@@ -16,12 +16,15 @@ import (
 	"github.com/spf13/cobra"
 )
 
-type InputData struct {
+type inputData struct {
 	IngressDomain    string
 	CertmanagerEmail string
 	IngressClass     string
+	IssuerType       string
+	IssuerAPI        string
 }
 
+//MakeInstallOpenFaaSIngess will install a clusterissuer and request a cert from certmanager for the domain you specify
 func MakeInstallOpenFaaSIngress() *cobra.Command {
 	var openfaasIngress = &cobra.Command{
 		Use:          "openfaas-ingress",
@@ -34,6 +37,7 @@ func MakeInstallOpenFaaSIngress() *cobra.Command {
 	openfaasIngress.Flags().StringP("domain", "d", "", "Custom Ingress Domain")
 	openfaasIngress.Flags().StringP("email", "e", "", "Letsencrypt Email")
 	openfaasIngress.Flags().String("ingress-class", "nginx", "Ingress class to be used such as nginx or traefik")
+	openfaasIngress.Flags().Bool("staging", false, "set --staging to true to use the staging Letsencrypt issuer")
 
 	openfaasIngress.RunE = func(command *cobra.Command, args []string) error {
 
@@ -57,7 +61,9 @@ func MakeInstallOpenFaaSIngress() *cobra.Command {
 
 		fmt.Printf("Using kubeconfig: %s\n", kubeConfigPath)
 
-		yamlBytes, templateErr := buildYAML(domain, email, ingressClass)
+		staging, _ := command.Flags().GetBool("staging")
+
+		yamlBytes, templateErr := buildYAML(domain, email, ingressClass, staging)
 		if templateErr != nil {
 			log.Print("Unable to install the application. Could not build the templated yaml file for the resources")
 			return templateErr
@@ -119,17 +125,24 @@ func writeTempFile(input []byte, fileLocation string) (string, error) {
 	return filename, nil
 }
 
-func buildYAML(domain, email, ingressClass string) ([]byte, error) {
+func buildYAML(domain, email, ingressClass string, staging bool) ([]byte, error) {
 	tmpl, err := template.New("yaml").Parse(ingressYamlTemplate)
 
 	if err != nil {
 		return nil, err
 	}
 
-	inputData := InputData{
+	inputData := inputData{
 		IngressDomain:    domain,
 		CertmanagerEmail: email,
 		IngressClass:     ingressClass,
+		IssuerType:       "letsencrypt-prod",
+		IssuerAPI:        "https://acme-v02.api.letsencrypt.org/directory",
+	}
+
+	if staging {
+		inputData.IssuerType = "letsencrypt-staging"
+		inputData.IssuerAPI = "https://acme-staging-v02.api.letsencrypt.org/directory"
 	}
 
 	var tpl bytes.Buffer
@@ -178,7 +191,7 @@ metadata:
   name: openfaas-gateway
   namespace: openfaas
   annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-prod
+    cert-manager.io/cluster-issuer: {{.IssuerType}}
     kubernetes.io/ingress.class: {{.IngressClass}}
 spec:
   rules:
@@ -197,11 +210,11 @@ spec:
 apiVersion: cert-manager.io/v1alpha2
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-prod
+  name: {{.IssuerType}}
 spec:
   acme:
     email: {{.CertmanagerEmail}}
-    server: https://acme-v02.api.letsencrypt.org/directory
+    server: {{.IssuerAPI}}
     privateKeySecretRef:
       name: example-issuer-account-key
     solvers:

diff --git a/cmd/apps/openfaas_ingress_app_test.go b/cmd/apps/openfaas_ingress_app_test.go
@@ -8,22 +8,61 @@ import (
 )
 
 func Test_buildYAML_SubsitutesDomainEmailAndIngress(t *testing.T) {
-	templBytes, _ := buildYAML("openfaas.subdomain.example.com", "[email protected]", "traefik")
+	templBytes, _ := buildYAML("openfaas.subdomain.example.com", "[email protected]", "traefik", false)
+	var want = `
+apiVersion: extensions/v1beta1 
+kind: Ingress
+metadata:
+  name: openfaas-gateway
+  namespace: openfaas
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    kubernetes.io/ingress.class: traefik
+spec:
+  rules:
+  - host: openfaas.subdomain.example.com
+    http:
+      paths:
+      - backend:
+          serviceName: gateway
+          servicePort: 8080
+        path: /
+  tls:
+  - hosts:
+    - openfaas.subdomain.example.com
+    secretName: openfaas-gateway
+---
+apiVersion: cert-manager.io/v1alpha2
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    email: [email protected]
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: example-issuer-account-key
+    solvers:
+    - http01:
+        ingress:
+          class: traefik`
 
 	got := string(templBytes)
 	if want != got {
 		t.Errorf("suffix, want: %q, got: %q", want, got)
 	}
 }
 
-var want = `
+func Test_buildYAMLStaging(t *testing.T) {
+	templBytes, _ := buildYAML("openfaas.subdomain.example.com", "[email protected]", "traefik", true)
+	var want = `
 apiVersion: extensions/v1beta1 
 kind: Ingress
 metadata:
   name: openfaas-gateway
   namespace: openfaas
   annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-prod
+    cert-manager.io/cluster-issuer: letsencrypt-staging
     kubernetes.io/ingress.class: traefik
 spec:
   rules:
@@ -42,18 +81,24 @@ spec:
 apiVersion: cert-manager.io/v1alpha2
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-prod
+  name: letsencrypt-staging
 spec:
   acme:
     email: [email protected]
-    server: https://acme-v02.api.letsencrypt.org/directory
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
     privateKeySecretRef:
       name: example-issuer-account-key
     solvers:
     - http01:
         ingress:
           class: traefik`
 
+	got := string(templBytes)
+	if want != got {
+		t.Errorf("suffix, want: %q, got: %q", want, got)
+	}
+}
+
 func Test_writeTempFile_writes_to_tmp(t *testing.T) {
 	var want = "some input string"
 	tmpLocation, _ := writeTempFile([]byte(want), "tmp_file_name.yaml")