diff --git a/.gitignore b/.gitignore
index 69f4a99b..85eca452 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,4 +4,7 @@ terraform.tfvars
 .terraform*
 *.swp
 password_file*
-.vscode
\ No newline at end of file
+.vscode
+template
+build
+.secrets
diff --git a/openfaas/.gitignore b/openfaas/.gitignore
new file mode 100644
index 00000000..4f035652
--- /dev/null
+++ b/openfaas/.gitignore
@@ -0,0 +1,3 @@
+template
+build
+.secrets
diff --git a/openfaas/README.md b/openfaas/README.md
new file mode 100644
index 00000000..ed4cfee6
--- /dev/null
+++ b/openfaas/README.md
@@ -0,0 +1,43 @@
+# What is OpenFaaS/ faas-netes?
+
+A way to deploy FaaS objects into Kubernetes that follows open standards.
+
+## How to get started
+
+Install the CLI
+
+```bash
+brew install faas-cli
+```
+
+Then to download templates use
+
+```bash
+faas-cli template pull
+```
+
+Then to create a sample one in Python, use
+
+```bash
+faas-cli new hello-world --lang python3
+```
+
+Edit the `hello-world.yml` file to have the right image tag/location,
+and update `requirements.txt` as necessary.
+
+Then get the secret to log in, and port-forward the gateway
+
+```bash
+kubectl port-forward -n openfaas svc/gateway 8080:8080
+PASSWORD=$(kubectl -n openfaas get secret basic-auth -o jsonpath="{.data.basic-auth-password}" | base64 --decode)
+faas-cli login --password $PASSWORD
+```
+
+Lastly, build, push and deploy your function with the following
+(assuming you have dockerhub push access set up)
+
+```bash
+faas-cli build --yaml hello-world.yml
+faas-cli publish --yaml hello-world.yml --reset-qemu=false # For ARM -> AMD64
+faas-cli deploy --yaml hello-world.yml
+```
diff --git a/openfaas/dev/backend.tf b/openfaas/dev/backend.tf
new file mode 100644
index 00000000..3a9063f2
--- /dev/null
+++ b/openfaas/dev/backend.tf
@@ -0,0 +1,17 @@
+
+terraform {
+  # DigitalOcean uses the S3 spec.
+  backend "s3" {
+    bucket   = "treetracker-dev-terraform"
+    key      = "terraform-openfaas.tfstate"
+    endpoint = "https://sfo2.digitaloceanspaces.com"
+    # DO uses the S3 format
+    # eu-west-1 is used to pass TF validation
+    # Region is ACTUALLY sfo2 on DO
+    region = "eu-west-1"
+    # Deactivate a few checks as TF will attempt these against AWS
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    skip_region_validation      = true
+  }
+}
diff --git a/openfaas/dev/main.tf b/openfaas/dev/main.tf
new file mode 100644
index 00000000..c2c4cd41
--- /dev/null
+++ b/openfaas/dev/main.tf
@@ -0,0 +1,4 @@
+module "openfaas" {
+  source       = "../faas-netes-chart"
+  cluster_name = "dev-k8s-treetracker"
+}
diff --git a/openfaas/dev/provider.tf b/openfaas/dev/provider.tf
new file mode 100644
index 00000000..1f4b1a98
--- /dev/null
+++ b/openfaas/dev/provider.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_providers {
+    digitalocean = {
+      source  = "digitalocean/digitalocean"
+      version = "2.28.1"
+    }
+    kubernetes = "2.16.1"
+    helm       = "2.8.0"
+  }
+}
diff --git a/openfaas/faas-netes-chart/main.tf b/openfaas/faas-netes-chart/main.tf
new file mode 100644
index 00000000..e033c2b9
--- /dev/null
+++ b/openfaas/faas-netes-chart/main.tf
@@ -0,0 +1,61 @@
+data "digitalocean_kubernetes_cluster" "dev" {
+  name = var.cluster_name
+}
+
+
+provider "kubernetes" {
+  host  = data.digitalocean_kubernetes_cluster.dev.endpoint
+  token = data.digitalocean_kubernetes_cluster.dev.kube_config[0].token
+  cluster_ca_certificate = base64decode(
+    data.digitalocean_kubernetes_cluster.dev.kube_config[0].cluster_ca_certificate
+  )
+}
+
+provider "helm" {
+  kubernetes {
+    host  = data.digitalocean_kubernetes_cluster.dev.endpoint
+    token = data.digitalocean_kubernetes_cluster.dev.kube_config[0].token
+    cluster_ca_certificate = base64decode(
+      data.digitalocean_kubernetes_cluster.dev.kube_config[0].cluster_ca_certificate
+    )
+  }
+}
+
+resource "kubernetes_namespace" "openfaas-fn-ns" {
+  metadata {
+    name = "openfaas-fn"
+    annotations = {
+      "linkerd.io/inject"                     = "enabled"
+      "config.linkerd.io/skip-inbound-ports"  = "4222"
+      "config.linkerd.io/skip-outbound-ports" = "4222"
+    }
+
+    labels = {
+      istio-injection = "enabled"
+      role            = "openfaas-fn"
+    }
+
+  }
+}
+
+locals {
+  chart_version = "13.0.0"
+}
+
+
+resource "helm_release" "openfaas_chart" {
+  name             = "openfaas"
+  repository       = "https://openfaas.github.io/faas-netes/"
+  chart            = "openfaas"
+  version          = local.chart_version
+  namespace        = "openfaas"
+  create_namespace = true
+
+
+  values = [
+    "${file("${path.module}/values.yaml")}",
+    var.values_file
+  ]
+
+}
+
diff --git a/openfaas/faas-netes-chart/provider.tf b/openfaas/faas-netes-chart/provider.tf
new file mode 100644
index 00000000..1f4b1a98
--- /dev/null
+++ b/openfaas/faas-netes-chart/provider.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_providers {
+    digitalocean = {
+      source  = "digitalocean/digitalocean"
+      version = "2.28.1"
+    }
+    kubernetes = "2.16.1"
+    helm       = "2.8.0"
+  }
+}
diff --git a/openfaas/faas-netes-chart/values.yaml b/openfaas/faas-netes-chart/values.yaml
new file mode 100644
index 00000000..aa6a887e
--- /dev/null
+++ b/openfaas/faas-netes-chart/values.yaml
@@ -0,0 +1,8 @@
+functionNamespace: openfaas-fn
+operator:
+  create: false
+clusterRole: true
+prometheus:
+  create: false
+alertmanager:
+  create: false
diff --git a/openfaas/faas-netes-chart/variables.tf b/openfaas/faas-netes-chart/variables.tf
new file mode 100644
index 00000000..70310314
--- /dev/null
+++ b/openfaas/faas-netes-chart/variables.tf
@@ -0,0 +1,8 @@
+variable "cluster_name" {
+  type = string
+}
+
+variable "values_file" {
+  type    = string
+  default = ""
+}
diff --git a/openfaas/hello-world.yml b/openfaas/hello-world.yml
new file mode 100644
index 00000000..fe225011
--- /dev/null
+++ b/openfaas/hello-world.yml
@@ -0,0 +1,9 @@
+version: 1.0
+provider:
+  name: openfaas
+  gateway: http://127.0.0.1:8080
+functions:
+  hello-world:
+    lang: python3
+    handler: ./hello-world
+    image: mckornfield/openfaas-hello-world:latest
diff --git a/openfaas/hello-world/__init__.py b/openfaas/hello-world/__init__.py
new file mode 100644
index 00000000..e69de29b
diff --git a/openfaas/hello-world/handler.py b/openfaas/hello-world/handler.py
new file mode 100644
index 00000000..a2de417c
--- /dev/null
+++ b/openfaas/hello-world/handler.py
@@ -0,0 +1,7 @@
+def handle(req):
+    """handle a request to the function
+    Args:
+        req (str): request body
+    """
+    print("testing 123!")
+    return req
diff --git a/openfaas/hello-world/requirements.txt b/openfaas/hello-world/requirements.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/openfaas/prod/backend.tf b/openfaas/prod/backend.tf
new file mode 100644
index 00000000..1fe87239
--- /dev/null
+++ b/openfaas/prod/backend.tf
@@ -0,0 +1,17 @@
+
+terraform {
+  # DigitalOcean uses the S3 spec.
+  backend "s3" {
+    bucket   = "treetracker-production-terraform"
+    key      = "terraform-openfaas.tfstate"
+    endpoint = "https://sfo2.digitaloceanspaces.com"
+    # DO uses the S3 format
+    # eu-west-1 is used to pass TF validation
+    # Region is ACTUALLY sfo2 on DO
+    region = "eu-west-1"
+    # Deactivate a few checks as TF will attempt these against AWS
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    skip_region_validation      = true
+  }
+}
diff --git a/openfaas/prod/main.tf b/openfaas/prod/main.tf
new file mode 100644
index 00000000..700185a9
--- /dev/null
+++ b/openfaas/prod/main.tf
@@ -0,0 +1,4 @@
+module "openfaas" {
+  source       = "../faas-netes-chart"
+  cluster_name = "prod-k8s-treetracker"
+}
diff --git a/openfaas/prod/provider.tf b/openfaas/prod/provider.tf
new file mode 100644
index 00000000..1f4b1a98
--- /dev/null
+++ b/openfaas/prod/provider.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_providers {
+    digitalocean = {
+      source  = "digitalocean/digitalocean"
+      version = "2.28.1"
+    }
+    kubernetes = "2.16.1"
+    helm       = "2.8.0"
+  }
+}
diff --git a/openfaas/test/backend.tf b/openfaas/test/backend.tf
new file mode 100644
index 00000000..7d3f8812
--- /dev/null
+++ b/openfaas/test/backend.tf
@@ -0,0 +1,17 @@
+
+terraform {
+  # DigitalOcean uses the S3 spec.
+  backend "s3" {
+    bucket   = "treetracker-test-terraform"
+    key      = "terraform-openfaas.tfstate"
+    endpoint = "https://sfo2.digitaloceanspaces.com"
+    # DO uses the S3 format
+    # eu-west-1 is used to pass TF validation
+    # Region is ACTUALLY sfo2 on DO
+    region = "eu-west-1"
+    # Deactivate a few checks as TF will attempt these against AWS
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    skip_region_validation      = true
+  }
+}
diff --git a/openfaas/test/main.tf b/openfaas/test/main.tf
new file mode 100644
index 00000000..f5f273cc
--- /dev/null
+++ b/openfaas/test/main.tf
@@ -0,0 +1,4 @@
+module "openfaas" {
+  source       = "../faas-netes-chart"
+  cluster_name = "test-k8s-treetracker"
+}
diff --git a/openfaas/test/provider.tf b/openfaas/test/provider.tf
new file mode 100644
index 00000000..1f4b1a98
--- /dev/null
+++ b/openfaas/test/provider.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_providers {
+    digitalocean = {
+      source  = "digitalocean/digitalocean"
+      version = "2.28.1"
+    }
+    kubernetes = "2.16.1"
+    helm       = "2.8.0"
+  }
+}
diff --git a/solr/prod/backend.tf b/solr/prod/backend.tf
index b113cddc..7635245c 100644
--- a/solr/prod/backend.tf
+++ b/solr/prod/backend.tf
@@ -2,7 +2,7 @@
 terraform {
   # DigitalOcean uses the S3 spec.
   backend "s3" {
-    bucket   = "treetracker-test-terraform"
+    bucket   = "treetracker-production-terraform"
     key      = "terraform-solr.tfstate"
     endpoint = "https://sfo2.digitaloceanspaces.com"
     # DO uses the S3 format