github/intel-device-plugins-for-kubernetes
7
0
Fork 0
mirror of https://github.com/intel/intel-device-plugins-for-kubernetes.git synced 2025-06-03 03:59:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

extend webhook-deploy.sh to accept --mode

Browse Source 
Since the webhook can operate in two modes, either `preprogrammed`
or `orchestrated`, extend the deploying script to support these
modes.
This commit is contained in:
Dmitry Rozhkov 2018-06-26 16:18:51 +03:00
parent 3d30fa2872
commit 3082d453ad
3 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/fpga_admissionwebhook/README.md
View File

@ -39,6 +39,14 @@ Then run the script `scripts/webhook-deploy.sh`.
Register webhook Register webhook
mutatingwebhookconfiguration "fpga-mutator-webhook-cfg" created mutatingwebhookconfiguration "fpga-mutator-webhook-cfg" created
By default the script deploys the webhook in the preprogrammed mode (when
requested FPGA resources get translated to AF resources, e.g.
"intel.com/fpga-arria10-nlb0" -> "intel.com/fpga-af-d8424dc4a4a3c413f89e433683f9040b").
You can command the script to deploy the webhook in the orchestrated mode with
the option `--mode`.
$ ./scripts/webhook-deploy.sh --mode orchestrated
Please note that the script needs the CA bundle used for signing cerificate Please note that the script needs the CA bundle used for signing cerificate
requests in your cluster. By default it fetches the bundle stored requests in your cluster. By default it fetches the bundle stored
in the configmap `extension-apiserver-authentication`. But it may differ from in the configmap `extension-apiserver-authentication`. But it may differ from

1
deployments/fpga_admissionwebhook/deployment.yaml → deployments/fpga_admissionwebhook/deployment-tpl.yaml
View File

@ -20,6 +20,7 @@ spec:
args: args:
- -tls-cert-file=/etc/webhook/certs/cert.pem - -tls-cert-file=/etc/webhook/certs/cert.pem
- -tls-private-key-file=/etc/webhook/certs/key.pem - -tls-private-key-file=/etc/webhook/certs/key.pem
- -mode={MODE}
- -alsologtostderr - -alsologtostderr
- -v=2 - -v=2
- 2>&1 - 2>&1

12
scripts/webhook-deploy.sh
View File

@ -16,11 +16,21 @@ while [[ $# -gt 0 ]]; do
cabundlepath="$2" cabundlepath="$2"
shift shift
;; ;;
--mode)
mode="$2"
shift
;;
esac esac
shift shift
done done
[ -z ${kubectl} ] && kubectl="kubectl" [ -z ${kubectl} ] && kubectl="kubectl"
[ -z ${mode} ] && mode="preprogrammed"
if [ "x${mode}" != "xpreprogrammed" -a "x${mode}" != "xorchestrated" ]; then
echo "ERROR: supported modes are 'preprogrammed' and 'orchestrated'"
exit 1
fi
if [ -z ${cabundlepath} ]; then if [ -z ${cabundlepath} ]; then
CA_BUNDLE=$(${kubectl} get configmap -n kube-system extension-apiserver-authentication -o=jsonpath='{.data.client-ca-file}' | base64 -w 0) CA_BUNDLE=$(${kubectl} get configmap -n kube-system extension-apiserver-authentication -o=jsonpath='{.data.client-ca-file}' | base64 -w 0)
@ -32,7 +42,7 @@ echo "Create secret including signed key/cert pair for the webhook"
${srcroot}/scripts/webhook-create-signed-cert.sh --kubectl ${kubectl} ${srcroot}/scripts/webhook-create-signed-cert.sh --kubectl ${kubectl}
echo "Create webhook deployment" echo "Create webhook deployment"
kubectl create -f ${srcroot}/deployments/fpga_admissionwebhook/deployment.yaml cat ${srcroot}/deployments/fpga_admissionwebhook/deployment-tpl.yaml | sed -e "s/{MODE}/${mode}/g" | ${kubectl} create -f -
echo "Create webhook service" echo "Create webhook service"
kubectl create -f ${srcroot}/deployments/fpga_admissionwebhook/service.yaml kubectl create -f ${srcroot}/deployments/fpga_admissionwebhook/service.yaml