From 763d229f65a0b53e9262308e9d162bb4ca10268f Mon Sep 17 00:00:00 2001
From: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Date: Wed, 8 Aug 2018 17:57:46 +0300
Subject: [PATCH] webhook: adjust deployment script to accommodate CRDs

---
 .../mappings-collection.yaml                  | 20 ++++++++++++++++++
 .../fpga_admissionwebhook/rbac-config.yaml    | 21 +++++++++++++++++++
 scripts/webhook-deploy.sh                     | 10 +++++++++
 3 files changed, 51 insertions(+)
 create mode 100644 deployments/fpga_admissionwebhook/mappings-collection.yaml
 create mode 100644 deployments/fpga_admissionwebhook/rbac-config.yaml

diff --git a/deployments/fpga_admissionwebhook/mappings-collection.yaml b/deployments/fpga_admissionwebhook/mappings-collection.yaml
new file mode 100644
index 00000000..9785949e
--- /dev/null
+++ b/deployments/fpga_admissionwebhook/mappings-collection.yaml
@@ -0,0 +1,20 @@
+apiVersion: fpga.intel.com/v1
+kind: AcceleratorFunction
+metadata:
+  name: arria10-nlb0
+spec:
+  afuId: d8424dc4a4a3c413f89e433683f9040b
+---
+apiVersion: fpga.intel.com/v1
+kind: AcceleratorFunction
+metadata:
+  name: arria10-nlb3
+spec:
+  afuId: f7df405cbd7acf7222f144b0b93acd18
+---
+apiVersion: fpga.intel.com/v1
+kind: FpgaRegion
+metadata:
+  name: arria10
+spec:
+  interfaceId: ce48969398f05f33946d560708be108a
diff --git a/deployments/fpga_admissionwebhook/rbac-config.yaml b/deployments/fpga_admissionwebhook/rbac-config.yaml
new file mode 100644
index 00000000..812bb361
--- /dev/null
+++ b/deployments/fpga_admissionwebhook/rbac-config.yaml
@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fpga-reader
+rules:
+- apiGroups: ["fpga.intel.com"]
+  resources: ["acceleratorfunctions", "fpgaregions"]
+  verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: default-fpga-reader
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fpga-reader
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: default
diff --git a/scripts/webhook-deploy.sh b/scripts/webhook-deploy.sh
index ba24d39a..776b881c 100755
--- a/scripts/webhook-deploy.sh
+++ b/scripts/webhook-deploy.sh
@@ -53,6 +53,10 @@ done
 ${kubectl} delete MutatingWebhookConfiguration "fpga-mutator-webhook-cfg" 2>/dev/null || true
 ${kubectl} delete service ${service} 2>/dev/null || true
 ${kubectl} delete deployment "intel-fpga-webhook-deployment" 2>/dev/null || true
+${kubectl} delete -f ${srcroot}/deployments/fpga_admissionwebhook/rbac-config.yaml 2>/dev/null || true
+${kubectl} delete -f ${srcroot}/deployments/fpga_admissionwebhook/mappings-collection.yaml 2>/dev/null || true
+${kubectl} delete -f ${srcroot}/deployments/fpga_admissionwebhook/region-crd.yaml 2>/dev/null || true
+${kubectl} delete -f ${srcroot}/deployments/fpga_admissionwebhook/af-crd.yaml 2>/dev/null || true
 ${kubectl} delete secret ${secret} 2>/dev/null || true
 ${kubectl} delete csr "${service}.default" 2>/dev/null || true
 
@@ -75,6 +79,12 @@ fi
 echo "Create secret including signed key/cert pair for the webhook"
 ${srcroot}/scripts/webhook-create-signed-cert.sh --kubectl ${kubectl} --service ${service} --secret ${secret} --namespace "default"
 
+echo "Create FPGA CRDs"
+${kubectl} create -f ${srcroot}/deployments/fpga_admissionwebhook/af-crd.yaml
+${kubectl} create -f ${srcroot}/deployments/fpga_admissionwebhook/region-crd.yaml
+${kubectl} create -f ${srcroot}/deployments/fpga_admissionwebhook/mappings-collection.yaml
+${kubectl} create -f ${srcroot}/deployments/fpga_admissionwebhook/rbac-config.yaml
+
 echo "Create webhook deployment"
 cat ${srcroot}/deployments/fpga_admissionwebhook/deployment-tpl.yaml | sed -e "s/{MODE}/${mode}/g" | ${kubectl} create -f -