fix: get service account of lighthouse

a lighthousejob gets a unique name (using generateName) so needs to get it to update status
jenkins-x · Aug 10, 2023 · e0b6f63 · e0b6f63
1 parent d8c1dfe
commit e0b6f63
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 9 deletions.
diff --git a/charts/lighthouse/templates/webhooks-deployment.yaml b/charts/lighthouse/templates/webhooks-deployment.yaml
@@ -42,6 +42,10 @@ spec:
         args:
           - "--namespace={{ .Release.Namespace }}"
         env:
+          - name: SERVICE_ACCOUNT
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.serviceAccountName
           - name: "GIT_KIND"
             value: "{{ .Values.git.kind }}"
           - name: "LH_CUSTOM_TRIGGER_COMMAND"

diff --git a/pkg/plugins/trigger/periodic.go b/pkg/plugins/trigger/periodic.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"os"
 	"path/filepath"
 	"strconv"
 	"strings"
@@ -154,7 +155,6 @@ func (pa *PeriodicAgent) PeriodicsInitialized(namespace string, kc kubeclient.In
 }
 
 func (pa *PeriodicAgent) InitializePeriodics(kc kubeclient.Interface, configAgent *config.Agent, fileBrowsers *filebrowser.FileBrowsers) {
-	// TODO: Add lock so 2 InitializePeriodics can't run at the same time
 	if pa.SCMClient == nil {
 		_, scmClient, _, _, err := util.GetSCMClient("", configAgent.Config)
 		if err != nil {
@@ -182,7 +182,7 @@ func (pa *PeriodicAgent) InitializePeriodics(kc kubeclient.Interface, configAgen
 		cronMap[cronjob.Labels["repo"]][cronjob.Labels["trigger"]] = &cronjob
 	}
 
-	for fullName := range pa.filterPeriodics(c.InRepoConfig.Enabled, configAgent) {
+	for fullName := range pa.filterPeriodics(c.InRepoConfig.Enabled) {
 		repoCronJobs, repoCronExists := cronMap[fullName]
 		repoCM, repoCmExists := cmMap[fullName]
 		org, repo := scm.Split(fullName)
@@ -379,6 +379,10 @@ func (pa *PeriodicAgent) getExistingResources(
 
 func (pa *PeriodicAgent) constructCronJob(resourceName, configMapName string, labels map[string]string) *applybatchv1.CronJobApplyConfiguration {
 	const volumeName = "ligthousejob"
+	serviceAccount, found := os.LookupEnv("SERVICE_ACCOUNT")
+	if !found {
+		serviceAccount = "lighthouse-webhooks"
+	}
 	return (&applybatchv1.CronJobApplyConfiguration{}).
 		WithName(resourceName).
 		WithLabels(labels).
@@ -391,18 +395,18 @@ func (pa *PeriodicAgent) constructCronJob(resourceName, configMapName string, la
 						WithLabels(labels).
 						WithSpec((&applyv1.PodSpecApplyConfiguration{}).
 							WithEnableServiceLinks(false).
-							// TODO: Get service account from somewhere?
-							WithServiceAccountName("lighthouse-webhooks").
+							WithServiceAccountName(serviceAccount).
 							WithRestartPolicy("Never").
 							WithContainers((&applyv1.ContainerApplyConfiguration{}).
 								WithName("create-lighthousejob").
-								// TODO: make image configurable. Should have yq as well
-
 								WithImage("bitnami/kubectl").
 								WithCommand("/bin/sh").
 								WithArgs("-c", `
-yq '.metadata.name = "'$HOSTNAME'"' /config/lighthousejob.yaml | kubectl apply -f 
-kubectl patch LighthouseJob $HOSTNAME --type=merge --subresource status --patch 'status: {state: triggered}'
+create_output=$(kubectl create -f /config/lighthousejob.yaml)
+if [[ $create_output =~ (.*)\  ]]
+then
+  kubectl patch ${BASH_REMATCH[1]} --type=merge --subresource status --patch 'status: {state: triggered}'
+fi
 `).
 								WithVolumeMounts((&applyv1.VolumeMountApplyConfiguration{}).
 									WithName(volumeName).
@@ -413,7 +417,7 @@ kubectl patch LighthouseJob $HOSTNAME --type=merge --subresource status --patch
 									WithName(configMapName))))))))
 }
 
-func (pa *PeriodicAgent) filterPeriodics(enabled map[string]*bool, agent *config.Agent) map[string]*bool {
+func (pa *PeriodicAgent) filterPeriodics(enabled map[string]*bool) map[string]*bool {
 	if pa.SCMClient.Contents == nil {
 		return enabled
 	}