From e0b6f63836eb5763e68d7caa0a1a1ac1b3fde7cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A5rten=20Svantesson?= Date: Thu, 10 Aug 2023 11:22:43 +0200 Subject: [PATCH] fix: get service account of lighthouse a lighthousejob gets a unique name (using generateName) so needs to get it to update status --- .../templates/webhooks-deployment.yaml | 4 ++++ pkg/plugins/trigger/periodic.go | 22 +++++++++++-------- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/charts/lighthouse/templates/webhooks-deployment.yaml b/charts/lighthouse/templates/webhooks-deployment.yaml index 452bd9b14..753642ef9 100644 --- a/charts/lighthouse/templates/webhooks-deployment.yaml +++ b/charts/lighthouse/templates/webhooks-deployment.yaml @@ -42,6 +42,10 @@ spec: args: - "--namespace={{ .Release.Namespace }}" env: + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName - name: "GIT_KIND" value: "{{ .Values.git.kind }}" - name: "LH_CUSTOM_TRIGGER_COMMAND" diff --git a/pkg/plugins/trigger/periodic.go b/pkg/plugins/trigger/periodic.go index fa897d65b..0117ee71a 100644 --- a/pkg/plugins/trigger/periodic.go +++ b/pkg/plugins/trigger/periodic.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "fmt" + "os" "path/filepath" "strconv" "strings" @@ -154,7 +155,6 @@ func (pa *PeriodicAgent) PeriodicsInitialized(namespace string, kc kubeclient.In } func (pa *PeriodicAgent) InitializePeriodics(kc kubeclient.Interface, configAgent *config.Agent, fileBrowsers *filebrowser.FileBrowsers) { - // TODO: Add lock so 2 InitializePeriodics can't run at the same time if pa.SCMClient == nil { _, scmClient, _, _, err := util.GetSCMClient("", configAgent.Config) if err != nil { @@ -182,7 +182,7 @@ func (pa *PeriodicAgent) InitializePeriodics(kc kubeclient.Interface, configAgen cronMap[cronjob.Labels["repo"]][cronjob.Labels["trigger"]] = &cronjob } - for fullName := range pa.filterPeriodics(c.InRepoConfig.Enabled, configAgent) { + for fullName := range pa.filterPeriodics(c.InRepoConfig.Enabled) { repoCronJobs, repoCronExists := cronMap[fullName] repoCM, repoCmExists := cmMap[fullName] org, repo := scm.Split(fullName) @@ -379,6 +379,10 @@ func (pa *PeriodicAgent) getExistingResources( func (pa *PeriodicAgent) constructCronJob(resourceName, configMapName string, labels map[string]string) *applybatchv1.CronJobApplyConfiguration { const volumeName = "ligthousejob" + serviceAccount, found := os.LookupEnv("SERVICE_ACCOUNT") + if !found { + serviceAccount = "lighthouse-webhooks" + } return (&applybatchv1.CronJobApplyConfiguration{}). WithName(resourceName). WithLabels(labels). @@ -391,18 +395,18 @@ func (pa *PeriodicAgent) constructCronJob(resourceName, configMapName string, la WithLabels(labels). WithSpec((&applyv1.PodSpecApplyConfiguration{}). WithEnableServiceLinks(false). - // TODO: Get service account from somewhere? - WithServiceAccountName("lighthouse-webhooks"). + WithServiceAccountName(serviceAccount). WithRestartPolicy("Never"). WithContainers((&applyv1.ContainerApplyConfiguration{}). WithName("create-lighthousejob"). - // TODO: make image configurable. Should have yq as well - WithImage("bitnami/kubectl"). WithCommand("/bin/sh"). WithArgs("-c", ` -yq '.metadata.name = "'$HOSTNAME'"' /config/lighthousejob.yaml | kubectl apply -f -kubectl patch LighthouseJob $HOSTNAME --type=merge --subresource status --patch 'status: {state: triggered}' +create_output=$(kubectl create -f /config/lighthousejob.yaml) +if [[ $create_output =~ (.*)\ ]] +then + kubectl patch ${BASH_REMATCH[1]} --type=merge --subresource status --patch 'status: {state: triggered}' +fi `). WithVolumeMounts((&applyv1.VolumeMountApplyConfiguration{}). WithName(volumeName). @@ -413,7 +417,7 @@ kubectl patch LighthouseJob $HOSTNAME --type=merge --subresource status --patch WithName(configMapName)))))))) } -func (pa *PeriodicAgent) filterPeriodics(enabled map[string]*bool, agent *config.Agent) map[string]*bool { +func (pa *PeriodicAgent) filterPeriodics(enabled map[string]*bool) map[string]*bool { if pa.SCMClient.Contents == nil { return enabled }