fix: service account

docs/administration.md

@@ -3,7 +3,8 @@
 
 ```shell 
 NAMESPACE=grac-eclipsefdn-it-releng-gitlab-runner-as-code
-kubectl get namespace $NAMESPACE -o json > tmp.json
+kubectl get namespace $NAMESPACE -o json|sed 's/"kubernetes"//'  > /tmp/tmp.json 
+
 ```
 
 Delete finalizers `kubernetes` from namespace definition.

instances/eclipsefdn.it.releng.gitlab-runner-as-code/target/config.json

@@ -176,7 +176,7 @@
          "pullPolicy": "if-not-present",
          "resourceAvailabilityCheckMaxAttempts": "",
          "runtimeClassName": "",
-         "serviceAccount": "grac-' + $.project.shortName + '-service-account",
+         "serviceAccount": "grac-gitlab-runner-as-code-service-account",
          "serviceAccountOverwriteAllowed": "",
          "serviceContainerSecurityContextAllowPrivilegeEscalation": "",
          "serviceContainerSecurityContextCapabilitiesAdd": "",

instances/eclipsefdn.it.releng.gitlab-runner-as-code/target/k8s/deployment.json

@@ -154,7 +154,7 @@
                      },
                      {
                         "name": "KUBERNETES_SERVICE_ACCOUNT",
-                        "value": "grac-' + $.project.shortName + '-service-account"
+                        "value": "grac-gitlab-runner-as-code-service-account"
                      },
                      {
                         "name": "KUBERNETES_SERVICE_CPU_LIMIT",

scripts/k8s-delete.sh

@@ -60,7 +60,9 @@ if [[ "$(readlink -f "${confirm}")" == "$(readlink -f "${instance}")" ]]; then
   oc delete -f "${instance}/target/k8s/limit-range.json"
 
   oc delete -f "${instance}/target/k8s/service-account.json"
-  oc delete -f "${instance}/target/k8s/namespace.json"
+
+  # TODO Force Delete a Kubernetes Namespace, see documentation
+  #oc delete -f "${instance}/target/k8s/namespace.json"
   
 else
   log error "Cannot delete, $(readlink -f "${confirm}") != $(readlink -f "${instance}")"

templates/config.libsonnet

@@ -202,7 +202,7 @@
       resourceAvailabilityCheckMaxAttempts:"",                  # The maximum number of attempts to check if a resource (service account and/or pull secret) set is available before giving up. There is 5 seconds interval between each attempt (default: "0") [$KUBERNETES_RESOURCE_AVAILABILITY_CHECK_MAX_ATTEMPTS]
       podLabels:"",                                             # A toml table/json object of key-value. Value is expected to be a string. When set, this will create pods with the given pod labels. Environment variables will be substituted for values here. (default: "{}")
       podLabelsOverwriteAllowed:"",                             # Regex to validate 'KUBERNETES_POD_LABELS_*' values [$KUBERNETES_POD_LABELS_OVERWRITE_ALLOWED]
-      serviceAccount:"grac-' + $.project.shortName + '-service-account", # Executor pods will use this Service Account to talk to kubernetes API [$KUBERNETES_SERVICE_ACCOUNT]
+      serviceAccount:"grac-" + $.project.shortName + "-service-account", # Executor pods will use this Service Account to talk to kubernetes API [$KUBERNETES_SERVICE_ACCOUNT]
       serviceAccountOverwriteAllowed:"",                        # Regex to validate 'KUBERNETES_SERVICE_ACCOUNT' value [$KUBERNETES_SERVICE_ACCOUNT_OVERWRITE_ALLOWED]
       podAnnotations:"",                                        # A toml table/json object of key-value. Value is expected to be a string. When set, this will create pods with the given annotations. Can be overwritten in build with KUBERNETES_POD_ANNOTATION_* variables (default: "{}")
       podAnnotationsOverwriteAllowed:"",                        # Regex to validate 'KUBERNETES_POD_ANNOTATIONS_*' values [$KUBERNETES_POD_ANNOTATIONS_OVERWRITE_ALLOWED]