systemd: Use admin user and context instead system:admin

[praveenkumar]

kubeconfig which is generated by installer have admin user and admin context but the kubeconfig file we generate have system:admin which makes restart fail on crc side because in crc codebase we are using admin context so instead of modify code in crc, it would be better to change here.

$ oc config get-contexts --kubeconfig=/home/prkumar/.crc/cache/crc_libvirt_4.20.5_amd64/kubeconfig
CURRENT   NAME    CLUSTER   AUTHINFO   NAMESPACE
*         admin   crc       admin

With our changes modified kubeconfig file

[core@crc ~]$ oc config get-contexts --kubeconfig=/opt/kubeconfig
CURRENT   NAME           CLUSTER   AUTHINFO       NAMESPACE
*         system:admin   crc       system:admin   default

Summary by CodeRabbit

• Bug Fixes
  • Updated cluster configuration user and context references for consistency and clarity. Credentials and authentication settings now use standardized naming conventions while maintaining full functionality.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai[bot]]

Walkthrough

The systemd/ocp-cluster-ca.sh script is updated to replace all user/name references from system:admin to admin in kubeconfig generation steps. The cluster configuration, server URL, and TLS certificate settings remain unchanged.

Changes

Cohort / File(s)	Summary
Kubeconfig User/Context Rename systemd/ocp-cluster-ca.sh	Updated set-credentials, set-context, and use-context commands to use admin instead of system:admin for kubeconfig user naming convention

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

• Single-file, configuration-only change affecting kubeconfig user naming
• No logic modifications or control flow alterations
• Straightforward naming convention update across three related kubeconfig commands

Suggested labels

lgtm, approved

Suggested reviewers

• gbraad
• anjannath

Poem

🐰 A rabbit hops through the config today, Changing system:admin in every which way, From "system" to "admin," a cleaner name rings, Control flow unchanged—just renaming things! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main change: replacing system:admin with admin user and context in kubeconfig generation for systemd scripts.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• [ ] 📝 Generate docstrings

🧪 Generate unit tests (beta)

• [ ] Create PR with unit tests
• [ ] Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cb25bdc354e455caae2a103cc26a2f22094eeeb1 and 5fef43d6f9e018dd633cf6b1e9af741ae202a16a.

📒 Files selected for processing (1)

• systemd/ocp-cluster-ca.sh (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-10-02T12:58:51.079Z

Learnt from: kpouget
Repo: crc-org/snc PR: 1168
File: systemd/crc-pullsecret.sh:11-11
Timestamp: 2025-10-02T12:58:51.079Z
Learning: In systemd/crc-pullsecret.sh, the wait_for_resource_or_die secret call is intentionally checking that the Kubernetes secret API is operational (part of the OCP/K8s boot process), not waiting for a specific secret resource to exist. The script relies on subsequent oc commands and systemd retry logic to handle cases where specific resources aren't available yet.

Applied to files:

• systemd/ocp-cluster-ca.sh

🔇 Additional comments (4)

systemd/ocp-cluster-ca.sh (4)

86-89: LGTM! User credential name updated correctly.

The change from system:admin to admin aligns with the PR objective to match the installer convention and CRC's expectations.

---

91-91: LGTM! Context configuration updated correctly.

The context name and user reference are now consistently set to admin, matching the credentials defined at line 86.

---

93-93: LGTM! Context activation updated correctly.

The change activates the renamed admin context, completing the transition from system:admin to admin throughout the kubeconfig generation.

---

35-35: Clarify the intentional mismatch between certificate CN and kubeconfig user name.

The certificate subject still uses CN=system:admin while kubeconfig now references it as admin (lines 86, 91). Standard OpenShift installer behavior maintains consistency between certificate CN and kubeconfig user/context naming. Confirm whether this divergence is intentional and explain the rationale in a comment, or align the certificate CN with the kubeconfig user name to match standard OpenShift conventions.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[anjannath]

/lgtm /approve

[openshift-ci[bot]]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: anjannath

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• ~~OWNERS~~ [anjannath]

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci[bot]]

@praveenkumar: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-snc	5fef43d6f9e018dd633cf6b1e9af741ae202a16a	link	true	/test e2e-snc

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[praveenkumar]

/cherry-pick master

[openshift-cherrypick-robot]

@praveenkumar: once the present PR merges, I will cherry-pick it on top of master in a new PR and assign it to you.

In response to this:

/cherry-pick master

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-cherrypick-robot]

@praveenkumar: new pull request created: #1203

In response to this:

/cherry-pick master

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.