docs: update for service account

docs/pages/deployment/k8s-only.en.mdx

@@ -52,13 +52,23 @@ This article focuses on deploying GZCTF in a Kubernetes cluster. For configurati
        { ... } # content of appsettings.json
    ---
    apiVersion: v1
-   kind: Secret
+   kind: ServiceAccount
    metadata:
-     name: gzctf-kube-config
+     name: gzctf-sa
      namespace: gzctf-server
-   type: Opaque
-   data:
-     kube-config: ... # base64 encoded k8s connection configuration
+   ---
+   apiVersion: rbac.authorization.k8s.io/v1
+   kind: ClusterRoleBinding
+   metadata:
+     name: gzctf-crb
+   roleRef:
+     apiGroup: rbac.authorization.k8s.io
+     kind: ClusterRole
+     name: cluster-admin # use to access the Kubernetes API
+   subjects:
+     - kind: ServiceAccount
+       name: gzctf-sa
+       namespace: gzctf-server
    ---
    apiVersion: v1
    kind: Secret
@@ -149,6 +159,7 @@ This article focuses on deploying GZCTF in a Kubernetes cluster. For configurati
          labels:
            app: gzctf
        spec:
+         serviceAccountName: gzctf-sa
          nodeSelector:
            kubernetes.io/hostname: xxx # Specify the deployment node, forcing it to be on the same node as the database
          containers:
@@ -170,9 +181,6 @@ This article focuses on deploying GZCTF in a Kubernetes cluster. For configurati
                - name: gzctf-config
                  mountPath: /app/appsettings.json
                  subPath: appsettings.json
-               - name: gzctf-kube-config
-                 mountPath: /app/kube-config.yaml
-                 subPath: kube-config
              resources:
                requests:
                  cpu: 1000m
@@ -184,9 +192,6 @@ This article focuses on deploying GZCTF in a Kubernetes cluster. For configurati
            - name: gzctf-config
              configMap:
                name: gzctf-config
-           - name: gzctf-kube-config
-             secret:
-               secretName: gzctf-kube-config
    ---
    apiVersion: apps/v1
    kind: Deployment

docs/pages/deployment/k8s-only.ja.mdx

@@ -52,13 +52,23 @@ import { Callout } from "nextra-theme-docs";
        { ... } # appsettings.json の内容
    ---
    apiVersion: v1
-   kind: Secret
+   kind: ServiceAccount
    metadata:
-     name: gzctf-kube-config
+     name: gzctf-sa
      namespace: gzctf-server
-   type: Opaque
-   data:
-     kube-config: ... # base64 でエンコードした k8s 接続ファイル
+   ---
+   apiVersion: rbac.authorization.k8s.io/v1
+   kind: ClusterRoleBinding
+   metadata:
+     name: gzctf-crb
+   roleRef:
+     apiGroup: rbac.authorization.k8s.io
+     kind: ClusterRole
+     name: cluster-admin # Kubernetes API にアクセスするために使用します
+   subjects:
+     - kind: ServiceAccount
+       name: gzctf-sa
+       namespace: gzctf-server
    ---
    apiVersion: v1
    kind: Secret
@@ -149,6 +159,7 @@ import { Callout } from "nextra-theme-docs";
          labels:
            app: gzctf
        spec:
+         serviceAccountName: gzctf-sa
          nodeSelector:
            kubernetes.io/hostname: xxx # デプロイノードを指定し、データベースと同じノードに強制します
          containers:
@@ -170,9 +181,6 @@ import { Callout } from "nextra-theme-docs";
                - name: gzctf-config
                  mountPath: /app/appsettings.json
                  subPath: appsettings.json
-               - name: gzctf-kube-config
-                 mountPath: /app/kube-config.yaml
-                 subPath: kube-config
              resources:
                requests:
                  cpu: 1000m
@@ -184,9 +192,6 @@ import { Callout } from "nextra-theme-docs";
            - name: gzctf-config
              configMap:
                name: gzctf-config
-           - name: gzctf-kube-config
-             secret:
-               secretName: gzctf-kube-config
    ---
    apiVersion: apps/v1
    kind: Deployment

docs/pages/deployment/k8s-only.zh.mdx

@@ -52,13 +52,23 @@ import { Callout } from "nextra-theme-docs";
        { ... } # appsettings.json 中的内容
    ---
    apiVersion: v1
-   kind: Secret
+   kind: ServiceAccount
    metadata:
-     name: gzctf-kube-config
+     name: gzctf-sa
      namespace: gzctf-server
-   type: Opaque
-   data:
-     kube-config: ... # base64 编码后的 k8s 连接文件
+   ---
+   apiVersion: rbac.authorization.k8s.io/v1
+   kind: ClusterRoleBinding
+   metadata:
+     name: gzctf-crb
+   roleRef:
+     apiGroup: rbac.authorization.k8s.io
+     kind: ClusterRole
+     name: cluster-admin # 用于访问 Kubernetes API
+   subjects:
+     - kind: ServiceAccount
+       name: gzctf-sa
+       namespace: gzctf-server
    ---
    apiVersion: v1
    kind: Secret
@@ -149,6 +159,7 @@ import { Callout } from "nextra-theme-docs";
          labels:
            app: gzctf
        spec:
+         serviceAccountName: gzctf-sa
          nodeSelector:
            kubernetes.io/hostname: xxx # 指定部署节点，强制和数据库位于同一节点
          containers:
@@ -170,9 +181,6 @@ import { Callout } from "nextra-theme-docs";
                - name: gzctf-config
                  mountPath: /app/appsettings.json
                  subPath: appsettings.json
-               - name: gzctf-kube-config
-                 mountPath: /app/kube-config.yaml
-                 subPath: kube-config
              resources:
                requests:
                  cpu: 1000m
@@ -184,9 +192,6 @@ import { Callout } from "nextra-theme-docs";
            - name: gzctf-config
              configMap:
                name: gzctf-config
-           - name: gzctf-kube-config
-             secret:
-               secretName: gzctf-kube-config
    ---
    apiVersion: apps/v1
    kind: Deployment

src/GZCTF/Services/Container/Provider/KubernetesProvider.cs

@@ -50,7 +50,7 @@ public KubernetesProvider(IOptions<RegistryConfig> registry, IOptions<ContainerP
         }
         else if (KubernetesClientConfiguration.IsInCluster())
         {
-            // use ServiceAccount token if running in cluster and no kubeconfig is provided
+            // use ServiceAccount token if running in cluster and no kube-config is provided
             config = KubernetesClientConfiguration.InClusterConfig();
         }
         else