No description
  • Shell 43.4%
  • Makefile 34.6%
  • Smarty 17%
  • Nix 5%
Find a file
2026-06-26 14:42:49 +02:00
apisix feat: add Mailpit SMTP capture app 2026-06-18 14:49:32 +02:00
app-chart feat: enforce verified email in Zitadel 2026-06-18 14:49:46 +02:00
argocd chore: update zitadel controller and bootstrap releases 2026-06-26 14:21:04 +02:00
database-chart chore(deps): update ghcr.io/cloudnative-pg/postgresql docker tag to v18 2026-06-17 08:46:38 +00:00
docs fix: moving kcp workspace creation document 2026-05-28 10:20:58 +02:00
edge-connect/manifests fix: registrar trust anchor is the front-proxy issuer CA, not the leaf 2026-06-12 10:04:40 +00:00
edge-connect-cluster-controller/manifests docs: add about-me headers to cluster-controller files 2026-06-19 10:46:43 +02:00
edge-connect-kcp-controllers-cluster/manifests fix: to be revisited. Overshoot permissions 2026-06-21 21:26:41 +02:00
edge-connect-kcp-controllers-rbac/manifests fix: privileges for workspace controller 2026-06-19 18:20:32 +02:00
edge-connect-kcp-controllers-tenant/manifests fix: removed identity creation by manifest 2026-06-02 14:54:16 +02:00
edge-connect-kcp-orgs/manifests feat: added rbac for workspace controller in :root:orgs 2026-06-15 11:05:59 +02:00
example chore: updated gisela org 2026-06-21 19:54:15 +02:00
hack feat: renamed zitadel actions controller to config controller 2026-06-24 17:19:21 +02:00
kcp feat: added rbac controller 2026-06-19 17:53:44 +02:00
kcp-admin-kubeconfig/manifests feat: added rbac controller 2026-06-19 17:53:44 +02:00
kcp-controllers-rbac-workspace feat: added rbac controller 2026-06-19 17:53:44 +02:00
kcp-controllers-workspaces docs: add about-me headers to cluster-controller files 2026-06-19 10:46:43 +02:00
kcp-controllers-workspaces-bootstrap feat: added selfsubject review for authenticated users into contreollers worksapace 2026-05-15 16:02:39 +02:00
kcp-workspaces feat: added kcp workspaces 2026-05-07 10:32:10 +02:00
mailpit-chart feat: add Mailpit SMTP capture app 2026-06-18 14:49:32 +02:00
opa chore(deps): update openpolicyagent/opa docker tag to v1 2026-06-17 08:43:57 +00:00
provider-controller/manifests feat: deploy provider-controller (host side) 2026-06-18 10:44:42 +02:00
rbac-controller/manifests feat: added rbac controller 2026-06-19 17:53:44 +02:00
workspace-controller/manifests fix: added nullbytepolicy to external secrets so argo does not show diff 2026-06-03 10:49:45 +02:00
zitadel-admin-pat feat: added iam-admin secret 2026-04-24 17:30:54 +02:00
zitadel-config-controller/manifests feat: renamed zitadel actions controller to config controller 2026-06-24 17:19:21 +02:00
zitadel-controller-manager/manifests fix: added nullbytepolicy to external secrets so argo does not show diff 2026-06-03 10:49:45 +02:00
.envrc chore: flake setup 2026-05-27 08:30:54 +00:00
.gitignore feat: generate kubeconfig for local tenant 2026-06-16 17:36:26 +02:00
apisix-values-dev.yaml fix: added tls route 2026-04-27 10:09:50 +02:00
apisix-values-local.yaml feat: support local OIDC gateway testing 2026-06-05 14:16:11 +02:00
cluster-controller-kcp-values-dev.yaml feat: add static identity to cluster-controller-kcp dev values 2026-06-19 11:17:02 +02:00
cluster-controller-values-dev.yaml chore: bump cluster-controller to v0.0.3 2026-06-19 10:52:27 +02:00
create-user.sh added create-user.sh 2026-05-06 12:53:51 +02:00
edge-connect-bff-values-dev.yaml chore: bump BFF to 0.8.0, FE to 0.1.4, tenant-cm to 0.2.27 2026-06-21 23:24:14 +02:00
edge-connect-bff-values-local.yaml chore: bump BFF to 0.8.0, FE to 0.1.4, tenant-cm to 0.2.27 2026-06-21 23:24:14 +02:00
edge-connect-web-values-dev.yaml chore: bumped FE 2026-06-22 10:48:56 +02:00
edge-connect-web-values-local.yaml chore: bumped FE 2026-06-22 10:48:56 +02:00
flake.lock chore: flake setup 2026-05-27 08:30:54 +00:00
flake.nix feat: generate kubeconfig for local tenant 2026-06-16 17:36:26 +02:00
kcp-values-dev.yaml fix: externalUrl as kcp self call url 2026-06-03 10:24:23 +02:00
mailpit-values-dev.yaml feat: add Mailpit SMTP capture app 2026-06-18 14:49:32 +02:00
mailpit-values-local.yaml feat: add Mailpit SMTP capture app 2026-06-18 14:49:32 +02:00
Makefile feat: renamed zitadel actions controller to config controller 2026-06-24 17:19:21 +02:00
provider-controller-values-dev.yaml chore: bumped 2026-06-21 22:32:01 +02:00
rbac-controller-kcp-values-dev.yaml feat: added rbac controller 2026-06-19 17:53:44 +02:00
rbac-controller-kcp-values-local.yaml feat: added rbac controller 2026-06-19 17:53:44 +02:00
rbac-controller-values-dev.yaml chore: pin rbac-controller to 0.0.1 2026-06-19 18:06:52 +02:00
rbac-controller-values-local.yaml chore: pin rbac-controller to 0.0.1 2026-06-19 18:06:52 +02:00
README.md feat: added guide to create clusteradmin kubeconfig 2026-04-20 10:18:48 +02:00
renovate.json Add renovate.json 2026-06-02 12:18:30 +00:00
tenant-cm-tenant-controller-apibinding-values-dev.yaml fix: pin tenant API identities 2026-06-05 14:16:21 +02:00
tenant-cm-tenant-controller-apibinding-values-local.yaml fix: pin tenant API identities 2026-06-05 14:16:21 +02:00
tenant-cm-tenant-controller-apiexport-values-dev.yaml fix: introduced static identities for controllers 2026-06-02 14:48:56 +02:00
tenant-cm-tenant-controller-apiexport-values-local.yaml fix: pin tenant API identities 2026-06-05 14:16:21 +02:00
tenant-cm-tenantpolicy-controller-apiexport-values-dev.yaml fix: introduced static identities for controllers 2026-06-02 14:48:56 +02:00
tenant-cm-tenantpolicy-controller-apiexport-values-local.yaml fix: pin tenant API identities 2026-06-05 14:16:21 +02:00
tenant-controller-values-dev.yaml fix: secret naming 2026-05-15 11:49:38 +02:00
tenant-controller-values-local.yaml fix: mount local Zitadel CA for workspace auth 2026-06-11 11:20:08 +00:00
workspace-controller-kcp-values-dev.yaml chore: bump workspace-controller to v0.0.9 2026-06-11 15:43:17 +00:00
workspace-controller-kcp-values-local.yaml feat: add workspace-controller local override 2026-06-19 15:54:57 +02:00
workspace-controller-values-dev.yaml feat: added binding of clusterrolebinding 2026-06-19 18:14:15 +02:00
workspace-controller-values-local.yaml feat: added binding of clusterrolebinding 2026-06-19 18:14:15 +02:00
zitadel-actions-webhook-values-dev.yaml chore: bump zitadel-actions controller and webhook to 0.0.16 2026-06-21 19:46:23 +02:00
zitadel-actions-webhook-values-local.yaml chore: use released zitadel actions images locally 2026-06-23 17:24:52 +02:00
zitadel-bootstrap-values-dev.yaml feat: renamed zitadel actions controller to config controller 2026-06-24 17:19:21 +02:00
zitadel-bootstrap-values-local.yaml feat: renamed zitadel actions controller to config controller 2026-06-24 17:19:21 +02:00
zitadel-config-controller-values-dev.yaml chore: shorter name overrides for zitadel-config-controller 2026-06-26 14:42:49 +02:00
zitadel-config-controller-values-local.yaml chore: shorter name overrides for zitadel-config-controller 2026-06-26 14:42:49 +02:00
zitadel-database-values-dev.yaml fix: moved storage class out of default helm values 2026-05-27 08:30:54 +00:00
zitadel-database-values-local.yaml fix: moved storage class out of default helm values 2026-05-27 08:30:54 +00:00
zitadel-ssoconfig-controller-kcp-values-dev.yaml fix: introduced static identities for controllers 2026-06-02 14:48:56 +02:00
zitadel-ssoconfig-controller-values-dev.yaml feat: enforce verified email in Zitadel 2026-06-18 14:49:46 +02:00
zitadel-ssoconfig-controller-values-local.yaml feat: enforce verified email in Zitadel 2026-06-18 14:49:46 +02:00
zitadel-user-controller-kcp-values-dev.yaml fix: introduced static identities for controllers 2026-06-02 14:48:56 +02:00
zitadel-user-controller-values-dev.yaml feat: enforce verified email in Zitadel 2026-06-18 14:49:46 +02:00
zitadel-user-controller-values-local.yaml feat: enforce verified email in Zitadel 2026-06-18 14:49:46 +02:00
zitadel-values-dev.yaml feat: zitadel config as configmap 2026-06-24 18:06:48 +02:00
zitadel-values-local.yaml feat: zitadel config as configmap 2026-06-24 18:06:48 +02:00

Retrieve KCP Clusteradmin cert

Wait until certificate generate from kcp/base/clusteradmin.yaml is deployed then execute

export KCP_EXTERNAL_HOSTNAME=kcp.dev.t09.de
export KCP_PORT=6443
kubectl get secret -n core-kcp-dev kcp-dev-front-proxy-cert -o=jsonpath='{.data.tls\.crt}' | base64 -d > ca.crt
kubectl get secret -n core-kcp-dev cluster-admin-client-cert -o=jsonpath='{.data.tls\.crt}' | base64 -d > client.crt
kubectl get secret -n core-kcp-dev cluster-admin-client-cert -o=jsonpath='{.data.tls\.key}' | base64 -d > client.key
chmod 600 client.crt client.key
kubectl --kubeconfig=admin.kubeconfig config set-cluster base --server https://$KCP_EXTERNAL_HOSTNAME:$KCP_PORT --certificate-authority=ca.crt
kubectl --kubeconfig=admin.kubeconfig config set-cluster root --server https://$KCP_EXTERNAL_HOSTNAME:$KCP_PORT/clusters/root --certificate-authority=ca.crt
kubectl --kubeconfig=admin.kubeconfig config set-credentials kcp-admin --client-certificate=client.crt --client-key=client.key
kubectl --kubeconfig=admin.kubeconfig config set-context base --cluster=base --user=kcp-admin
kubectl --kubeconfig=admin.kubeconfig config set-context root --cluster=root --user=kcp-admin
kubectl --kubeconfig=admin.kubeconfig config use-context root
rm ca.crt client.crt client.key