- Make tool downloads platform-aware (darwin/linux, arm64/amd64)
- Add buildctl to bundled tools
- Add get_infra_dir() with config fallback for REPO_ROOT resolution
- Add ACME email to sunbeam config (set/get)
- Add REGISTRY_HOST_IP substitution in kustomize builds
- Update Kratos admin identity schema to employee
- Fix logs command to use production tunnel and context
- secrets.py: seed secret/meet (django-secret-key, application-jwt-secret-key)
- images.py: add sunbeam build meet (meet-backend + meet-frontend from source)
- kube.py: production SSH tunnel support, domain discovery from cluster, cmd_bao
- gitea.py: configure Hydra as OIDC auth source; mark admin account as private
- services.py: minor VSO sync status and services list fixes
- users.py: add cmd_user_enable
kube.py: kube_exec now accepts an optional container= kwarg so callers
can target a specific container in Linkerd-injected pods (where exec
would otherwise land in the linkerd-proxy sidecar instead of the app).
Used by check_valkey (container="valkey") and check_openbao
(container="openbao").
kube.py + cli.py: new cmd_k8s / sunbeam k8s verb — transparent
kubectl --context=sunbeam passthrough for one-off cluster operations.
Returns kubectl's exit code directly.
