Shared logins
Two human accounts live in Keycloak's company realm and
are reused across every OIDC-protected service.
| Account | Username | Password |
|---|---|---|
| Workshop user (alice) | alice@02.ws.t9v.de | alice-demo |
| Workshop user (bob) | bob@02.ws.t9v.de | bob-demo |
| Self-hosted admin UIs | admin | demo-student01 |
Service endpoints
| Service | URL | Login |
|---|---|---|
| frps dashboard (on the VPS) | 178.105.234.81:7500 | admin / frp-student01 |
| frpc status panel (in-cluster) | frp.02.ws.t9v.de | admin / demo-student01 |
| PowerDNS-Admin | pdns.02.ws.t9v.de | admin / demo-student01 (first registration) |
| hello (cert-manager demo) | hello.02.ws.t9v.de | none |
| Traefik dashboard | traefik.02.ws.t9v.de/dashboard/ | none (workshop only) |
| echoserver | echo.02.ws.t9v.de | none |
| Keycloak (company realm) | keycloak.02.ws.t9v.de | admin / demo-student01 |
| Kubernetes API (OIDC) | k8s.02.ws.t9v.de | alice / bob via kubelogin |
| Headlamp | headlamp.02.ws.t9v.de | alice / bob (OIDC) |
| Stalwart webmail (users) | mail.02.ws.t9v.de/ | alice / bob (OIDC via Keycloak) |
| Stalwart WebAdmin (recovery) | mail.02.ws.t9v.de/admin | admin / demo-student01 |
| Garage WebUI (S3) | s3.02.ws.t9v.de | admin / demo-student01 |
| HedgeDoc | notes.02.ws.t9v.de | alice / bob (OIDC) |
| oauth2-proxy SSO demo | echo-sso.02.ws.t9v.de | alice / bob (OIDC) |
| zot container registry | registry.02.ws.t9v.de | anonymous pull / alice / bob (OIDC) for push |
| Grafana (monitoring) | grafana.02.ws.t9v.de | alice / bob (OIDC) |
All in-cluster URLs are served by your cluster via the frpc tunnel (lab02) and resolve through the authoritative DNS set up in lab05. TLS certificates come from cert-manager (lab06).
Quick reference: derived secrets
Random-looking field values are derived deterministically from
STUDENT_ID. Recompute any of them locally:
printf 'demo-student%s-<component>-<role>' "01" | sha256sum | head -c 64
See labs/credentials.txt for the full table of seed strings.