fix: also allow kubectl client id to authenticate in workspace (#120)

* fix: also allow kubectl client id to authenticate in workspace

* chore: also upgrade chart version

Author: aaronschweig

internal/subroutine/manifests/organizationIdp/repository.yaml

@@ -7,4 +7,4 @@ spec:
   interval: 5m
   url: oci://ghcr.io/platform-mesh/helm-charts/organization-idp
   ref:
-    semver: "0.3.0"
+    semver: "0.4.0"

internal/subroutine/worksapce_authorization.go

@@ -69,7 +69,7 @@ func (r *workspaceAuthSubroutine) Process(ctx context.Context, instance runtimeo
 					Issuer: kcptenancyv1alphav1.Issuer{
 						URL:                 fmt.Sprintf("https://%s/keycloak/realms/%s", r.cfg.BaseDomain, workspaceName),
 						AudienceMatchPolicy: kcptenancyv1alphav1.AudienceMatchPolicyMatchAny,
-						Audiences:           []string{workspaceName},
+						Audiences:           []string{workspaceName, "kubectl"},
 					},
 					ClaimMappings: kcptenancyv1alphav1.ClaimMappings{
 						Groups: kcptenancyv1alphav1.PrefixedClaimOrExpression{