Add spec.tls field to UpstreamOIDCProvider API.

This allows for a custom CA bundle to be used when connecting to the upstream issuer. Signed-off-by: Matt Moyer <moyerm@vmware.com>
2026-01-07 14:05:50 +00:00 · 2020-11-16 14:42:43 -06:00
parent b17ac6ec0b
commit e867fb82b9
18 changed files with 213 additions and 0 deletions
--- a/deploy/supervisor/idp.supervisor.pinniped.dev_upstreamoidcproviders.yaml
+++ b/deploy/supervisor/idp.supervisor.pinniped.dev_upstreamoidcproviders.yaml
@@ -98,6 +98,15 @@ spec:
                minLength: 1
                pattern: ^https://
                type: string
+              tls:
+                description: TLS configuration for discovery/JWKS requests to the
+                  issuer.
+                properties:
+                  certificateAuthorityData:
+                    description: X.509 Certificate Authority (base64-encoded PEM bundle).
+                      If omitted, a default set of system roots will be trusted.
+                    type: string
+                type: object
            required:
            - client
            - issuer