@@ -350,6 +350,87 @@ spec:
350350 not to enable the Pod Security Policy admission controller.
351351 type : boolean
352352 type : object
353+ openIdConnectDiscovery :
354+ description : OpenIDConnectDiscovery specifies OIDC discovery settings
355+ properties :
356+ isOpenIdConnectDiscoveryEnabled :
357+ description : IsOpenIDConnectDiscoveryEnabled defines whether
358+ or not to enable the OIDC discovery.
359+ type : boolean
360+ type : object
361+ openIdConnectTokenAuthenticationConfig :
362+ description : OpenIDConnectTokenAuthenticationConfig
363+ properties :
364+ caCertificate :
365+ description : A Base64 encoded public RSA or ECDSA certificates
366+ used to sign your identity provider's web certificate.
367+ type : string
368+ clientId :
369+ description : A client id that all tokens must be issued for.
370+ type : string
371+ groupsClaim :
372+ description : JWT claim to use as the user's group. If the
373+ claim is present it must be an array of strings.
374+ type : string
375+ groupsPrefix :
376+ description : Prefix prepended to group claims to prevent clashes
377+ with existing names (such as system:groups).
378+ type : string
379+ isOpenIdConnectAuthEnabled :
380+ description : IsOpenIdConnectAuthEnabled defines whether or
381+ not to enable the OIDC authentication.
382+ type : boolean
383+ issuerUrl :
384+ description : URL of the provider that allows the API server
385+ to discover public signing keys. Only URLs that use the
386+ https:// scheme are accepted. This is typically the provider's
387+ discovery URL, changed to have an empty path.
388+ type : string
389+ requiredClaims :
390+ description : A key=value pair that describes a required claim
391+ in the ID Token. If set, the claim is verified to be present
392+ in the ID Token with a matching value. Repeat this flag
393+ to specify multiple claims.
394+ items :
395+ description : KeyValue The properties that define a key value
396+ pair.
397+ properties :
398+ key :
399+ description : The key of the pair.
400+ type : string
401+ value :
402+ description : The value of the pair.
403+ type : string
404+ required :
405+ - key
406+ - value
407+ type : object
408+ type : array
409+ signingAlgorithms :
410+ description : The signing algorithms accepted. Default is ["RS256"].
411+ items :
412+ type : string
413+ type : array
414+ usernameClaim :
415+ description : JWT claim to use as the user name. By default
416+ sub, which is expected to be a unique identifier of the
417+ end user. Admins can choose other claims, such as email
418+ or name, depending on their provider. However, claims other
419+ than email will be prefixed with the issuer URL to prevent
420+ naming clashes with other plugins.
421+ type : string
422+ usernamePrefix :
423+ description : ' Prefix prepended to username claims to prevent
424+ clashes with existing names (such as system:users). For
425+ example, the value oidc: will create usernames like oidc:jane.doe.
426+ If this flag isn'' t provided and --oidc-username-claim is
427+ a value other than email the prefix defaults to ( Issuer
428+ URL )# where ( Issuer URL ) is the value of --oidc-issuer-url.
429+ The value - can be used to disable all prefixing.'
430+ type : string
431+ required :
432+ - isOpenIdConnectAuthEnabled
433+ type : object
353434 type : object
354435 clusterPodNetworkOptions :
355436 description : ClusterPodNetworkOptions defines the available CNIs and
0 commit comments