chore: add comment to newly introduced API and remove newline

aaronschweig · aaronschweig · commit 97e19ba71ae3 · 2025-09-02T09:03:16.000+02:00
Signed-off-by: aaronschweig &lt;aaron.schweig@gmail.com&gt;
diff --git a/config/crd/bases/operator.kcp.io_frontproxies.yaml b/config/crd/bases/operator.kcp.io_frontproxies.yaml
@@ -91,6 +91,9 @@ spec:
                     description: 'Optional: OIDC configures OpenID Connect Authentication.'
                     properties:
                       caFileRef:
+                        description: |-
+                          Optionally provides a reference to a secret that contains a CA bundle for the OIDC issuer. This is useful when
+                          the OIDC issuer is not publicly trusted.
                         properties:
                           key:
                             description: Key is the key in the secret that contains
diff --git a/config/crd/bases/operator.kcp.io_rootshards.yaml b/config/crd/bases/operator.kcp.io_rootshards.yaml
@@ -134,6 +134,9 @@ spec:
                     description: 'Optional: OIDC configures OpenID Connect Authentication.'
                     properties:
                       caFileRef:
+                        description: |-
+                          Optionally provides a reference to a secret that contains a CA bundle for the OIDC issuer. This is useful when
+                          the OIDC issuer is not publicly trusted.
                         properties:
                           key:
                             description: Key is the key in the secret that contains
diff --git a/config/crd/bases/operator.kcp.io_shards.yaml b/config/crd/bases/operator.kcp.io_shards.yaml
@@ -134,6 +134,9 @@ spec:
                     description: 'Optional: OIDC configures OpenID Connect Authentication.'
                     properties:
                       caFileRef:
+                        description: |-
+                          Optionally provides a reference to a secret that contains a CA bundle for the OIDC issuer. This is useful when
+                          the OIDC issuer is not publicly trusted.
                         properties:
                           key:
                             description: Key is the key in the secret that contains
diff --git a/internal/resources/utils/authentication.go b/internal/resources/utils/authentication.go
@@ -73,11 +73,8 @@ func applyOIDCConfiguration(deployment *appsv1.Deployment, config operatorv1alph
 			MountPath: "/etc/kcp/tls/oidc",
 			ReadOnly:  true,
 		})
-
 	}
 
-	// TODO(mjudeikis): Add support for  when OIDC is not publically trusted --oidc-ca-file=/etc/kcp/tls/oidc/<ca-secret-name>
-
 	podSpec.Containers[0].Args = append(podSpec.Containers[0].Args, extraArgs...)
 	deployment.Spec.Template.Spec = podSpec
 
diff --git a/sdk/apis/operator/v1alpha1/common.go b/sdk/apis/operator/v1alpha1/common.go
@@ -380,6 +380,8 @@ type OIDCConfiguration struct {
 	// on the OIDC side will be recognised as "oidc:user@example.com" in KCP.
 	UsernamePrefix string `json:"usernamePrefix,omitempty"`
 
+	// Optionally provides a reference to a secret that contains a CA bundle for the OIDC issuer. This is useful when
+	// the OIDC issuer is not publicly trusted.
 	CAFileRef *OIDCCAFileRef `json:"caFileRef,omitempty"`
 }
 

Original file line number	Diff line number	Diff line change
`@@ -380,6 +380,8 @@ type OIDCConfiguration struct {`
`380`	`380`	`// on the OIDC side will be recognised as "oidc:[email protected]" in KCP.`
`381`	`381`	UsernamePrefix string `json:"usernamePrefix,omitempty"`
`382`	`382`
	`383`	`+ // Optionally provides a reference to a secret that contains a CA bundle for the OIDC issuer. This is useful when`
	`384`	`+ // the OIDC issuer is not publicly trusted.`
`383`	`385`	CAFileRef *OIDCCAFileRef `json:"caFileRef,omitempty"`
`384`	`386`	`}`
`385`	`387`