You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: static/api-specs/crd-api.md
+3Lines changed: 3 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -116,7 +116,9 @@ _Appears in:_
116
116
|`issuer`_string_| Issuer is the OIDC issuer URL || Required: \{\} <br /> |
117
117
|`audience`_string_| Audience is the expected audience for the token |||
118
118
|`jwksUrl`_string_| JWKSURL is the URL to fetch the JWKS from |||
119
+
|`introspectionUrl`_string_| IntrospectionURL is the URL for token introspection endpoint |||
119
120
|`clientId`_string_| ClientID is deprecated and will be removed in a future release. |||
121
+
|`clientSecret`_string_| ClientSecret is the client secret for introspection (optional) |||
120
122
|`thvCABundlePath`_string_| ThvCABundlePath is the path to CA certificate bundle file for HTTPS requests<br />The file must be mounted into the pod (e.g., via ConfigMap or Secret volume) |||
121
123
|`jwksAuthTokenPath`_string_| JWKSAuthTokenPath is the path to file containing bearer token for JWKS/OIDC requests<br />The file must be mounted into the pod (e.g., via Secret volume) |||
122
124
|`jwksAllowPrivateIP`_boolean_| JWKSAllowPrivateIP allows JWKS/OIDC endpoints on private IP addresses<br />Use with caution - only enable for trusted internal IDPs | false ||
@@ -140,6 +142,7 @@ _Appears in:_
140
142
|`audience`_string_| Audience is the expected audience for the token | toolhive ||
141
143
|`issuer`_string_| Issuer is the OIDC issuer URL |https://kubernetes.default.svc||
142
144
|`jwksUrl`_string_| JWKSURL is the URL to fetch the JWKS from<br />If empty, OIDC discovery will be used to automatically determine the JWKS URL |||
145
+
|`introspectionUrl`_string_| IntrospectionURL is the URL for token introspection endpoint<br />If empty, OIDC discovery will be used to automatically determine the introspection URL |||
143
146
|`useClusterAuth`_boolean_| UseClusterAuth enables using the Kubernetes cluster's CA bundle and service account token<br />When true, uses /var/run/secrets/kubernetes.io/serviceaccount/ca.crt for TLS verification<br />and /var/run/secrets/kubernetes.io/serviceaccount/token for bearer token authentication<br />Defaults to true if not specified |||
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments