Skip to main content
logoTetrate Service BridgeVersion: next

OIDC

Configuration for creating OIDC configuration in Service Bridge for API users.

OIDC

OIDC represents an OpenID Connect (OIDC) configuration that can be used to authenticate users in Service Bridge. Multiple OIDC configurations can be created to support different identity providers.

The OIDC configuration contains the settings for the OIDC provider and the client secret used to authenticate with the provider. The secret must be base64 encoded. Note that the secret is not stored in the database; it is securely stored in the Kubernetes cluster as a Secret resource.

The following example creates an OIDC configuration named corporate-idp.

apiVersion: api.tsb.tetrate.io/v2
kind: OIDC
metadata:
  name: corporate-idp
  organization: myorg
spec:
  config:
    clientId: my-client-id
    issuer: https://idp.example.com
    redirectUri: https://tsb.example.com/v2/oidc/callback
    providerConfig:
      dynamic:
        configurationUri: https://corporate.idp.com/.well-known/openid-configuration
  secret: bXktY2xpZW50LXNlY3JldA==
FieldDescriptionValidation Rule

deletionProtectionEnabled

bool
When set, prevents the resource from being deleted. In order to delete the resource this property needs to be set to false first.

configGenerationMetadata

tetrateio.api.tsb.types.v2.ConfigGenerationMetadata
Default metadata values that will be propagated to the children Istio generated configurations. When using YAML APIs like tctl or gitops, put them into the metadata.labels or metadata.annotations instead. This field is only necessary when using gRPC APIs directly.

config

tetrateio.api.install.managementplane.v1alpha1.OIDCSettings
REQUIRED
OIDC settings for the OIDC provider.

secret

string
REQUIRED
Base64 encoded client secret for the OIDC provider.

string = {
  pattern: ^[A-Za-z0-9+/]*={0,2}$
}