10-clusteropenidconnectpreset.yaml

# ClusterOpenIDConnectPreset is a OpenID Connect configuration that is applied to a Shoot objects cluster-wide.
---
apiVersion: settings.gardener.cloud/v1alpha1
kind: ClusterOpenIDConnectPreset
metadata:
  name:  example-preset
spec:
  shootSelector: # use {} to select all Shoots in a matched namespace
    matchExpressions:
    - {key: oidc, operator: In, values: [enabled]}
  projectSelector: # use {} to select all Projects
    matchExpressions:
    - {key: global-oidc, operator: In, values: [enabled]}
  server:
    clientID: client-id
    issuerURL: https://identity.example.com
    # caBundle: |
    #   -----BEGIN CERTIFICATE-----
    #   Li4u
    #   -----END CERTIFICATE-----
    # groupsClaim: groups-claim
    # groupsPrefix: groups-prefix
    # usernameClaim: username-claim
    # usernamePrefix: username-prefix
    # signingAlgs:
    # - RS256
    # requiredClaims:
    #   key: value
  client:
    secret: oidc-client-secret
    extraConfig:
      extra-scopes: email,offline_access,profile
      foo: bar
  weight: 90 # value from 1 to 100