public sealed class AttachedOidcConfig : IMessage<AttachedOidcConfig>, IEquatable<AttachedOidcConfig>, IDeepCloneable<AttachedOidcConfig>, IBufferMessage, IMessage
Reference documentation and code samples for the Anthos Multi-Cloud v1 API class AttachedOidcConfig.
OIDC discovery information of the target cluster.
Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster
API server. This fields indicates how Google Cloud Platform services
validate KSA tokens in order to allow system workloads (such as GKE Connect
and telemetry agents) to authenticate back to Google Cloud Platform.
Both clusters with public and private issuer URLs are supported.
Clusters with public issuers only need to specify the issuer_url field
while clusters with private issuers need to provide both
issuer_url and oidc_jwks.
Optional. OIDC verification keys in JWKS format (RFC 7517).
It contains a list of OIDC verification keys that can be used to verify
OIDC JWTs.
This field is required for cluster that doesn't have a publicly available
discovery endpoint. When provided, it will be directly used
to verify the OIDC JWT asserted by the IDP.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThis document provides reference documentation for the \u003ccode\u003eAttachedOidcConfig\u003c/code\u003e class within the Anthos Multi-Cloud v1 API, specifically version 2.3.0.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eAttachedOidcConfig\u003c/code\u003e contains OpenID Connect (OIDC) discovery information for target clusters, which facilitates the validation of Kubernetes Service Account (KSA) tokens by Google Cloud Platform services.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eAttachedOidcConfig\u003c/code\u003e class supports both public and private issuer URLs, with the \u003ccode\u003eissuer_url\u003c/code\u003e field being necessary for public issuers and both \u003ccode\u003eissuer_url\u003c/code\u003e and \u003ccode\u003eoidc_jwks\u003c/code\u003e required for private issuers.\u003c/p\u003e\n"],["\u003cp\u003eThe class implements \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, \u003ccode\u003eIDeepCloneable\u003c/code\u003e, \u003ccode\u003eIBufferMessage\u003c/code\u003e, and \u003ccode\u003eIMessage\u003c/code\u003e interfaces and inherits from object.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eAttachedOidcConfig\u003c/code\u003e class has two properties: \u003ccode\u003eIssuerUrl\u003c/code\u003e, a required string representing the JWT issuer URI, and \u003ccode\u003eJwks\u003c/code\u003e, an optional \u003ccode\u003eByteString\u003c/code\u003e for OIDC verification keys in JWKS format.\u003c/p\u003e\n"]]],[],null,[]]
