Release 0.17.3
This patch release makes the console’s OIDC redirect URI configurable and lets you import custom CA certificates into the API’s default truststore.
Installation
Section titled “Installation”For new installations, see the Installation guide.
For upgrading existing installations, see the associated Upgrading to 0.17.x guide.
Configurable OIDC redirect URI
Section titled “Configurable OIDC redirect URI”The console’s OIDC redirect URI is now configurable through console.config.security.oidc.redirectUri.
It defaults to the current origin,
so existing installations are unaffected,
and you can set it to a full URI when your provider requires a dedicated callback path.
Custom CA certificates
Section titled “Custom CA certificates”Custom CA certificates can now be imported into the API’s default truststore.
Provide the PEM-encoded certificates in a Kubernetes Secret and reference it through api.config.tls.customCaCertificates.secretName,
and the API merges them into the JVM’s default truststore on startup.
This resolves PKIX path building failed errors when the OIDC provider or another TLS endpoint uses a private or internal CA.
Release notes
Section titled “Release notes”For a full list of changes, see the Changelog.

