Description

The existing oidcSetupController logic assumes a single OIDC provider and performs reconciliation accordingly. To support multiple external OIDC providers, this controller must be updated to correctly reconcile additions, removals, and updates across multiple providers.

Scope

• Refactor oidcSetupController to:
  • Handle multiple OIDC providers deterministically
  • Track changes across providers
  • Reconcile ConfigMaps, secrets, and CA references correctly

• Ensure safe updates on provider changes (no stale configs)

• Feature-gate all behavior

Acceptance Criteria

• oidcSetupController supports multiple OIDC providers

• Provider add/remove/update triggers correct reconciliation

• Secrets and CA references are handled per provider

• No reliance on “first provider wins” logic

• Behavior is gated by ExternalOIDCMultipleIdPs

Non-Goals

• Auth flow changes in Console

• UI behavior changes

• Supporting multiple providers without the feature gate