diff --git a/api/v1alpha1/docs/apiref.adoc b/api/v1alpha1/docs/apiref.adoc
index ec66d323..1cd03f22 100644
--- a/api/v1alpha1/docs/apiref.adoc
+++ b/api/v1alpha1/docs/apiref.adoc
@@ -3063,22 +3063,6 @@ Supported condition types: ConditionReady + |  |
 |===
 
 
-[id="{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-tlsvalidation"]
-==== TLSValidation
-
-_Underlying type:_ _string_
-
-
-
-
-
-.Appears In:
-****
-- xref:{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-toolchainclusterspec[$$ToolchainClusterSpec$$]
-****
-
-
-
 [id="{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-tiertemplate"]
 ==== TierTemplate
 
@@ -3354,27 +3338,13 @@ ToolchainClusterSpec defines the desired state of ToolchainCluster
 hostname:port, IP or IP:port. +
 
 
-Be aware that this field is going to be replaced with +
-the Status.APIEndpoint in the future. + |  | 
-| *`caBundle`* __string__ | CABundle contains the certificate authority information. +
+Be aware that this is kept in the spec only for compatibility reasons +
+and doesn't serve any purpose. Use the Status.APIEndpoint instead. +
 
 
-Note that this is going to be deprecated and removed. It will be replaced by a field in +
-the kubecondig of the connection secret + |  | 
-| *`secretRef`* __xref:{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-localsecretreference[$$LocalSecretReference$$]__ | Name of the secret containing the token required to access the +
-member cluster. The secret needs to exist in the same namespace +
-as the control plane and should have a "token" key. +
-
-
-In the near future, the secret will contain the whole kubeconfig required to connect +
+Deprecated: This is not used for anything. + |  | 
+| *`secretRef`* __xref:{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-localsecretreference[$$LocalSecretReference$$]__ | Name of the secret containing the kubeconfig required to connect +
 to the cluster. + |  | 
-| *`disabledTLSValidations`* __xref:{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-tlsvalidation[$$TLSValidation$$] array__ | DisabledTLSValidations defines a list of checks to ignore when validating +
-the TLS connection to the member cluster.  This can be any of *, SubjectName, or ValidityPeriod. +
-If * is specified, it is expected to be the only option in list. +
-
-
-Note that this is going to be deprecated and removed. It will be replaced by +
-the kubeconfig stored in the connection secret. + |  | 
 |===
 
 
diff --git a/api/v1alpha1/toolchaincluster_types.go b/api/v1alpha1/toolchaincluster_types.go
index fa8b5bb4..c30ad46e 100644
--- a/api/v1alpha1/toolchaincluster_types.go
+++ b/api/v1alpha1/toolchaincluster_types.go
@@ -21,49 +21,22 @@ const (
 	ToolchainClusterLabel = LabelKeyPrefix + "toolchain-cluster"
 )
 
-type TLSValidation string
-
-const (
-	TLSAll            TLSValidation = "*"
-	TLSSubjectName    TLSValidation = "SubjectName"
-	TLSValidityPeriod TLSValidation = "ValidityPeriod"
-)
-
 // ToolchainClusterSpec defines the desired state of ToolchainCluster
 // +k8s:openapi-gen=true
 type ToolchainClusterSpec struct {
 	// The API endpoint of the member cluster. This can be a hostname,
 	// hostname:port, IP or IP:port.
 	//
-	// Be aware that this field is going to be replaced with
-	// the Status.APIEndpoint in the future.
-	APIEndpoint string `json:"apiEndpoint"`
-
-	// CABundle contains the certificate authority information.
-	// +optional
+	// Be aware that this is kept in the spec only for compatibility reasons
+	// and doesn't serve any purpose. Use the Status.APIEndpoint instead.
 	//
-	// Note that this is going to be deprecated and removed. It will be replaced by a field in
-	// the kubecondig of the connection secret
-	CABundle string `json:"caBundle,omitempty"`
+	// Deprecated: This is not used for anything.
+	// +optional
+	APIEndpoint string `json:"apiEndpoint,omitempty"`
 
-	// Name of the secret containing the token required to access the
-	// member cluster. The secret needs to exist in the same namespace
-	// as the control plane and should have a "token" key.
-	//
-	// In the near future, the secret will contain the whole kubeconfig required to connect
+	// Name of the secret containing the kubeconfig required to connect
 	// to the cluster.
 	SecretRef LocalSecretReference `json:"secretRef"`
-
-	// DisabledTLSValidations defines a list of checks to ignore when validating
-	// the TLS connection to the member cluster.  This can be any of *, SubjectName, or ValidityPeriod.
-	// If * is specified, it is expected to be the only option in list.
-	//
-	// Note that this is going to be deprecated and removed. It will be replaced by
-	// the kubeconfig stored in the connection secret.
-	//
-	// +optional
-	// +listType=set
-	DisabledTLSValidations []TLSValidation `json:"disabledTLSValidations,omitempty"`
 }
 
 // LocalSecretReference is a reference to a secret within the enclosing
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index 5df3a56c..3ebacf6e 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -3211,7 +3211,7 @@ func (in *ToolchainCluster) DeepCopyInto(out *ToolchainCluster) {
 	*out = *in
 	out.TypeMeta = in.TypeMeta
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	in.Spec.DeepCopyInto(&out.Spec)
+	out.Spec = in.Spec
 	in.Status.DeepCopyInto(&out.Status)
 }
 
@@ -3294,11 +3294,6 @@ func (in *ToolchainClusterList) DeepCopyObject() runtime.Object {
 func (in *ToolchainClusterSpec) DeepCopyInto(out *ToolchainClusterSpec) {
 	*out = *in
 	out.SecretRef = in.SecretRef
-	if in.DisabledTLSValidations != nil {
-		in, out := &in.DisabledTLSValidations, &out.DisabledTLSValidations
-		*out = make([]TLSValidation, len(*in))
-		copy(*out, *in)
-	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ToolchainClusterSpec.
diff --git a/api/v1alpha1/zz_generated.openapi.go b/api/v1alpha1/zz_generated.openapi.go
index 9ef0afce..2e69ff82 100644
--- a/api/v1alpha1/zz_generated.openapi.go
+++ b/api/v1alpha1/zz_generated.openapi.go
@@ -4593,48 +4593,20 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterSpec(ref common
 				Properties: map[string]spec.Schema{
 					"apiEndpoint": {
 						SchemaProps: spec.SchemaProps{
-							Description: "The API endpoint of the member cluster. This can be a hostname, hostname:port, IP or IP:port.\n\nBe aware that this field is going to be replaced with the Status.APIEndpoint in the future.",
-							Default:     "",
-							Type:        []string{"string"},
-							Format:      "",
-						},
-					},
-					"caBundle": {
-						SchemaProps: spec.SchemaProps{
-							Description: "CABundle contains the certificate authority information.\n\nNote that this is going to be deprecated and removed. It will be replaced by a field in the kubecondig of the connection secret",
+							Description: "The API endpoint of the member cluster. This can be a hostname, hostname:port, IP or IP:port.\n\nBe aware that this is kept in the spec only for compatibility reasons and doesn't serve any purpose. Use the Status.APIEndpoint instead.\n\nDeprecated: This is not used for anything.",
 							Type:        []string{"string"},
 							Format:      "",
 						},
 					},
 					"secretRef": {
 						SchemaProps: spec.SchemaProps{
-							Description: "Name of the secret containing the token required to access the member cluster. The secret needs to exist in the same namespace as the control plane and should have a \"token\" key.\n\nIn the near future, the secret will contain the whole kubeconfig required to connect to the cluster.",
+							Description: "Name of the secret containing the kubeconfig required to connect to the cluster.",
 							Default:     map[string]interface{}{},
 							Ref:         ref("github.com/codeready-toolchain/api/api/v1alpha1.LocalSecretReference"),
 						},
 					},
-					"disabledTLSValidations": {
-						VendorExtensible: spec.VendorExtensible{
-							Extensions: spec.Extensions{
-								"x-kubernetes-list-type": "set",
-							},
-						},
-						SchemaProps: spec.SchemaProps{
-							Description: "DisabledTLSValidations defines a list of checks to ignore when validating the TLS connection to the member cluster.  This can be any of *, SubjectName, or ValidityPeriod. If * is specified, it is expected to be the only option in list.\n\nNote that this is going to be deprecated and removed. It will be replaced by the kubeconfig stored in the connection secret.",
-							Type:        []string{"array"},
-							Items: &spec.SchemaOrArray{
-								Schema: &spec.Schema{
-									SchemaProps: spec.SchemaProps{
-										Default: "",
-										Type:    []string{"string"},
-										Format:  "",
-									},
-								},
-							},
-						},
-					},
 				},
-				Required: []string{"apiEndpoint", "secretRef"},
+				Required: []string{"secretRef"},
 			},
 		},
 		Dependencies: []string{