OIDC settings in Helm
Configure OIDC settings for the Gloo UI in Helm so that your settings remain even after version upgrades. You can also persist the OIDC sessions in a Redis instance by configuring Helm values.
Configure OIDC values in your Gloo Mesh deployment
You can configure the OIDC values for the Gloo UI when you install Gloo Mesh via Helm. This way, when you manage your releases through the
helm upgrade process, your
Dashboard custom resource settings are kept.
Follow the steps in the install or upgrade guides.
When you install or upgrade the control plane in the management cluster, specify the following settings in your values file, alongside your other settings. For more information about the OIDC settings, see the API reference.
glooUi: enabled: true auth: enabled: true backend: oidc oidc: clientId: # From the OIDC provider clientSecret: # From the OIDC provider. Stored in a secret that you created in advance in the same namespace as the Gloo UI. In this example, the secret's name is 'dashboard'. clientSecretName: dashboard issuerUrl: # The URL to connect to the OpenID Connect identity provider, often in the format 'https://<domain>.<provider_url>/'. appUrl: # The URL that the Gloo UI is exposed at, such as 'https://localhost:8090'.
Optional: Add a stanza to store UI sessions in Redis.
Store UI sessions in Redis
By default, Gloo UI sessions are persisted by storing the OIDC ID tokens in encrypted browser cookies. If the ID tokens are too large to be stored in cookies, you can configure the UI to use a Redis instance instead.
You can deploy a Redis instance with the Gloo Mesh Helm chart, or use your own Redis deployment.
Add the following values into the Helm values file with your OIDC details that you created in the previous section.
... oidc: session: backend: redis redis: host: redis-dashboard.gloo-mesh.svc.cluster.local:6379 # Point to the Redis instance. This example is for the Gloo Mesh installed Redis. Update to your own as needed.