OIDC settings in Helm
Configure OIDC settings for the Gloo UI in Helm so that your settings remain even after version upgrades. You can also persist the OIDC sessions in a Redis instance by configuring Helm values.
Configure OIDC values in your Gloo Gateway deployment
You can configure the OIDC values for the Gloo UI when you install Gloo Gateway via Helm. This way, when you manage your releases through the helm upgrade process, your Dashboard custom resource settings are kept.
-
When you install or upgrade the control plane in the management cluster, specify the following settings in your values file, alongside your other settings. For more information about the OIDC settings, see the API reference.
glooUi: enabled: true auth: enabled: true backend: oidc oidc: clientId: # From the OIDC provider clientSecret: # From the OIDC provider. Stored in a secret that you created in advance in the same namespace as the Gloo UI. In this example, the secret's name is 'dashboard'. clientSecretName: dashboard issuerUrl: # The URL to connect to the OpenID Connect identity provider, often in the format 'https://<domain>.<provider_url>/'. appUrl: # The URL that the Gloo UI is exposed at, such as 'https://localhost:8090'. -
Optional: Add a stanza to store UI sessions in Redis.
Store UI sessions in Redis
By default, Gloo UI sessions are persisted by storing the OIDC ID tokens in encrypted browser cookies. If the ID tokens are too large to be stored in cookies, you can configure the UI to use a Redis instance instead.
You can deploy a Redis instance with the Gloo Gateway Helm chart, or use your own Redis deployment.
Add the following values into the Helm values file with your OIDC details that you created in the previous section. For more information, refer to the Backing databases for Gloo UI guide.
glooUi:
enabled: true
auth:
oidc:
session:
backend: redis
redis:
host: redis-dashboard.gloo-mesh.svc.cluster.local:6379 # Point to the Redis instance. This example is for the Gloo Gateway installed Redis. Update to your own as needed.