OIDC settings in Helm

Configure OIDC settings for the Gloo Mesh UI in Helm so that your settings remain even after version upgrades. You can also persist the OIDC sessions in a Redis instance by configuring Helm values.

Configure OIDC values in your Gloo Mesh deployment

You can configure the OIDC values for the Gloo Mesh UI when you install Gloo Mesh Enterprise via Helm. This way, when you manage your releases through the helm upgrade process, your Dashboard custom resource settings are kept.

1. Create a configuration file with your OIDC provider details, such as in the following example oidc.yaml.

   • For more information about customizing Helm chart settings, see Modifying Helm chart values.
   • For more information about the OIDC settings, see the API reference.

   glooMeshLicenseKey: # Gloo Mesh Enterprise license key
   glooMeshUi:
     enabled: true
     auth:
       enabled: true
       backend: oidc
       oidc:
         clientId: # From the OIDC provider
         clientSecret: # From the OIDC provider. Stored in a secret that you created in advance in the same namespace as the Gloo Mesh UI. In this example, the secret's name is 'dashboard'.
         clientSecretName: dashboard
         issuerUrl: # The URL to connect to the OpenID Connect identity provider, often in the format 'https://<domain>.<provider_url>/'.
         appUrl: # The URL that the Gloo Mesh UI is exposed at, such as 'https://localhost:8090'.
   

2. Optional: Add a stanza to store UI sessions in Redis.

3. Install or upgrade Gloo Mesh Enterprise with the values file.

   helm upgrade -f oidc.yaml gloo-mesh-enterprise gloo-mesh-enterprise/gloo-mesh-enterprise --namespace gloo-mesh --kube-context=${MGMT_CONTEXT} [--install]
   

Store UI sessions in Redis

By default, Gloo Mesh UI sessions are persisted by storing the OIDC ID tokens in encrypted browser cookies. If the ID tokens are too large to be stored in cookies, you can configure the UI to use a Redis instance instead.

You can deploy a Redis instance with the Gloo Mesh Enterprise Helm chart, or use your own Redis deployment.

Add the following values into the Helm values file with your OIDC details that you created in the previous section.

...
    oidc:
      session:
        backend: redis
        redis:
          host: redis-dashboard.gloo-mesh.svc.cluster.local:6379 # Point to the Redis instance. This example is for the Gloo Mesh installed Redis. Update to your own as needed.