Insecure setup
To simplify your Gloo Gateway installation, such as in a demo or POC environment, you can choose to disable the TLS or mTLS connection between the Gloo management server and agents, and instead use an HTTP connection. For more information about this option, see Insecure.
Using an insecure connection between the Gloo management server and agent is not a recommended security practice and should be used only in POC environments or for quick demonstrations. Without certificates, the communication between the management server and agents is unencrypted and unauthenticated at all times. If you plan to use Gloo Gateway in production, choose an option that secures the communication between the management server and agents. For more information, see the Setup options.
The steps to set up an insecure connection between the Gloo management server and agents varies depending on the installation method that you use.
You can follow the multicluster setup guide to install Gloo Gateway by using the meshctl CLI. To ensure that no certificates are set up for the Gloo management server and the agents, make the following changes to the meshctl commands:
- In the
meshctl installcommand to create the Gloo management plane, include the--set common.insecure=trueand--set glooMgmtServer.insecure=trueflags. - In the
meshctl cluster registercommand to register a workload cluster, create the followingagent.yamlHelm values file, and specify the file in the--gloo-mesh-agent-chart-values agent.yamlflag.common: insecure: true glooAgent: insecure: true
helm install commands:
- In the
helm installfor the Gloo management server, include the--set common.insecure=trueand--set glooMgmtServer.insecure=trueflags. - In the
helm installfor the Gloo agents, include the--set common.insecure=trueand--set glooAgent.insecure=trueflags.