Insecure setup
To simplify your Gloo Gateway installation, such as in a demo or POC environment, you can choose to disable the TLS or mTLS connection between the Gloo management server and agents, and instead use an HTTP connection. For more information about this option, see Insecure.
Using an insecure connection between the Gloo management server and agent is not a recommended security practice and should be used only in POC environments or for quick demonstrations. Without certificates, the communication between the management server and agents is unencrypted and unauthenticated at all times. If you plan to use Gloo Gateway in production, choose an option that secures the communication between the management server and agents. For more information, see the Setup options.
The steps to set up an insecure connection between the Gloo management server and agents varies depending on the installation method that you use.
You can follow the multicluster setup guide to install Gloo Gateway by using the meshctl
CLI. To ensure that no certificates are set up for the Gloo management server and the agents, make the following changes to the meshctl
commands:
- In the
meshctl install
command to create the Gloo management plane, include the--set common.insecure=true
and--set glooMgmtServer.insecure=true
flags. - In the
meshctl cluster register
command to register a workload cluster, create the followingagent.yaml
Helm values file, and specify the file in the--gloo-mesh-agent-chart-values agent.yaml
flag.common: insecure: true glooAgent: insecure: true
helm install
commands:
- In the
helm install
for the Gloo management server, include the--set common.insecure=true
and--set glooMgmtServer.insecure=true
flags. - In the
helm install
for the Gloo agents, include the--set common.insecure=true
and--set glooAgent.insecure=true
flags.