Insecure setup
To simplify your Gloo Mesh Enterprise installation, such as in a demo or POC environment, you can choose to disable the mutual TLS connection between the Gloo management server and agents, and instead use an HTTP connection. For more information about this option, see Option 1: Insecure setup.
Disabling the mTLS connection between the Gloo management server and agent is not a recommended security practice and should be used only in POC environments or for quick demonstrations. Without certificates, the communication between the management server and agents is unencrypted and unauthenticated at all times. If you plan to use Gloo Mesh in production, choose an option that secures the communication between the management server and agents. For more information, see the Setup options.
The steps to set up an insecure connection between the Gloo management server and agents varies depending on the installation method that you use.
meshctl installation:
You can follow the multicluster getting started guide to install Gloo Mesh by using the meshctl
CLI. To ensure that no certificates are set up for the Gloo management server and the agents, make the following changes to the meshctl
commands:
- In the
meshctl install
command to create the Gloo Mesh management plane, include the--set common.insecure=true
and--set glooMgmtServer.insecure=true
flags. - In the
meshctl cluster register
command to register a workload cluster, create the followingagent.yaml
Helm values file, and specify the file in the--gloo-mesh-agent-chart-values agent.yaml
flag.common: insecure: true glooAgent: insecure: true
Helm installation:
Follow the Install Gloo guide to install Gloo Mesh by using Helm. To ensure that no certificates are set up for the Gloo management server and the agents, make the following changes to the helm install
commands:
- In the
helm install
for the Gloo management server, include the--set common.insecure=true
and--set glooMgmtServer.insecure=true
flags. - In the
helm install
for the Gloo agents, include the--set common.insecure=true
and--set glooAgent.insecure=true
flags.