In demo or testing setups only, you can use an insecure relay connection.
To simplify your Gloo Network installation, such as in a demo or POC environment, you can choose to disable the TLS or mTLS connection between the Gloo management server and agents, and instead use an HTTP connection. For more information about this option, see Insecure.
warning
Using an insecure connection between the Gloo management server and agent is not a recommended security practice and should be used only in POC environments or for quick demonstrations. Without certificates, the communication between the management server and agents is unencrypted and unauthenticated at all times. If you plan to use Gloo Network in production, choose an option that secures the communication between the management server and agents. For more information, see the Setup options.
The steps to set up an insecure connection between the Gloo management server and agents vary depending on the installation method that you use.
You can follow the multicluster getting started guide guide to install Gloo Network by using the meshctl CLI. To ensure that no certificates are set up for the Gloo management server and the agents, make the following changes to the meshctl commands:
In the meshctl install command to create the Gloo management plane, include the --set common.insecure=true and --set glooMgmtServer.insecure=true flags.
In the meshctl cluster register command to register a workload cluster, create the following data-plane.yaml Helm values file, and specify the file in the --gloo-mesh-agent-chart-values data-plane.yaml flag.
common:
insecure: true
glooAgent:
insecure: true
Follow the Install with Helm guide to install Gloo Network by using Helm. To ensure that no certificates are set up for the Gloo management server and the agents, make the following changes to the helm install commands:
In the helm install command for the Gloo management server, include the --set common.insecure=true and --set glooMgmtServer.insecure=true flags.
In the helm install command for the Gloo agents, include the --set common.insecure=true and --set glooAgent.insecure=true flags.