Transparent proxy configuration

If you use a transparent proxy, you need to configure StormForge to trust the proxy’s root certificate authority (CA). To do this, mount the proxy’s root CA certificate using a volume, then use additionalEnvVars to configure StormForge to use the mounted bundle.

Prerequisites:

• Helm version 3.14.0 or later (required for the --reset-then-reuse parameter)

Steps

1. Copy the YAML below into a new file named, for example, transparent-proxy-values.yaml. This example assumes the required root CA is available in a ConfigMap, but any core/v1 Volumes type can be used (see the related link below).

   ---
   # Configures additional volumes that will be added to all pods
   additionalVolumes:
   - name: corporate-root-ca
     configMap:
       name: corporate-root-ca
       items:
       - key: ca.crt
         path: ca.crt
   
   # Configures additional volume mounts that will be added to all containers
   additionalVolumeMounts:
   - name: 
     mountPath: /etc/ssl/certs
   
   # Configures additional environment variables that will be added to all containers
   additionalEnvVars: 
   - name: SSL_CERT_FILE  # or SSL_CERT_DIR. Configures StormForge apps to use the mounted bundle.
     value: /etc/ssl/certs/ca.crt
   

2. Run helm upgrade to apply the new settings:

   helm upgrade stormforge-agent oci://registry.stormforge.io/library/stormforge-agent \
       -n stormforge-system \
       --reset-then-reuse-values \
       -f transparent-proxy-values.yaml
   

Related topics

• Additional volumes and mounts