Proxy Configuration

You can configure the proxy in .yml file. The following snippet shows a sample proxy configuration.

Provide the proxy name and proxy value for your network.

The following parameters are optional for proxy configuration.

Parameter	Description
proxy	IPv4 address or FQDN of the proxy server.
value	<proxy FQDN or IP address>:<port#>
ProxyCertFile	Proxy certificate file path. `ProxyCertFile` is applicable only if the proxy has a valid certificate file. If this option is not provided, Cloud Agent will try to connect to the server only with the given HTTP proxy settings. If only `ProxyCertFile` is provided without proxy, then Qualys Cloud Agent ignores the `ProxyCertFile` and tries to connect to the server without any HTTP proxy settings.

Proxy Certificate File Configuration

You can configure the proxy configuration file using yml with the following methods:

Steps to create a secret

Create a secret, use the following command
kubectl create secret generic qualys-cert --from-file=qualys-cert.crt -n qualys-agent
View the secret using the following command:
kubectl describe secret qualys-cert -n qualys-agent
Edit the qualys-cloud-agent-deploy.yml and uncomment the following entries:

from volumeMounts section
# uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud and you are using secret method to provide cert file # - name: cert-secret-volume # mountPath: /etc/qualys/cloud-agent/cert/custom-ca.crt # subPath: qualys-cert.crt

from volumes section
# uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud and you are using secret method to provide cert file # - name: cert-secret-volume # secret: # secretName: qualys-cert
Apply the .yml file using the following command:
kubectl apply -f qualys-cloud-agent-deploy.yml

Steps to create a configMap

Create a configMap, use the following command:
kubectl create configmap qualys-configmap --from-file=qualys-cert.crt -n qualys-agent
View the configMap using the following command:
kubectl describe configmap qualys-configmap -n qualys-agent
Edit the qualys-cloud-agent-deploy.yml and uncomment the following entries:

from the volumeMounts section
# uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud and you are using configMap method to provide cert file # - name: cert-configmap-volume # mountPath: /etc/qualys/cloud-agent/cert/custom-ca.crt # subPath: qualys-cert.crt

from the volumes section
# uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud and you are using configMap method to provide cert file # - name: cert-configmap-volume # configMap: # name: qualys-configmap
Apply the .yml file using the following command:
kubectl apply -f qualys-cloud-agent-deploy.yml

Command	Description
kubectl	Command-line tool for interacting with AWS EKS clusters.
create secret generic	Indicates that you are creating a generic secret.
create configmap	indicates that you are creating a configMap.
qualys-cert	Name of the secret you are creating.
qualys-configmap	Name of the configMap you are creating.
--from-file	Allows to specify files that will be included in the configMap.
qualys-cert.crt	cert file name that will be included in secret or configmap. For example, `qualys-cert.crt=/root/qualys-cert.crt:` This syntax specifies that the file `/root/qualys-cert.crt` should be included in the secret with the key `qualys-cert.crt`.