Proxy Configuration
The Qualys Cloud Agent supports the multi-proxy and authentication proxy. You can configure a proxy in the lxa-gke-deploy.yml
file. Following is an example of proxy configuration.
env:
- name: https_proxy
value:"https://#Vg8pvTO+uU44F/iPtowDXg==:#Yf9zVR9xzR2t4WE6Beupbg==@34.41.70.4:3128"
The following parameters are optional while configuring the proxy.
Parameter |
Description |
---|---|
proxy |
IPv4 address or FQDN of the proxy server |
value |
<proxy FQDN or IP address>:<port#> |
ProxyCertFile |
Proxy certificate file path. This parameter is applicable only if the proxy has a valid certificate file. If this option is not provided, then Qualys Cloud Agent tries to connect to the server with given |
Proxy Certificate File Configuration
You can configure the proxy configuration file using yml with the following methods:
- Using secret
- Using configMap
Configure Proxy Certificate File using Secrets
Steps to create a secret
- Create a secret, use the following command
kubectl create secret generic qualys-cert --from-file=qualys-cert.crt -n qualys-agent
- View the secret using the following command:
kubectl describe secret qualys-cert -n qualys-agent
- Edit the lxa-gke-deploy.yml and uncomment the following entries:
from volumeMounts section
# uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud and you are using secret method to provide cert file
# - name: cert-secret-volume
# mountPath: /etc/qualys/cloud-agent/cert/custom-ca.crt
# subPath: qualys-cert.crt
from volumes section
# uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud and you are using secret method to provide cert file
# - name: cert-secret-volume
# secret:
# secretName: qualys-cert - Apply the
.yml
file using the following command:
kubectl apply -f lxa-gke-deploy.yml
Configure Proxy Certificate File using ConfigMap
Steps to create a configMap
- Create a configMap, use the following command:
kubectl create configmap qualys-configmap --from-file=qualys-cert.crt -n qualys-agent
- View the configMap using the following command:
kubectl describe configmap qualys-configmap -n qualys-agent
- Edit the lxa-gke-deploy.yml and uncomment the following entries:
from the volumeMounts section
# uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud and you are using configMap method to provide cert file
# - name: cert-configmap-volume
# mountPath: /etc/qualys/cloud-agent/cert/custom-ca.crt
# subPath: qualys-cert.crt
from the volumes section
# uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud and you are using configMap method to provide cert file
# - name: cert-configmap-volume
# configMap:
# name: qualys-configmap - Apply the
.yml
file using the following command:
kubectl apply -f lxa-gke-deploy.yml
Commands and Explaination
Command | Description |
---|---|
kubectl | Command-line tool for interacting with GKE clusters. |
create secret generic | Indicates that you are creating a generic secret. |
create configmap | indicates that you are creating a configMap. |
qualys-cert | Name of the secret you are creating. |
qualys-configmap | Name of the configMap you are creating. |
--from-file | Allows to specify files that will be included in the configMap. |
qualys-cert.crt | cert file name that will be included in secret or configmap. For example, qualys-cert.crt=/root/qualys-cert.crt: This syntax specifies that the file /root/qualys-cert.crt should be included in the secret with the key qualys-cert.crt . |
When the GCP COS instance is started, it activates the Qualys Cloud Agent and provisions itself. Once the Qualys Cloud Agent provisions itself, it continues to function as expected.