How to configure Terraform Custom Agent to use Proxy

Avatar
Dmitry Uchuvatov
  • Updated

Use Case

By default, the Terraform Enterprise proxy configurations are injected into the agent containers. This guide provides instructions for building a new agent with a custom proxy configuration that overwrites the default settings.

Terraform agents can communicate through a proxy, such as Zscaler. If you use SSL termination on the proxy with a self-signed certificate from a non-trusted Certificate Authority (CA), you must load the CA certificate onto the agent.

Procedure

This procedure involves creating a custom Docker image with your proxy settings and then configuring Terraform Enterprise to use it.

Step 1: Create the Custom Agent Image

  1. Create a new directory for your Docker image files.

    $ mkdir custom-agent

  2. Change into the new directory.

    $ cd custom-agent

  3. Create an empty Dockerfile.

    $ touch Dockerfile

  4. Using a text or code editor, add the following content to the Dockerfile. Replace the placeholder values for the proxy environment variables.

    FROM hashicorp/tfc-agent:latest
USER root

## Add environment variables to use a custom proxy
ENV HTTP_PROXY=http://xxx.xxx.xxx.xxx:xxxx
ENV HTTPS_PROXY=http://xxx.xxx.xxx.xxx:xxxx
ENV http_proxy=http://xxx.xxx.xxx.xxx:xxxx
ENV https_proxy=http://xxx.xxx.xxx.xxx:xxxx

## Domains, hostnames, or IPs allowed to bypass the proxy
ENV NO_PROXY=localhost,127.0.0.1,tfe.example.net 
ENV no_proxy=localhost,127.0.0.1,tfe.example.net

## Install sudo. The container runs as a non-root user, but you may need to install packages.
RUN apt-get -y install sudo

##################################
## Add custom certificates
##################################
ADD your_ca_root.crt /usr/local/share/ca-certificates/foo.crt
## RUN chmod 644 /usr/local/share/ca-certificates/foo.crt && update-ca-certificates

## Permit tfc-agent to use sudo apt-get commands.
RUN echo 'tfc-agent ALL=NOPASSWD: /usr/bin/apt-get , /usr/bin/apt' >> /etc/sudoers.d/50-tfc-agent
USER tfc-agent

  5. Run the Docker build command to compile the image.

    $ docker build -t custom-tfc-agent .

Step 2: Apply the Custom Agent Image

After building the image, configure Terraform Enterprise to use it based on your installation type.

Option 1: For Replicated Installations

  1. Set the custom agent image tag using replicatedctl.

    $ replicatedctl app-config set custom_agent_image_tag --value 'custom-tfc-agent:latest'

  2. Apply the configuration and restart the Replicated service.

    $ replicatedctl app apply-config
  3. Once Terraform Enterprise is running, test a terraform plan and terraform apply to verify the agent is working correctly.

Option 2: For Flexible Deployment Options (FDO) Installations

  1. In your Docker Compose, Helm chart, or Kubernetes YAML configuration, set the TFE_RUN_PIPELINE_IMAGE parameter to your custom agent image name and tag.

    TFE_RUN_PIPELINE_IMAGE: "custom-tfc-agent:latest"
  2. Re-deploy Terraform Enterprise to apply the settings.
  3. Once Terraform Enterprise is running, test a terraform plan and terraform apply to verify the agent is working correctly.

Additional Information

Articles in this section

See more

Related articles