Problem Statement:

In some environments, the Port Agent must communicate with services secured by non-standard or private certificate authorities. Currently, there is no straightforward way to mount custom CA certificates into the agent container when deployed via the Helm chart. This limitation makes it difficult to operate in environments with custom security requirements.

Proposed Solution:

Extend the Port Agent Helm chart to allow users to specify additional volumes and volume mounts.

Provide an example configuration to demonstrate mounting a secret or ConfigMap containing custom CA certificates.

Ensure the agent container recognizes and utilizes the mounted certificates for outbound communication.

Benefits

Enables secure communication with services protected by private or non-standard CAs.

Improves flexibility of Port Agent deployments in enterprise and regulated environments.

Reduces the need for manual workarounds or custom image builds.

Example Values.yaml with extra volumes

extraVolumes:

- name: custom-certs

secret:

secretName: custom-ca-secret

extraVolumeMounts:

- name: custom-certs

mountPath: /etc/ssl/certs/custom

readOnly: true