There are three virtual appliance (VA) configuration options: standard, HTTP proxy, and network tunnel. You can also optionally enable transport layer security for encrypted communication.
Regarding:
no_proxy: <host1>|<host2>Where
<hostN>can either be a domain or an IP address. This can contain any number of hosts separate by pipe (|) symbols.
This will currently not set the environment variable no_proxy if the | is used, so it can no be used with curl on the VA directly: ISC/VA: no_proxy set incorrectly
Hello Andrei. Thanks for bringing this to our attention. I have created a ticket (SAASDOCS-7959) to get this updated. Thanks for helping to make the docs better!
Hello Andrei. The docs have been updated. Thanks again for reaching out.
How do we confirm that the network tunnel is configured properly?
Please update Configuring Virtual Appliances - SailPoint Identity Services to reflect that this can/should only be done AFTER the VA has been joined to the cluster.
I just spent an embarrassing amount of time double, tripe, quadruple-checking and tinkering with the hosts.yaml file wondering why it wouldn’t update /etc/hosts. Then I finally started asking ChatGPT why this would be happening and it mentioned Flatcar doesn’t do this natively and it might be a vendor-specific script that configures this. So I joined it to the cluster to kick off all the Sailpoint-specific crap that it does and sure enough - it worked after that.
I personally don’t really like that because when I join it to the cluster, the Sources attached may start using it before I’m ready (i.e. have hosts files configured, certificates in place, etc.). But whatever…It sure would have been awesome if the doc said at the very top that this won’t work until it’s been joined to the cluster!
Hello @SailorKev . Thanks for reaching out and bringing this to our attention. We will look into it and update here.