docs: installation with tls interception

SumoLogic · Feb 14, 2022 · 1b1dc5e · 1b1dc5e
1 parent c4884c6
commit 1b1dc5e
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/deploy/docs/Installing_Behind_Proxy.md b/deploy/docs/Installing_Behind_Proxy.md
@@ -10,6 +10,21 @@ fluentd.proxyUri
 
 You should set these properties to the URL for your proxy environment.
 
+## TLS interception via a transparent proxy
+
+If the proxy in question is transparent and does TLS interception with a custom root CA, installation becomes
+a bit more complex. Installation involves the setup job using the Sumologic API in order to create
+some necessary resources, like collectors and fields. This will fail if the Sumologic API TLS certificate
+cannot be verified.
+
+There are two ways of dealing with this:
+
+- Disabling the setup job and creating the necessary resources manually: [see here][manual]
+- Injecting the custom root CA into the setup image: [see here][rebuilding]
+
+[rebuilding]: ./Security_Best_Practices.md#adding-a-custom-root-ca-certificate-by-rebuilding-container-images
+[manual]: ./Installation_with_Helm.md#prerequisite
+
 ## Troubleshooting
 
 ### Error: timed out waiting for the condition