TFE on OpenShift: How to run ephemeral agents with per-agent-pool env configuration?

Terraform
1

Hi all,

I’m running Terraform Enterprise (TFE) on OpenShift using the official Terraform Enterprise Helm chart, and I’m looking for a supported way to run Terraform Agents with multiple, per-agent-pool configurations, while keeping the agents ephemeral and fully managed by TFE.

Important requirement (ephemeral agents)

This point is critical to my question:

  • I want TFE to dynamically create agent pods only when a run starts (plan/apply)

  • Once the run finishes, the agent pod should be deleted

  • I explicitly do not want always-on / long-running agent pods waiting for work

In other words, I’m aiming for on-demand / ephemeral agent pods, managed by TFE itself, not pre-scaled or permanently running agents.

What I’m trying to achieve

I understand that agent configuration is often global, such as:

  • Agent namespace

  • Agent image

  • Shared env vars (TFE_HOSTNAME, CA bundle, base NO_PROXY, etc.)

However, I also need different configuration per agent pool, for example:

Per-agent-pool requirements

  • Different proxy settings

    • Pool A → proxy A

    • Pool B → proxy B (or no proxy)

  • Different logging levels

    • Pool A → INFO

    • Pool B → DEBUG

Each workspace is mapped to a specific agent pool, and that pool should determine the environment variables applied to the ephemeral agent pod created for that run.

Core questions

  1. Does the official Terraform Enterprise Helm chart support defining multiple agent pools with distinct environment variables, while still allowing TFE to create and destroy agent pods dynamically per run?

  2. If this is not supported directly:

    • Is the recommended pattern to deploy separate agent configurations (or releases) per pool, even when using ephemeral agents?

  3. Can any of this be configured from the Terraform Enterprise UI (for example, agent pool settings), in a way that results in:

    • Different env vars

    • Different proxy / logging behavior
      being applied to the Kubernetes agent pods?

  4. If the UI does not support this, is the only supported control plane the Helm chart + Kubernetes manifests?

Environment

  • Terraform Enterprise version: 1.1.2

  • Helm chart: terraform-enterprise version 1.6.6

  • Platform: OpenShift

  • Agent type: Terraform Agents (self-managed, not TFC SaaS)

  • Network: outbound traffic via proxy (varies per network segment)

  • Goal: ephemeral, on-demand agent pods only

What I’ve tried / observed

From the official chart examples and default values.yaml, I only see patterns that imply a single, global agent configuration, for example:

  • One namespace

  • One agent image

  • One set of env vars applied to all agents

I can’t find a supported way to express something conceptually like:

# PSEUDO-CONFIG – illustrative only
agents:
  pools:
    - name: "pool-a"
      extraEnv:
        - name: HTTP_PROXY
          value: "http://proxy-a:3128"
        - name: LOG_LEVEL
          value: "INFO"

    - name: "pool-b"
      extraEnv:
        - name: HTTP_PROXY
          value: "http://proxy-b:3128"
        - name: LOG_LEVEL
          value: "DEBUG"

…while still allowing TFE to spin up and tear down agent pods per run.

What I’m looking for

  • A supported way to achieve per-agent-pool environment configuration for ephemeral agents

  • Or confirmation that this is not supported, along with:

    • The recommended architectural pattern

    • Best practices for managing this cleanly at scale (multiple pools, proxies, environments)

Thanks in advance.