Enabling Workloads

Enable Workloads by Namespace

When a namespace is labeled for egress, the installed Operator detects this and takes action on the pods within that namespace. The Operator injects a certificate authority into the pods and configures them so that their egress traffic is routed through the Qtap proxy.

Label Namespaces for Sidecar Injection

The Qpoint Operator can install Qtap as a sidecar into your desired pods. There are a number of benefits to using a sidecar:

Isolation: Sidecars allow functionality to be isolated from the main application, reducing complexity within each pod and improving modularity.
Scalability: Sidecars can be scaled independently from the main service, providing more flexibility in resource management.
Flexibility: Updating or modifying a sidecar can be done without affecting the main application, enabling smoother and less risky updates.

kubectl label namespace <namespace> qpoint.io/egress=inject

Label Namespace for Service

kubectl label namespace <namespace> qpoint.io/egress=service

Disable Qpoint for Namespace

kubectl label namespace <namespace> qpoint.io/egress=disable

Enable Workloads by Pod

Label Pod for Sidecar Injection

qpoint.io/egress=inject

Label Pod for Service

qpoint.io/egress=service

Disable Qpoint for Pod

qpoint.io/egress=disable

As an example:

<container-name>:
  labels:
    qpoint.io/egress: disable

PreviousInstall the Operator NextUsage

Last updated 3 months ago