QPoint is a sophisticated tool designed for managing and securing the data leaving your network. It operates by first installing a dedicated operator using Helm, which then oversees the entire QPoint system. Administrators label specific Kubernetes namespaces for QPoint’s attention, indicating where QPoint should manage network traffic.

Upon deploying applications in these labeled namespaces, QPoint’s operator automatically injects a Qtap init container and a Qtap sidecar proxy into the application pods. The Qtap init container configures essential iptables rules for traffic control, while the Qtap sidecar proxy, leveraging these rules and QPoint’s Certificate Authority setup, intelligently manages, monitors, and secures both inbound and outbound network traffic. This comprehensive approach ensures robust traffic analysis, enhanced security, and compliance within Kubernetes environments. Check out the full video walkthrough below.

1. Installation of QPoint Operator

helm install qtap-operator qpoint/qtap-operator \
  --namespace qpoint --create-namespace \
  --set token="YOUR_API_KEY"

• Explanation:

  • This command deploys the QPoint operator within Kubernetes.

  • It creates a dedicated qpoint namespace for QPoint's operations.

  • It sets up authentication using an API key.

2. Labeling Namespaces for QPoint Management

kubectl label namespace <namespace> qpoint.io/egress=inject

• Explanation:

  • Applies a label qpoint-egress=inject to a specified Kubernetes namespace.

  • This label signals the QPoint operator to manage and monitor network traffic within that namespace.

3. Deploying Applications in Labeled Namespace

helm install my-app -f config.yaml my-chart/my-app -n <namespace>

• Explanation:

  • This command deploys applications within the namespace managed by QPoint.

  • The QPoint operator begins automated configuration and management of the applications in this namespace.

4. Automatic Qtap Initialization by QPoint Operator

• Process:

  • The QPoint operator detects applications in the labeled namespace.

  • It injects the qtap-init container into the pods.

  • This container establishes iptables rules for traffic control.

5. Certificate Authority (CA) Setup by QPoint Operator

• Process:

  • The QPoint operator manages SSL/TLS-encrypted traffic through CA configuration.

  • It appends its root CA to existing CA bundles in the pod or creates new ones.

6. Qtap Sidecar Proxy Installation by QPoint Operator

• Process:

  • The QPoint operator installs the Qtap proxy as a sidecar container in each pod.

  • Qtap leverages the iptables rules and CA configurations set up by the QPoint operator.