Container Orchestration
Last updated
Last updated
There are four main ways to route outbound traffic through the Qpoint proxy:
Note: Direct connections from client to Connect (either as a service or sidecar) to the internet are not supported.
While Qpoint Proxy can be used standalone, Qpoint Connect offers several advantages:
Enhanced Attribution: Connect can supply username/password credentials to the Proxy, allowing for better identification and tracking of traffic sources.
Simplified Client Configuration: Connect can handle the authentication and routing details, simplifying the configuration needed on the client side.
If these features are not required for your use case, you can use the Qpoint Proxy directly without Connect.
Proxy and Connect as Services:
Add the Qpoint Helm repo.
Deploy Qpoint Proxy using Helm.
(Optional) Deploy Qpoint Connect using Helm.
Proxy or Connect as Sidecars:
Include the Qpoint container specification directly in your pod's YAML.
Use the Qpoint Init container to configure iptables rules for routing traffic. This can be done for both Qpoint Connect and Qpoint Proxy.
To perform SSL termination and deep packet inspection:
Create a ConfigMap with your custom CA certificate.
Mount the certificate in your pods.
Configure your applications to trust the custom CA.
Learn more in Kubernetes
Choose between Connect and direct Proxy usage based on your attribution and security needs.
For sidecar deployments, include Qpoint container specs directly in pod definitions.
Ensure proper certificate management for SSL termination.
Configure applications to use the proxy or connect component as needed.
Use Qpoint Init for transparent traffic routing when environment variables are not suitable.
Refer to the detailed documentation for specific configuration options and advanced usage scenarios.
