Local

The qtap-config.yaml file is used to configure Qtap, an eBPF probe that captures application traffic before encryption without requiring certificate management. This file defines global settings and specific endpoint capture rules.

Configuration File Structure

The qtap-config.yaml file consists of three main sections:

  1. Global Qtap Settings

  2. Protocol Specific Settings

  3. Endpoint-specific Capture Rules

Here's an example of the basic structure:

tap:
  direction: egress-external
  audit_logs: stdout
  audit_include_dns: false
  ignore_loopback: false
  http:
    stack: default
  endpoints:
    - domain: "api.github.com"
      http:
        stack: complete
    - domain: "www.cloudflare.com"
      http:
        stack: none

Global Settings

These settings apply across the entire Qtap configuration.

tap:
  direction: egress-external
  audit_logs: stdout
  audit_include_dns: false
  ignore_loopback: false

  • direction: Determines which traffic direction to capture. Options are:

    • all: Capture all traffic

    • ingress: Capture only incoming traffic

    • egress: Capture only outgoing traffic

    • egress-external: Capture only outgoing traffic to external networks

    • egress-internal: Capture only outgoing traffic within internal networks

  • audit_logs: Specifies where to publish audit logs. Options are:

    • stdout: Print to standard output

    • pulse: Send to a pulse service (if configured)

    • none: Disable audit logging

  • audit_include_dns: When set to true, includes DNS information in audit logs. When false, DNS information is excluded.

  • ignore_loopback: When set to true, ignores traffic on the loopback interface. When false, captures loopback traffic.

HTTP Data Stream Settings

These settings control how HTTP data streams are handled globally.

tap:
  http:
    stack: none

  • stack: Specifies the default middleware stack to use for HTTP traffic. Use none for no middleware.

Endpoint-specific Capture Rules

Controls specific settings for individual domains, overriding the global and protocol settings.

tap:
  endpoints:
    - domain: "api.github.com"
      http:
        stack: complete
    - domain: "www.cloudflare.com"
      http:
        stack: none

  • domain: The specific domain to which the rule applies

  • http: HTTP-specific settings for this domain

    • stack: Overrides the global stack setting for this domain

Complete Configuration Example

Here's a complete example of a qtap-config.yaml file:

tap:
  direction: egress-external
  audit_logs: stdout
  audit_include_dns: false
  ignore_loopback: false
  http:
    stack: none
  endpoints:
    - domain: "api.github.com"
      http:
        stack: complete

In this configuration:

  • Only outgoing traffic to external networks is captured

  • Audit logs are sent to stdout

  • DNS information is not included in audit logs

  • Loopback traffic is not ignored

  • No middleware stack is used by default

  • Traffic to api.github.com uses the 'complete' middleware stack

PreviousConfigurationNextQproxy

Last updated