Docker Container
This guide provides comprehensive instructions for deploying Qtap using Docker, enabling you to quickly set up a powerful and customizable eBPF probe for monitoring outbound traffic.
Prerequisites
Docker: Ensure Docker is installed on your host machine. For installation instructions, refer to the Docker official documentation.
Registration Token: Valid registration token from app.qpoint.io
Installation Steps
Download the Docker Image
Note: Replace v0.1.6
with the desired version of Qtap. Use "head" for latest
Run the Docker Container
Docker Run Command Options Explained
--user 0:0
: Runs the container as root (necessary for eBPF operations).--privileged
: Gives extended privileges to this container.--cap-add CAP_BPF
: Adds the CAP_BPF capability (required for eBPF operations).--cap-add CAP_SYS_ADMIN
: Adds the CAP_SYS_ADMIN capability (for low-level system operations).--pid=host
: Shares the host's PID namespace with the container.--network=host
: Uses the host's network stack inside the container.-v /sys:/sys
: Mounts the host's /sys directory into the container.-v "$(pwd):/app/config"
: Mounts the current directory to /app/config in the container.-e TINI_SUBREAPER=1
: Sets up Tini as a subreaper for proper signal handling.--ulimit=memlock=-1
: Removes the memory lock limit for eBPF programs.
Qtap-specific Flags
--log-level=info
: Sets the logging level.--log-encoding=console
: Sets the log encoding format.--registration-token=$TOKEN
: Provides the registration token for Qtap.
Available Flags and Options
To see all available options and flags, run:
Key flags include:
--[no-]help
: Show context-sensitive help (also try--help-long
and--help-man
).--http-display=none
: Captured HTTP traffic display mode. (Env:$HTTP_DISPLAY_MODE
)--registration-endpoint="https://api.qpoint.io"
: Registration endpoint. (Env:$REGISTRATION_ENDPOINT
)--registration-token=REGISTRATION-TOKEN
: Registration token. (Env:$REGISTRATION_TOKEN
)--data-dir="/tmp/qpoint"
: Directory to store state. (Env:$DATA_DIR
)--qpoint-config=QPOINT-CONFIG
: Configuration file path. (Env:$QPOINT_CONFIG
)--unknown-endpoint-cache-size=1000
: Cache size for unknown endpoints. (Env:$UNKNOWN_ENDPOINT_CACHE_SIZE
)--audit-log-buffer-size=1000
: Buffer size for audit logs. (Env:$AUDIT_LOG_BUFFER_SIZE
)--log-level=error
: Log level. (Env:$LOG_LEVEL
)--log-encoding=json
: Log encoding. (Env:$LOG_ENCODING
)--[no-]log-caller
: Log caller. (Env:$LOG_CALLER
)--status-listen="0.0.0.0:10001"
: IP:PORT of status server to listen on. (Env:$STATUS_LISTEN
)
Important Notes
Ensure you're using the correct version of Qtap. The examples use
v0.1.6
, but you should use the version appropriate for your needs. Use "head" for latestThe Qtap-specific flags should be placed after the
tap
command in the Docker run command.Some options can be set via environment variables. The corresponding environment variable is listed for each flag where applicable.
The
--registration-token
flag is essential for associating your Qtap instance with app.qpoint.io. Ensure you replace$TOKEN
with your actual registration token.
Last updated