Docker Container

Preflight Check

If you'd like to verify your environment's compatibility, use the following script:

curl -sSL https://github.com/qpoint-io/preflight/releases/latest/download/preflight.sh | sudo bash

Prerequisites

Installation Steps

Download the latest Docker Image:

docker pull us-docker.pkg.dev/qpoint-edge/public/qtap:v0

Running Qtap in Docker

docker run \
  --user 0:0 \
  --privileged \
  --cap-add CAP_BPF \
  --cap-add CAP_SYS_ADMIN \
  --pid=host \
  --network=host \
  -v /sys:/sys \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v "$(pwd):/app/config" \
  -e TINI_SUBREAPER=1 \
  --ulimit=memlock=-1 \
  us-docker.pkg.dev/qpoint-edge/public/qtap:v0 \
  --log-level=warn \
  --log-encoding=console \
  --config=/app/config/qpoint.yaml

Replace /app/config/qpoint.yaml with the actual path to your YAML configuration file inside the container. You can exclude this for testing, and Qtap will run in a default configuration. Make sure to mount your local configuration file to this path using the -v option.

Docker Run Command Options Explained

  1. --user 0:0: Runs the container as root (necessary for eBPF operations).

  2. --privileged: Gives extended privileges to this container.

  3. --cap-add CAP_BPF: Adds the CAP_BPF capability (required for eBPF operations).

  4. --cap-add CAP_SYS_ADMIN: Adds the CAP_SYS_ADMIN capability (for low-level system operations).

  5. --pid=host: Shares the host's PID namespace with the container.

  6. --network=host: Uses the host's network stack inside the container.

  7. -v /sys:/sys: Mounts the host's /sys directory into the container.

  8. -v /var/run/docker.sock:/var/run/docker.sock: Mounts the host's docker socket

  9. -v "$(pwd):/app/config": Mounts the current directory to /app/config in the container.

  10. -e TINI_SUBREAPER=1: Sets up Tini as a subreaper for proper signal handling.

  11. --ulimit=memlock=-1: Removes the memory lock limit for eBPF programs.

Qtap-specific Flags

  • --log-level=warn: Sets the logging level (debug, info, warn, error). Use warn for cleaner output.

  • --log-encoding=console: Sets the log encoding format.

  • --registration-token=$TOKEN: (Cloud-connected mode) Provides the registration token for Qtap.

  • --config=/app/config/qpoint.yaml: (Local mode) Specifies the path to the Qtap configuration file.

Available Flags and Options

To see all available options and flags, run:

docker run --rm us-docker.pkg.dev/qpoint-edge/public/qtap:v0 --help
PreviousLinux BinaryNextHelm Chart

Last updated