Helm Chart

Prerequisites

  • Kubernetes cluster on a Linux Host with supported Kernel (5.10+)

  • Helm

  • Kubectl

  • (For cloud-connected mode) Registration Token: Valid registration token from app.qpoint.io

  • (For local mode) Configuration Files: Prepare your Qtap YAML config file

Install Qpoint Helm Repo

First, add the Qpoint Helm Repo:

helm repo add qpoint https://helm.qpoint.io/
helm repo update
helm search repo qpoint/qpoint-tap --versions

Deploy Qtap

Cloud-Connected Mode

There are two ways to provide your registration token when deploying Qtap in cloud-connected mode:

Option 1: Using Kubernetes Secrets

  1. First, create the qpoint namespace if it doesn't exist:

kubectl create namespace qpoint

  1. Create a secret containing your registration token:

kubectl create secret generic qpoint-tap-registration-token \
  --from-literal=token='<TOKEN>' \
  -n qpoint

  1. Deploy Qtap using Helm, referencing the secret:

helm install qpoint-tap qpoint/qpoint-tap \
  -n qpoint \
  --set logLevel=info \
  --set registrationTokenSecretRefName="qpoint-tap-registration-token"

Note: You can use your preferred secret management solution to create the secret, such as HashiCorp Vault, AWS Secrets Manager, or other tools integrated with your cluster.

Option 2: Direct Token Configuration

Deploy Qtap by directly providing the registration token (not recommended for production):

helm install qpoint-tap qpoint/qpoint-tap \
  -n qpoint \
  --create-namespace \
  --set logLevel=info \
  --set registrationToken=$TOKEN

Note: If both registrationTokenSecretRefName and registrationToken are set, registrationTokenSecretRefName takes precedence.

You can find all configurable options with:

helm show values qpoint/qpoint-tap

Local Mode

For local mode, you'll need to provide your Qtap configuration using a YAML file. First, create your configuration file qtap-config.yaml and supply it via your helm command:

helm install qpoint-tap qpoint/qpoint-tap \
  -n qpoint \
  --create-namespace \
  --set logLevel=info \
  --set-file config=./qtap-config.yaml

Verifying the Deployment

To verify that Qtap is running:

kubectl get pods -n qpoint

You should see a pod named qpoint-tap-xxxx in the Running state.

Uninstalling Qtap

To uninstall Qtap:

helm uninstall qpoint-tap -n qpoint

Important Notes

  1. The Qtap pod requires privileged access for eBPF operations. Ensure your cluster's security policies allow this.

  2. To set a specific version, use --set image.tag="v0.4.7"

  3. For cloud-connected mode, keep your registration token secure and do not share it in public repositories.

  4. For local mode, ensure your configuration is correctly formatted and contains all necessary settings.

  5. The default configuration mounts the host's /sys directory. Ensure this is allowed in your cluster.

  6. You may need to adjust resource requests and limits based on your cluster's capacity and Qtap's requirements.

  7. When using secret management, ensure proper RBAC permissions are in place for accessing the secret.

PreviousDocker ContainerNextKubernetes Manifest

Last updated