Docker Container
This guide provides comprehensive instructions for deploying Qtap using Docker, enabling you to quickly set up a powerful and customizable eBPF probe for monitoring outbound traffic.
Prerequisites
Docker: Ensure Docker is installed on your host machine. For installation instructions, refer to the Docker official documentation.
Configuration Files: Prepare your Qtap YAML config file and any optional WebAssembly (WASM) middleware modules.
Installation Steps
Download the Docker Image
Note: Replace v0.1.6
with the desired version of Qtap. Use "head" for latest
Run the Docker Container
Docker Run Command Options Explained
--user 0:0
: Runs the container as root (necessary for eBPF operations).--privileged
: Gives extended privileges to this container.--cap-add CAP_BPF
: Adds the CAP_BPF capability (required for eBPF operations).--cap-add CAP_SYS_ADMIN
: Adds the CAP_SYS_ADMIN capability (for low-level system operations).--pid=host
: Shares the host's PID namespace with the container.--network=host
: Uses the host's network stack inside the container.-v /sys:/sys
: Mounts the host's /sys directory into the container.-v "$(pwd):/app/config"
: Mounts the current directory to /app/config in the container.-e TINI_SUBREAPER=1
: Sets up Tini as a subreaper for proper signal handling.--ulimit=memlock=-1
: Removes the memory lock limit for eBPF programs.
Qtap-specific Flags
--log-level=info
: Sets the logging level.--log-encoding=console
: Sets the log encoding format.--qpoint-config=/app/config/qpoint.yaml
: Specifies the path to the Qtap configuration file.
Available Flags and Options
To see all available options and flags, run:
Key flags include:
--http-display=none
: Captured HTTP traffic display mode. (Env:$HTTP_DISPLAY_MODE
)--registration-endpoint="https://api.qpoint.io"
: Registration endpoint. (Env:$REGISTRATION_ENDPOINT
)--registration-token=REGISTRATION-TOKEN
: Registration token. (Env:$REGISTRATION_TOKEN
)--data-dir="/tmp/qpoint"
: Directory to store state. (Env:$DATA_DIR
)--qpoint-config=QPOINT-CONFIG
: Configuration file path. (Env:$QPOINT_CONFIG
)--unknown-endpoint-cache-size=1000
: Cache size for unknown endpoints. (Env:$UNKNOWN_ENDPOINT_CACHE_SIZE
)--audit-log-buffer-size=1000
: Buffer size for audit logs. (Env:$AUDIT_LOG_BUFFER_SIZE
)--log-level=error
: Log level. (Env:$LOG_LEVEL
)--log-encoding=json
: Log encoding. (Env:$LOG_ENCODING
)--[no-]log-caller
: Log caller. (Env:$LOG_CALLER
)--status-listen="0.0.0.0:10001"
: IP:PORT of status server to listen on. (Env:$STATUS_LISTEN
)
Important Notes
Ensure you're using the correct version of Qtap. The examples use
v0.1.6
, but you should use the version appropriate for your needs.The Qtap-specific flags should be placed after the
tap
command in the Docker run command.The
--qpoint-config
flag is crucial for specifying your configuration file. Ensure the path is correct relative to the mounted volume.Some options can be set via environment variables. The corresponding environment variable is listed for each flag where applicable.
Last updated