Skip to content

Instantly share code, notes, and snippets.

@jonfriesen

jonfriesen/qtap-demo-env.yaml

Last active January 13, 2026 00:24
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jonfriesen/f889764d7e53e7ea66c86652bd6d2d9a to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jonfriesen/f889764d7e53e7ea66c86652bd6d2d9a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
qtap-demo-env.yaml
version: 2
services:
event_stores:
- id: qpoint_cloud
type: pulse
url: https://api-pulse.qpoint.io
token:
type: env
value: QPOINT_PULSE_TOKEN
object_stores:
- id: garage_local_storage
type: s3
endpoint: garage:3900
bucket: qpoint
region: us-east-1
access_url: http://garage:3904/qpoint/{{DIGEST}}
insecure: true
access_key:
type: env
value: GARAGE_ACCESS_KEY
secret_key:
type: env
value: GARAGE_SECRET_KEY
stacks:
default_stack:
plugins:
- type: report_usage
- type: detect_errors
config:
rules:
- name: App Error
trigger_status_codes:
- '500'
only_categories:
- app
report_as_issue: true
record_req_headers: true
record_req_body: true
record_res_headers: true
record_res_body: true
- name: Infrastructure Outage
trigger_status_codes:
- '502'
- '503'
- '520'
- '521'
- '522'
- '523'
- '525'
- '526'
- '530'
only_categories:
- app
report_as_issue: true
record_req_headers: true
record_req_body: true
record_res_headers: true
record_res_body: true
- name: Client Error
trigger_status_codes:
- '400'
only_categories:
- app
report_as_issue: true
record_req_headers: true
record_req_body: true
record_res_headers: true
record_res_body: true
- name: Authentication Error
trigger_status_codes:
- '401'
- '403'
- '407'
only_categories:
- app
report_as_issue: true
record_req_headers: true
record_req_body: true
record_res_headers: true
record_res_body: true
- name: Rate Limited
trigger_status_codes:
- '429'
only_categories:
- app
report_as_issue: true
record_req_headers: true
record_req_body: true
record_res_headers: true
record_res_body: true
- name: Not Found
trigger_status_codes:
- '404'
only_categories:
- app
report_as_issue: true
record_req_headers: true
record_req_body: true
record_res_headers: true
record_res_body: true
- type: access_logs
config:
mode: summary
sensitive_data_scanning:
plugins:
- type: report_usage
- type: detect_errors
config:
rules:
- name: Debug
trigger_status_codes:
- 2xx
- 3xx
- 4xx
- 5xx
only_categories:
- app
report_as_issue: false
record_req_headers: true
record_req_body: true
record_res_headers: true
record_res_body: true
- name: App Error
trigger_status_codes:
- '500'
only_categories:
- app
report_as_issue: true
record_req_headers: true
record_req_body: true
record_res_headers: true
record_res_body: true
- name: Infrastructure Outage
trigger_status_codes:
- '502'
- '503'
- '520'
- '521'
- '522'
- '523'
- '525'
- '526'
- '530'
only_categories:
- app
report_as_issue: true
record_req_headers: true
record_req_body: true
record_res_headers: true
record_res_body: true
- name: Client Error
trigger_status_codes:
- '400'
only_categories:
- app
report_as_issue: true
record_req_headers: true
record_req_body: true
record_res_headers: true
record_res_body: true
- name: Authentication Error
trigger_status_codes:
- '401'
- '403'
- '407'
only_categories:
- app
report_as_issue: true
record_req_headers: true
record_req_body: true
record_res_headers: true
record_res_body: true
- name: Rate Limited
trigger_status_codes:
- '429'
only_categories:
- app
report_as_issue: true
record_req_headers: true
record_req_body: true
record_res_headers: true
record_res_body: true
- name: Not Found
trigger_status_codes:
- '404'
only_categories:
- app
report_as_issue: true
record_req_headers: true
record_req_body: true
record_res_headers: true
record_res_body: true
- type: access_logs
config:
mode: summary
- type: qscan
config:
cache_t_t_l: 24h
cache_size: 4096
sample_baseline: 10
sample_rate: 0.2
classifier:
min_learning_count: 0
cardinality_threshold: 0.75
min_samples: 2
max_values_per_node: 100
prune_high_cardinality: true
monitors:
- type: PERSON
record_value: false
- type: EMAIL_ADDRESS
record_value: false
- type: PHONE_NUMBER
record_value: false
- type: LOCATION
record_value: false
- type: US_SSN
record_value: false
- type: STREET_ADDRESS
record_value: false
- type: CREDIT_CARD
record_value: false
- type: US_BANK_NUMBER
record_value: false
- type: US_DRIVER_LICENSE
record_value: false
- type: ORGANIZATION
record_value: false
record_document: true
verbose: false
qscan_cloud: false
object_store_i_d: ''
tags:
- key: tier
source: container.label
location: tier
- key: cost_center
source: container.label
location: cost_center
- key: env
source: container.label
location: env
- key: region
source: container.label
location: region
- key: business_unit
source: container.label
location: business_unit
- key: data_class
source: container.label
location: data_class
- key: data_domain
source: container.label
location: data_domain
- key: app_id
source: container.label
location: app_id
- key: owner
source: container.label
location: owner
- key: compliance
source: container.label
location: compliance
tap:
direction: egress-external
ignore_loopback: true
audit_include_dns: false
http:
stack: default_stack
filters:
groups:
- gke
- qpoint
- kubernetes
endpoints:
- domain: api.perplexity.ai
http:
stack: sensitive_data_scanning
- domain: api.anthropic.com
http:
stack: sensitive_data_scanning
- domain: api.openai.com
http:
stack: sensitive_data_scanning
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment