DDoS Detection for
Agones GameServers
Detect attacks on individual GameServer pods and label them via the Agones SDK sidecar REST API. Use the labels to drain attacked servers, steer matchmaking, and trigger fleet-level automation.
How It Works
Setup
Get started in three steps
Add ftagent as a sidecar
Add the ftagent container to your GameServer pod spec alongside the Agones SDK sidecar. Both containers share the pod network, so ftagent sees the same traffic your game server does.
Enable the Agones integration
Set agones_sidecar: true in your ftagent config. The agent will call the SDK sidecar at localhost:59358 to label the GameServer when an attack is detected.
Wire up your fleet response
Use Agones FleetAutoscaler policies, allocation label selectors, or your matchmaker to react to the flowtriq.com/under-attack label. Steer players away from attacked servers automatically.
Configuration
GameServer pod spec
Add ftagent as a sidecar container in your Agones GameServer template. The Agones SDK sidecar is already present by default.
# gameserver.yaml apiVersion: agones.dev/v1 kind: GameServer metadata: name: my-game-server spec: ports: - name: default containerPort: 7654 protocol: UDP template: spec: containers: - name: game-server image: your-game:latest # Flowtriq DDoS detection sidecar - name: ftagent image: flowtriq/ftagent:latest securityContext: capabilities: add: [NET_RAW, NET_ADMIN] env: - name: FTAGENT_API_KEY valueFrom: secretKeyRef: name: flowtriq-credentials key: api-key - name: FTAGENT_NODE_UUID valueFrom: fieldRef: fieldPath: metadata.name volumeMounts: - name: ftagent-config mountPath: /etc/ftagent volumes: - name: ftagent-config configMap: name: ftagent-agones-config
# ftagent ConfigMap apiVersion: v1 kind: ConfigMap metadata: name: ftagent-agones-config data: config.json: | { "api_key": "your-api-key", "node_uuid": "", "interface": "auto", "agones_sidecar": true, "agones_sidecar_port": 59358 }
Labels
Labels applied to GameServer
When ftagent detects an attack, it sets these labels on the GameServer resource via the SDK sidecar. All labels are cleared when the attack ends.
| Label | Value | When |
|---|---|---|
flowtriq.com/under-attack | true / false | Set to true on attack start, false on attack end |
flowtriq.com/attack-family | udp_flood, syn_flood, tcp_flood, etc. | Set on attack start, removed on attack end |
flowtriq.com/attack-pps | Peak packets per second (integer) | Set on attack start, removed on attack end |
Use Cases
What you can build with this
Allocation filtering
Add a label selector to your GameServerAllocation so new players are never placed on a server that is actively under attack. The label propagates within seconds of detection.
Fleet autoscaling
Use a FleetAutoscaler list policy to count only healthy (non-attacked) servers. When servers get attacked and labeled, the autoscaler spins up replacements to maintain capacity.
Matchmaker steering
Query the Kubernetes API or Agones allocator for GameServers where flowtriq.com/under-attack != true. Move sessions away from attacked infrastructure without manual intervention.
Incident correlation
Every attack also opens an incident on the Flowtriq dashboard with full protocol breakdown, source IP analysis, and packet captures. The labels are the fast path; the dashboard is the investigation tool.
Example
Allocation with attack filtering
# Only allocate GameServers that are not under attack apiVersion: allocation.agones.dev/v1 kind: GameServerAllocation spec: required: matchLabels: {} matchExpressions: - key: flowtriq.com/under-attack operator: NotIn values: ["true"]
FAQ