It can be tedious to adopt Telepresence across your organization, since in its handiest form, it requires admin access, and needs to get along with any exotic networking setup that your company may have.
If Docker is already approved in your organization, this Golden path should be considered.
When using Telepresence in Docker mode, users can eliminate the need for admin access on their machines, address several networking challenges, and forego the need for third-party applications to enable volume mounts.
You can simply add the docker flag to any Telepresence command, and it will start your daemon in a container. Thus removing the need for root access, making it easier to adopt as an organization
Let's illustrate with a quick demo, assuming a default Kubernetes context named default, and a simple HTTP service:
This method limits the scope of the potential networking issues since everything stays inside Docker. The Telepresence daemon can be found under the name
tp-<your-context> when listing your containers.
Start an intercept and a corresponding intercept-handler:
--docker-run starts the local container that acts as the intercept handler so that it uses the same network as the container that runs the telepresence daemon. It will also
have the remote volumes mounted in the same way as the remote container that it intercepts.
If you want to curl your remote service, you'll need to do that from a container that shares the daemon container's network. You can find the network using
Now curl with a
docker run that uses that network:
Similarly, if you want to start your intercept handler manually using
docker run, you must ensure that it shares the daemon container's network:
You can use the
--name flag to name the connection and get a shorter network name:
Now, the network name will be
tp-a instead of
Naming is also very useful when you want to connect to several namespaces simultaneously, e.g.
Now, with two connections active, you must pass the flag
--use <name pattern> to other commands, e.g.
- Using the Docker mode of telepresence does not require root access, and makes it easier to adopt it across your organization.
- It limits the potential networking issues you can encounter.
- It limits the potential mount issues you can encounter.
- It enables simultaneous intercepts in multiple namespaces.
- It leverages Docker for your interceptor.