4 min • read

Manually injecting the Traffic Agent

You can directly modify your workload's YAML configuration to add the Telepresence Traffic Agent and enable it to be intercepted.

When you use a Telepresence intercept for the first time on a Pod, the Telepresence Mutating Webhook will automatically inject a Traffic Agent sidecar into it. There might be some situations where this approach cannot be used, such as very strict company security policies preventing it.


You can manually inject the agent into Deployments, StatefulSets, or ReplicaSets. The example on this page uses the following Deployment and Service. It's a prerequisite that they have been applied to the cluster:

1. Generating the YAML

First, generate the YAML for the traffic-agent configmap entry. It's important that the generated file have the same name as the service, and no extension:

Next, generate the YAML for the traffic-agent container:

Next, generate the init-container

Next, generate the YAML for the volumes:

2. Creating (or updating) the configmap

The generated configmap entry must be insterted into the telepresence-agents ConfigMap in the same namespace as the modified Deployment. If the ConfigMap doesn't exist yet, it can be created using the following command:

If it already exists, new entries can be added under the Data key using kubectl edit configmap telepresence-agents.

3. Injecting the YAML into the Deployment

You need to add the Deployment YAML you genereated to include the container and the volume. These are placed as elements of spec.template.spec.containers, spec.template.spec.initContainers, and spec.template.spec.volumes respectively. You also need to modify spec.template.metadata.annotations and add the annotation telepresence.getambassador.io/manually-injected: "true". These changes should look like the following: