Docsright arrowTelepresenceright arrowConfiguring intercept using specifications

10 min • read

Configuring intercept using specifications

This page references the different options available to the telepresence intercept specification.

With telepresence, you can provide a file to define how an intercept should work.


Your intercept specification is where you can create a standard, easy to use, configuration to easily run pre and post tasks, start an intercept, and start your local application to handle the intercepted traffic.

There are many ways to configure your specification to suit your needs, the table below shows the possible options within your specifcation, and you can see the spec's schema, with all available options and formats, here.

nameName of the specification.
prerequisitesThings to set up prior to starting any intercepts, and tear things down once the intercept is complete.
connectionConnection properties to use when Telepresence connects to the cluster.
workloadsRemote workloads that are intercepted, keyed by workload name.
handlersLocal processes to handle traffic and/or setup .


The name is optional. If you don't specify the name it will use the filename of the specification file.


The connection option is used to define how Telepresence connects to your cluster.

You can pass the most common parameters from telepresence connect command (telepresence connect --help) using a camel case format.

Some of the most commonly used options include:

contextstringThe kubernetes context to use
mappedNamespacesstring list[a-z0-9][a-z0-9-]{1,62}The namespaces that Telepresence will be concerned with


A handler is code running locally.

It can receive traffic for an intercepted service, or can set up prerequisites to run before/after the intercept itself.

When it is intended as an intercept handler (i.e. to handle traffic), it's usually the service you're working on, or another dependency (database, another third party service, ...) running on your machine. A handler can be a Docker container, or an application running natively.

The sample below is creating an intercept handler, giving it the name echo-server and using a docker container. The container will automatically have access to the ports, environment, and mounted directories of the intercepted container.

If you don't want to use Docker containers, you can still configure your handlers to start via a regular script. The snippet below shows how to create an handler called echo-server, that sets an environment variable of PORT=8080 and starts the application.

Keep in mind that an empty handler is still a valid handler. This is sometimes useful when you want to, for example, simulate an intercepted service going down:

The table belows defines the parameters that can be used within the handlers section.

namestring[a-zA-Z][a-zA-Z0-9_-]*Defines name of your handler that the intercepts use to reference it
environmentmap listN/AEnvironment Defines environment variables within your handler
environment[*].namestring[a-zA-Z_][a-zA-Z0-9_]*The name of the environment variable
environment[*].valuestringN/AThe value for the environment variable
scriptmapN/ATells the handler to run as a script, mutually exclusive to docker
dockermapN/ATells the handler to run as a docker container, mutually exclusive to script


The handler's script element defines the parameters:

runstringN/AThe script to run. Can be multi-line
shellstringbash|sh|shShell that will parse and run the script. Can be bash, zsh, or sh. Defaults to the value of theSHELL environment variable


The handler's docker element defines the parameters. The build and image parameters are mutually exclusive:

buildmapN/ADefines how to build the image from source using docker build command
imagestringimageDefines which image to be used
portsint listN/AThe ports which should be exposed to the host
optionsstring listN/AOptions for docker run options
commandstringN/AOptional command to run
argsstring listN/AOptional command arguments


The docker build element defines the parameters:

contextstringN/ADefines either a path to a directory containing a Dockerfile, or a url to a git repository
argsstring listN/AAdditional arguments for the docker build command.

For additional informations on these parameters, please check the docker documentation.


When creating an intercept specification there is an option to include prerequisites.

Prerequisites give you the ability to run scripts for setup, build binaries to run as your intercept handler, or many other use cases.

Prerequisites is an array, so it can handle many options prior to starting your intercept and running your intercept handlers. The elements of the prerequisites array correspond to handlers.

The sample below is declaring that build-binary and rm-binary are two handlers; the first will be run before any intercepts, the second will be run after cleaning up the intercepts.

If a prerequisite create succeeds, the corresponding delete is guaranteed to run even if the other steps in the spec fail.

The table below defines the parameters availble within the prerequistes section.

createThe name of a handler to run before the intercept
deleteThe name of a handler to run after the intercept


Workloads define the services in your cluster that will be intercepted.

The example below is creating an intercept on a service called echo-server on port 8080. It creates a personal intercept with the header of x-intercept-id: foo, and routes its traffic to a handler called echo-server

This table defines the parameters available within a workload.

namestring[a-z][a-z0-9-]*If set to false, disables this intercepttrue
namespacestring[a-z0-9][a-z0-9-]{1,62}Name of service to interceptN/A
interceptsintercept listN/AThe list of intercepts associated to the workloadN/A


This table defines the parameters available for each intercept.

enabledbooleanN/AIf set to false, disables this intercept.true
headersheader listHeaders that will filter the intercept.Auto generated
servicename[a-z][a-z0-9-]{1,62}Name of service to interceptN/A
localPortintegersh|string0-65535The port for the service which is interceptedN/A
portinteger0-65535The port the service in the cluster is running onN/A
pathPrefixstringN/APath prefix filter for the intercept. Defaults to "/"/
previewURLbooleanN/ADetermine if a preview url should be createdtrue
bannerbooleanN/AUsed in the preview url option, displays a banner on the preview pagetrue

You can define headers to filter the requests which should end up on your machine when intercepting.

namestringN/AName of the headerN/A
valuestringN/AValue of the headerN/A

Telepresence specs also support dynamic headers with variables:

Telepresence.UsernamestringThe name of the user running the spec

Running your specification

After you've written your intercept specification you will want to run it.

To start your intercept, use this command:

This will validate and run your spec. In case you just want to validate it, you can do so by using this command:

Using and sharing your specification as a CRD

If you want to share specifications across your team or your organization. You can save specifications as CRDs inside your cluster.

  1. Install CRD object in your cluster (one time installation) :

  2. Then you need to deploy the specification in your cluster as a CRD:

    So echo-server example looks like this:

    Then every person that is connected to the cluster can start your intercept by using this command:

    You can also list available specifications:

Docker integration

Intercept specification can be used within the docker extension if you are using a YAML file and a docker runtime as handlers.

IDE Integration

You can integrate our JSON schemas into your IDE to give you autocompletion and hints while writing your intercept specification. There is two schemas available :

To then add the schema to your IDE follow the instructions for you given IDE, a few popular our listed below: VSCode GoLand