{"id":759,"date":"2023-01-31T09:21:00","date_gmt":"2023-01-31T02:21:00","guid":{"rendered":"https:\/\/rotreein.com\/?p=759"},"modified":"2025-01-04T10:25:15","modified_gmt":"2025-01-04T03:25:15","slug":"intercept-application-traffic-on-kubernetes-with-telepresence","status":"publish","type":"post","link":"https:\/\/rotreein.com\/?p=759","title":{"rendered":"Intercept Application Traffic on Kubernetes with Telepresence"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"693\" height=\"390\" src=\"https:\/\/rotreein.com\/wp-content\/uploads\/2025\/01\/image.png\" alt=\"\" class=\"wp-image-760\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Goal<\/h3>\n\n\n\n<ul>\n<li>Seamless development environment in Kubernetes<\/li>\n\n\n\n<li>Keep your local development tools, no commit or push required<\/li>\n\n\n\n<li>Helping local continuous development and deployment of microservice applications<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisites<\/h3>\n\n\n\n<ul>\n<li>telepresence<\/li>\n\n\n\n<li>kubectl<\/li>\n\n\n\n<li>k8s cluster<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to<\/h3>\n\n\n\n<p>Install Telepresence<br>Install telepresence on your local laptop, please follow the documentation for the installation steps. The k8s cluster for testing purposes is running on Azure Kubernetes Service. Please set context Kubernetes cluster. <\/p>\n\n\n\n<pre data-mode=\"php\" data-theme=\"tomorrow\" data-fontsize=\"14\" data-lines=\"Infinity\" class=\"wp-block-simple-code-block-ace\">$ kubectlconfig use-context aks-playground-1\n\n$ telepresence connect<\/pre>\n\n\n\n<p><br>When we use the command telepresence connect to the Kubernetes cluster side, Telepresence will create a namespace ambassador and traffic manager deployment. On the client side, Telepresence set up DNS to enable local access to Kubernetes Cluster. So we don\u2019t need kubectl port-forward to manually configure access to local services. When you access a remote service the DNS resolves to a specific IP<br>address.  For more details, see the <a href=\"https:\/\/www.getambassador.io\/docs\/telepresence\/latest\/reference\/architecture\">Telepresence architecture documentation<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1374\" height=\"210\" src=\"https:\/\/rotreein.com\/wp-content\/uploads\/2025\/01\/image-4.png\" alt=\"\" class=\"wp-image-764\"\/><\/figure>\n\n\n\n<p><br>Telepresence status<\/p>\n\n\n\n<pre data-mode=\"php\" data-theme=\"monokai\" data-fontsize=\"14\" data-lines=\"Infinity\" class=\"wp-block-simple-code-block-ace\">Root Daemon: Running\nVersion : v2.4.9 (api 3)\nDNS :\n Remote IP : 10.0.0.10\n Exclude suffixes: [.arpa .com .io .net .org .ru]\n Include suffixes: []\n Timeout : 4s\n Also Proxy : (0 subnets)\n Never Proxy: (1 subnets)\nUser Daemon: Running\n Version : v2.4.9 (api 3)\n Ambassador Cloud : Logged out\n Status : Connected\n Kubernetes server : https:\/\/aks-playground-01-dns-d78da381.hcp.\nsoutheastasia.azmk8s.io:443\n Kubernetes context: aks-playground-01\n Telepresence proxy: ON (networking to the cluster is enabled)\n Intercepts : 0 total<\/pre>\n\n\n\n<p><br>The Telepresence daemon process creates a Virtual Network Interface (VIF) when Telepresence connects to the Kubernetes cluster<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Verify from the client side, the client will get 10.0.0.10 ( kube-dns) as the DNS Server on Virtual Network Interfaces ( tel0 ). The Telepresence<br>DNS resolver is dynamically configured to resolve names using the namespaces of currently active intercepts.<\/p>\n\n\n\n<pre data-mode=\"php\" data-theme=\"monokai\" data-fontsize=\"14\" data-lines=\"Infinity\" class=\"wp-block-simple-code-block-ace\">Link 123 (tel0)\n    Current Scopes: DNS\n    LLMNR setting: yes\nMulticastDNS setting: no\n    DNSSEC setting: no\n    DNSSEC supported: no\n    DNS Servers: 10.0.0.10\n    DNS Domain: ~ambassador\n                ~default\n                ~development\n                ~ingress-internal\n                ~kube-node-lease\n                ~kube-public\n                ~kube-system\n                cluster.local<\/pre>\n\n\n\n<p><br><\/p>\n\n\n\n<p>basically, we are able to resolve the service inside kubernetes cluster with the following format servicename.namespaces. for example we try to connect dataprocessingservice on development namespaces<\/p>\n\n\n\n<pre data-mode=\"php\" data-theme=\"tomorrow\" data-fontsize=\"14\" data-lines=\"Infinity\" class=\"wp-block-simple-code-block-ace\">nslookup dataprocessingservice.development<\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"540\" height=\"209\" src=\"https:\/\/rotreein.com\/wp-content\/uploads\/2025\/01\/image-3.png\" alt=\"\" class=\"wp-image-763\"\/><\/figure>\n\n\n\n<p><br><\/p>\n\n\n\n<p>Create a sample deployment in Kubernetes cluster<\/p>\n\n\n\n<pre data-mode=\"text\" data-theme=\"tomorrow\" data-fontsize=\"14\" data-lines=\"Infinity\" class=\"wp-block-simple-code-block-ace\">git clone https:\/\/github.com\/datawire\/edgey-corp-python.git\ncd edgey-corp-python\nkubectl apply -f k8s-config\/edgey-corp-web-app-no-mapping.yaml -n development<\/pre>\n\n\n\n<p><br>Since this scenario we will access to the ingress, create an ingress object to provide routing rules to <strong>verylargejavaservice<\/strong><\/p>\n\n\n\n<pre data-mode=\"json\" data-theme=\"tomorrow\" data-fontsize=\"14\" data-lines=\"Infinity\" class=\"wp-block-simple-code-block-ace\">spec:\nrules:\n- host: verylargejavaservice.development.internal\n  http:\n   paths:\n   - backend:\n       service:\n         name: verylargejavaservice\n        <\/pre>\n\n\n\n<p><br>Verify the deployment on k8s<\/p>\n\n\n\n<pre data-mode=\"php\" data-theme=\"tomorrow\" data-fontsize=\"14\" data-lines=\"Infinity\" class=\"wp-block-simple-code-block-ace\">kubectl get deployment,svc,ing -n development<\/pre>\n\n\n\n<pre data-mode=\"php\" data-theme=\"tomorrow\" data-fontsize=\"14\" data-lines=\"Infinity\" class=\"wp-block-simple-code-block-ace\">NAME                                  READY   UP-TO-DATE   AVAILABLE   AGE\ndeployment.apps\/dataprocessingservice 1\/1     1            1           21m\ndeployment.apps\/verylargedatastore    1\/1     1            1           21m\ndeployment.apps\/verylargejavaservice  1\/1     1            1           21m\n\nNAME                          TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)     AGE\nservice\/dataprocessingservice ClusterIP   10.0.31.245    &lt;none>        3000\/TCP    21m\nservice\/verylargedatastore    ClusterIP   10.0.4.75      &lt;none>        8080\/TCP    21m\nservice\/verylargejavaservice  ClusterIP   10.0.155.58    &lt;none>        8080\/TCP    21m\n\nNAME                                             CLASS    HOSTS                    ADDRESS   PORTS   AGE\ningress.networking.k8s.io\/verylargejavaservice   &lt;none>   verylargejavaservice.    &lt;none>   21m\n<\/pre>\n\n\n\n<p><br>Connection test to verylargejavaservice. below several services, such us <strong>verylargejavaservice<\/strong>, <strong>dataprocessingservice<\/strong> and <strong>verylargedatastore<\/strong> are running on K8s Cluster. Please ignore the wording on the symbol cloud<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"656\" height=\"463\" src=\"https:\/\/rotreein.com\/wp-content\/uploads\/2025\/01\/image-1.png\" alt=\"\" class=\"wp-image-761\"\/><\/figure>\n\n\n\n<p><br><br>Intercept <strong>dataprocessingservice<\/strong> on that running on k8s cluster into your local environment<\/p>\n\n\n\n<pre data-mode=\"php\" data-theme=\"tomorrow\" data-fontsize=\"14\" data-lines=\"Infinity\" class=\"wp-block-simple-code-block-ace\">$ telepresence intercept dataprocessingservice --port 3000 -n development<\/pre>\n\n\n\n<pre data-mode=\"php\" data-theme=\"tomorrow\" data-fontsize=\"14\" data-lines=\"Infinity\" class=\"wp-block-simple-code-block-ace\">Using Deployment dataprocessingservice\nintercepted\n    Intercept name : dataprocessingservice-development\n    State : ACTIVE\n    Workload kind : Deployment\n    Destination : 127.0.0.1:3000\n    Volume Mount Point: \/tmp\/telfs-2442392270<\/pre>\n\n\n\n<p><br><\/p>\n\n\n\n<p>in parallel you are working on development microservice <strong>dataprocessingservice <\/strong>on your laptop, once the intercept is already activated, the traffic from external toward <strong>dataprocessingservice<\/strong> will be routed to the local laptop<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"683\" height=\"559\" src=\"https:\/\/rotreein.com\/wp-content\/uploads\/2025\/01\/image-2.png\" alt=\"\" class=\"wp-image-762\"\/><\/figure>\n\n\n\n<p><br>after you make changes code <strong>DEFAULT_COLOR = &#8216;orange&#8217;<\/strong> on local development, we can see the changes when we access the service again, Traffic from <strong>verylargejaveservice<\/strong> will be routed to local laptop with orange color.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"702\" height=\"434\" src=\"https:\/\/rotreein.com\/wp-content\/uploads\/2025\/01\/Screenshot-2025-01-04-at-12.57.36.png\" alt=\"\" class=\"wp-image-815\"\/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Reference<\/h4>\n\n\n\n<ul>\n<li><a href=\"https:\/\/www.getambassador.io\/docs\/telepresence\/latest\/reference\/architecture\">https:\/\/www.getambassador.io\/docs\/telepresence\/latest\/reference\/architecture<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/datawire\/edgey-corp-python.git\">https:\/\/github.com\/datawire\/edgey-corp-python.git<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Goal Prerequisites How to Install TelepresenceInstall telepresence on your local laptop, please follow the documentation for the installation steps. The k8s cluster for testing purposes is running on Azure Kubernetes Service. Please set context Kubernetes cluster. When we use the command telepresence connect to the Kubernetes cluster side, Telepresence will create a namespace ambassador and&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"_links":{"self":[{"href":"https:\/\/rotreein.com\/index.php?rest_route=\/wp\/v2\/posts\/759"}],"collection":[{"href":"https:\/\/rotreein.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rotreein.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rotreein.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rotreein.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=759"}],"version-history":[{"count":44,"href":"https:\/\/rotreein.com\/index.php?rest_route=\/wp\/v2\/posts\/759\/revisions"}],"predecessor-version":[{"id":830,"href":"https:\/\/rotreein.com\/index.php?rest_route=\/wp\/v2\/posts\/759\/revisions\/830"}],"wp:attachment":[{"href":"https:\/\/rotreein.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=759"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rotreein.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=759"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rotreein.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=759"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}