Get desktop application:
View/edit binary Protocol Buffers messages
ArriveAsAgent establishes a session between an agent and the Manager.
ArriveAsClient establishes a session between a client and the Manager.
CreateIntercept lets a client create an intercept. It will be created in the "WATING" disposition, and it will remain in that state until the Agent (the app-sidecar) calls ReviewIntercept() to transition it to the "ACTIVE" disposition (or one of the error dispositions).
Depart terminates a session.
EnsureAgent ensures that an agent is injected to the pods of a workload and returns the agents, sorted by pod name.
GetAgentConfig returns the agent configuration for a specific workload.
GetAgentImageFQN returns fully qualified name of the image that is injected into intercepted pods.
GetClientConfig returns the config that connected clients should use for this manager.
config_yaml is a yaml blob containing the client config.
GetIntercept gets info from intercept name
GetKnownWorkloadKinds returns the known workload kinds that the manager can handle. This set may include Deployment, StatefulSet, ReplicaSet, Rollout (Argo Rollouts) as configured in the manager's Helm values.
GetLogs will acquire logs for the various Telepresence components in kubernetes (pending the request) and return them to the caller Deprecated: Will return an empty response
Deprecated.
Whether or not logs from the traffic-manager are desired.
The traffic-agent(s) logs are desired from. Can be `all`, `False`, or substring to filter based on pod names.
Whether or not to get the pod yaml deployed to the cluster.
Deprecated.
The map contains assocations between <podName.namespace> and the logs from that pod.
Errors encountered when getting logs from the traffic-manager and/or traffic-agents.
The map contains assocations between <podName.namespace> and the pod's yaml.
GetTelepresenceAPI returns information about the TelepresenceAPI server
The port that the TelepresenceAPI is using, or 0 if it's not enabled
Lookup performs an LookupIP in the cluster and returns the resultings IPs.
LookupDNS performs a DNS lookup in the cluster. If the caller has intercepts active, the lookup will be performed from the intercepted pods.
Request that the traffic-manager makes the preparations necessary to create the given intercept.
TCP or UDP
The cluster IPs of the service, each in netip.Addr binary form.
ReconnectAgent re-establishes a session between an agent and the Manager.
ReconnectClient re-establishes a session between a client and the Manager.
Remain indicates that the session is still valid, and potentially updates the auth token for the session.
RemoveIntercept lets a client remove an intercept.
ReportMetrics is used by a traffic-agent to report metrics for streams established when clients connect directly to traffic-agents using port-forward.
Number of bytes sent from the client to the traffic-agent.
Number of bytes sent from traffic-agent to the client.
ReviewIntercept lets an agent approve or reject an intercept by changing the disposition from "WATING" to "ACTIVE" or to an error, and setting a human-readable status message.
pod IP and sftp port to use when doing sshfs mounts
The directory where the intercept mounts can be found in the agent
A human-friendly description of what the InterceptSpec.mechanism_args say.
The environment of the intercepted container
Map of mount path -> MountPolicy of the engaged container
SetLogLevel will temporarily set the log-level for the traffic-manager and all traffic-agents for a duration that is determined b the request.
A Tunnel represents one single connection where the client or traffic-agent represents one end (the client-side) and the traffic-manager represents the other (the server side). The first message that a client sends when the tunnel is established is will always contain the session ID, connection ID, and timeouts used by the dialer endpoints.
UninstallAgents will uninstall the traffic-agent from the given workloads (or all workloads if the list is empty).
The session_info identifies the client connection, and hence the namespace for the resulting watcher.
The agents to install. Empty means all agents in the connected namespace.
Version returns the version information of the Manager.
WatchAgentPods notifies a client of the set of known Agents from the client connections namespace that the client can connect to when port-forwards are allowed.
WatchAgentPods notifies a client of changes to the set of known Agents from the client connections namespace that the client can connect to when port-forwards are allowed.
WatchAgentPodsInNamespacesDelta notifies a client of changes to the set of known Agents from the requested namespaces that the client can connect to when port-forwards are allowed.
WatchAgents notifies a client of the set of known Agents. A session ID is required; if no session ID is given then the call returns immediately, having not delivered any snapshots.
WatchAgents notifies a client of changes to the set of known Agents.
WatchClusterInfo returns information needed when establishing connectivity to the cluster.
ClusterInfo contains information that the root daemon needs in order to establish outbound traffic to the cluster.
The service_cidrs reported by NetworkingV1().ServiceCIDRs() in netip.Prefix binary form.
service_subnet is the Kubernetes service subnet. Deprecated: use service_cidrs
pod_subnets are the subnets used for Kubenetes pods.
manager_pod_ip is the ip address of the traffic manager
manager_pod_port is the port of the traffic manager
injector_svc_ip is the ip address of the traffic manager's agent injector service
injector_svc_port is the port of the traffic manager's agent injector service
injector_svc_host is the http host of the traffic manager's agent injector service
Router configuration
DNS configuration
WatchIntercepts notifies a client or agent of the set of intercepts relevant to that client or agent. If a session ID is given, then only intercepts associated with that session are watched. If no session ID is given, then all intercepts are watched.
WatchInterceptsDelta notifies a client or agent of changes in the set of intercepts relevant to that client or agent.
WatchLogLevel lets an agent receive log-level updates
WatchWorkloads notifies a client of the set of Workloads from the client connection's namespace.
The session_info identifies the client connection, and hence the namespace for the resulting watcher.
The timestamp from which the first delta should be computed. Set to undefined to get a delta that contains everything.
The namespace to watch. Must be one of the namespaces that are managed by the traffic-manager. Defaults to the connected namespace.
WorkloadEventDelta contains the changes made to the subscribed namespace since the time given in the timestamp. A watcher can rely on that received deltas are consecutive.
The timestamp from which this delta is computed. Typically equal to the time when the previous delta was sent.
Used as request type in: connector.Connector.GetAgentConfig, Manager.GetAgentConfig
Used as response type in: connector.Connector.GetAgentConfig, Manager.GetAgentConfig
Used as response type in: connector.Connector.AgentImageFQN, Manager.GetAgentImageFQN
AgentInfo is the self-reported metadata that an Agent (app-sidecar) reports at boot-up when it connects to the Telepresence Manager.
Used as request type in: Manager.ArriveAsAgent
Used as field type in: , , ,
name of the Workload
namespace of the Workload
Pod name (from metadata.name)
Pod IP (from status.podIP)
Pod UID
Port number for the agent gRPC API
Port number for the agent SFTP server
Port number for the agent FTP server
distinguish open source, our closed source, someone else's thing
This is a list of the mechanisms that the Agent advertises that it supports.
Used in:
The container environment
The directory where the intercept mounts can be found in the agent
Map of mount -> MountPolicy
"Mechanisms" are the ways that an Agent can decide handle incoming requests, and decide whether to send them to the in-cluster service, or whether to intercept them. The "tcp" mechanism is the only one in Telepresence open source, and handles things at the TCP-level and either intercepts all TCP streams or doesn't intercept anything. Other Agents than the Telepresence one may implement more mechanisms, such as Ambassador Labs' "Service Preview" Agent which implements the "http" mechanism which handles th "http" mechanism, which handles things at the HTTP-request-level and can decide to intercept individual HTTP requests based on the request headers.
Used in:
"tcp" or "http" or "grpc" or ...
distinguish open source, our closed source, someone else's thing
Used as response type in: Manager.EnsureAgent, Manager.WatchAgents
Used in: ,
Used as response type in: Manager.WatchAgentPodsDelta, Manager.WatchAgentPodsInNamespacesDelta
ClientInfo is the self-reported metadata that the on-laptop Telepresence client reports whenever it connects to the in-cluster Manager.
Used as request type in: Manager.ArriveAsClient
Used as field type in:
user@hostname
namespace that the client is connected to
"telepresence"
Used as request type in: Manager.CreateIntercept, Manager.PrepareIntercept
Used in:
kube_dns_ip is the IP address of the kube-dns.kube-system service, Deprecated: No longer used by clients >= 2.8.0
cluster_domain is the domain of the cluster, ending with a dot, e.g. "cluster.local."
Agent session
DNSRequest is the request that this is a response to
The response, which might be nil in case no address was found
LookupHost request sent from a client
Used as request type in: Manager.LookupDNS
Used as field type in:
Client session
Used as response type in: Manager.LookupDNS
Used as field type in:
DNS return code
rrs is an array of packed RR records
Used as response type in: agent.Agent.WatchDial
Used as request type in: connector.Connector.GetIntercept, Manager.GetIntercept
IPNet is a subnet. e.g. 10.43.0.0/16
Used in: , ,
Used in: ,
What does "NO_CLIENT" mean? The Manager garbage-collects the intercept if the client goes away.
NO_AGENT indicates that there are no currently-running agents that can service the intercept, or that there is a inconsistency between the agents that are running. This may be an ephemeral state, such as inconsistency between agents during the middle of a rolling update.
NO_MECHANISM indicates that the agent(s) that would handle this intercept do not report that they support the mechanism of the intercept. For example, if you are running the OSS agent but ask for an intercept using the "http" mechanism, which requires the Ambassador Telepresence agent.
NO_PORT indicates that the manager was unable to allocate a port to act as the rendezvous point between the client and the agent.
AGENT_ERROR indicates that the intercept was submitted to an agent, but that the agent rejected it (by calling ReviewIntercept).
BAD_ARGS indicates that something about the mechanism_args is invalid.
InterceptInfo contains information about a live intercept in an agent
Used as response type in: connector.Connector.CreateIntercept, connector.Connector.GetIntercept, Manager.CreateIntercept, Manager.GetIntercept
Used as field type in: , , ,
The current intercept state; a status code and a human-friendly message to go along with the status code. These may be set manager itself, or may be set by the agent's call to ReviewIntercept.
Name and port to use when establishing port-forward to the pod's gRPC API.
The directory where the client mounts the remote mount_point. Only set when obtaining InterceptInfo from the user daemon.
The directory where the intercept mounts can be found in the agent
A human-friendly description of what the spec.mechanism_args say. This is set by the agent's call to ReviewIntercept.
The environment of the intercepted app
Map of mount path -> MountPolicy
Timestamp for last modification made by traffic-manager
Used as response type in: Manager.WatchIntercepts
Used as field type in:
InterceptSpec contains static information about an intercept. It is shared by all running agent instances.
Used in: , ,
A human-friendly name for this intercept. This is usually the same as the agent name below; the name/namespace of the Workload, but it could be something else. It is invalid for the same client to attempt to create multiple intercepts with the same name.
Same as ClientInfo.Name; "user@hostname".
Same as AgentInfo.Name of the Workload.
Kind of the Workload
Same as AgentInfo.Namespace of the Workload
How to decide which subset of requests to that agent to intercept.
The host that the target_ports are routed to.
Ports that will be forwarded from the intercepting pod's IP address to the target_host, using the following syntax: PORT = port-decl ["/" protocol ] port-decl = port-spec [ ":" uint16 ] protocol = "TCP" | "UDP" port-spec = name | uint16 If two numbers are used, they signify source:destination.
Ports that will be forwarded from the intercepting client's localhost to the intercepted pod. Uses the same syntax as target_ports.
Identifier for the service or container port: either the name or port number optionally followed by a "/TCP" or "/UDP"
The resolved service port name
The resolved service port
.uid.metadata of service associated with intercept
name of the aforementioned service
The resolved protocol used by the container port
TCP or UDP
Name of container that provides environment and mounts. This is normally the container that owns the container_port, but in some cases it will differ because the container_port is owned by some kind of routing mechanism (such as nginx).
The resolved container port that is intercepted.
The port on the workstation that the intercepted container_port is redirected to.
The delay imposed by a call roundtrip between the traffic-agent and the client on the workstation. This delay is added to the dial_timeout when the workstation performs a dial on behalf of the traffic-agent.
The dial timeout to use when a dial is made on the intercepting workstation.
Extra ports that will be forwarded from the intercepting client's localhost to the intercepted pod. Deprecated: use local_ports instead
Whether to replace the running container.
place a wiretap on intercepted ports instead of redirecting them
Intercept desire no default port.
HTTP header filters for HTTP Intercepts. Only requests containing these headers (key=value) will be intercepted. Multiple headers use AND logic.
Path filter patterns for HTTP Intercepts. Supports glob patterns like "/api/v1/*". If specified, only requests matching these paths will be intercepted.
Metadata to associate with the intercept. Retrievable using the API server.
Plaintext instructs the traffic-agent to use plain text when communicating with the client.
The cluster IPs of the service that the intercept is made on, each in netip.Addr binary form.
Used as response type in: connector.Connector.GetKnownWorkloadKinds, Manager.GetKnownWorkloadKinds
Used as request type in: daemon.Daemon.SetLogLevel, Manager.SetLogLevel
Used as response type in: Manager.WatchLogLevel
The time that this log-level will be in effect before falling back to the configured log-level.
Used as request type in: agent.Agent.Lookup, Manager.Lookup
Client session
The name to use for the LookupIP request.
Used as response type in: agent.Agent.Lookup, Manager.Lookup
List of found IPs in netip.Addr binary form.
PortMapping describes a mapping from a port number in the intercepted container to a port on the client for --from-pod and or vice versa when using --to-pod.
Used as request type in: connector.Connector.RemoveIntercept, Manager.RemoveIntercept
RouteAssociation describes a route object (currently always an Ingress in the service's own namespace) that routes traffic to one of the ports of the service it is associated with.
Used in:
The service port that this route targets.
Load-balancer addresses (IPs or hostnames) of the route object, used to reach the route when it declares no hosts.
Used in:
ServiceAssociation describes a service in the workload's namespace whose selector matches the workload's pods, together with the routes that target that service.
Used in: ,
Used in:
Used as request type in: agent.Agent.WatchDial, Manager.Depart, Manager.GetKnownWorkloadKinds, Manager.WatchAgentPods, Manager.WatchAgentPodsDelta, Manager.WatchAgents, Manager.WatchAgentsDelta, Manager.WatchClusterInfo, Manager.WatchIntercepts, Manager.WatchInterceptsDelta
Used as response type in: Manager.ArriveAsAgent, Manager.ArriveAsClient
Used as field type in: , , , , , , , , , , , , , , , , ,
TunnelMessage is a message sent over a Tunnel. First byte indicates type of message
Used as request type in: agent.Agent.Tunnel, Manager.Tunnel
Used as response type in: agent.Agent.Tunnel, Manager.Tunnel
VersionInfo2 is different than telepresence.common.VersionInfo in that it is limited to just name and version.
Used as response type in: agent.Agent.Version, Manager.Version
Used as field type in:
Used in:
Used in:
WorkloadInfo contains information about a workload (typically a Deployment).
Used in:
Used in:
Workload has never been intercepted, so no agent has been installed.
An agent has been installed into workload's pods, but it is not currently intercepted.
The workload (or rather its pods) is currently intercepted.
Used in:
name of intercepting client
Used in: ,
Used in:
The state of this workload is not known.
Available means the deployment is available, ie. at least the minimum available replicas required are up and running for at least minReadySeconds.
Progressing means the workload is progressing. Progress for a workload is considered when a new replica set is created or adopted, and when new pods scale up or old pods scale down. Progress is not estimated for paused workloads or when progressDeadlineSeconds is not specified.
FAILURE means that one of its pods fails to be created or deleted.