DocsTelepresenceProvider Prerequisites for Traffic Manager
Provider Prerequisites for Traffic Manager
GKE
Firewall Rules for private clusters
A GKE cluster with private networking will come preconfigured with firewall rules that prevent the Traffic Manager's
webhook injector from being invoked by the Kubernetes API server.
For Telepresence to work in such a cluster, you'll need to add a firewall rule allowing the Kubernetes masters to access TCP port 8443
in your pods.
For example, for a cluster named tele-webhook-gke
in region us-central1-c1
:
GKE Authentication Plugin
Starting with Kubernetes version 1.26 GKE will require the use of the gke-gcloud-auth-plugin. You will need to install this plugin to use Telepresence with Docker while using GKE.
If you are using the Telepresence Docker Extension you will need to ensure that your command
is set to an absolute path in your kubeconfig file. If you've installed not using homebrew you may see in your file command: gke-gcloud-auth-plugin
. This would need to be replaced with the path to the binary.
You can check this by opening your kubeconfig file, and under the users
section with your GKE cluster there is a command
if you've installed with homebrew it would look like this
command: /opt/homebrew/Caskroom/google-cloud-sdk/latest/google-cloud-sdk/bin/gcloud
.
EKS
EKS Authentication Plugin
If you are using AWS CLI version earlier than 1.16.156
you will need to install aws-iam-authenticator.
You will need to install this plugin to use Telepresence with Docker while using EKS.
If you are using the Telepresence Docker Extension you will need to ensure that your command
is set to an absolute path in your kubeconfig file instead of a relative path.
You can check this by opening your kubeconfig file, and under the users
section with your EKS cluster there is a command
if you've installed with homebrew it would look like this
command: /opt/homebrew/Cellar/aws-iam-authenticator/0.6.2/bin/aws-iam-authenticator
.