# Telepresence — Local Dev for Remote Kubernetes > CNCF tool that makes a remote Kubernetes cluster feel like localhost. Intercept a Pod's traffic to your IDE while the rest of the stack runs in staging. ## Install Save as a script file and run: # Telepresence — Local Development for Remote Kubernetes ## Quick Use ```bash # install on macOS / Linux brew install datawire/blackbird/telepresence # connect your laptop to a remote cluster's network telepresence helm install # one-time cluster install telepresence connect # now cluster DNS and Services resolve locally curl http://api.prod.svc.cluster.local:8080/health # intercept a remote Service and route its traffic to your laptop telepresence intercept orders --port 8080:http --env-file=.env.dev # run your local dev server — it now receives cluster traffic ./run-orders-locally.sh ``` ## Introduction Telepresence is a CNCF project that makes a remote Kubernetes cluster feel like localhost. Developers run a single service in their IDE while the other 40 services stay in a shared staging cluster. Traffic, DNS, and environment variables flow through a sidecar so your laptop participates in the cluster network without deploying anything. ## What Telepresence Does - Routes cluster DNS, Services, and IPs into your local network namespace - "Intercepts" a remote workload's traffic and forwards it to a local process - Supports global and personal intercepts (with header-based routing) via Ambassador - Syncs environment variables, secrets, and volumes from the remote Pod - Cuts CI-style inner-loop times for apps that depend on heavy dependencies ## Architecture Overview Telepresence has three pieces: a user-daemon on your laptop that handles DNS and VPN-like routing, a root-daemon that sets up tun interfaces, and the Traffic Manager / Traffic Agents running in the cluster. When you intercept a workload, the Traffic Manager injects an agent as a sidecar, which forwards matching requests to your local daemon over a secured tunnel. ## Self-Hosting & Configuration - One-time `telepresence helm install` deploys the Traffic Manager into `ambassador` namespace - Works with any CNI; no cluster-wide privileges beyond the Helm chart - `~/.config/telepresence/config.yml` tunes timeouts, log levels, and DNS suffixes - Supports mTLS for the agent tunnel and OIDC login for team use - Air-gapped installs supported with a private image registry and custom chart values ## Key Features - DNS-based ingress — `api.svc.cluster.local` just works from curl, Postman, or IDE - Personal intercepts using `x-telepresence-intercept` header so teammates do not collide - Replace a Pod (global intercept) or tee traffic (selective intercept) — your choice - File and env sync means you never chase "why does it work in staging but not here" - IntelliJ, VS Code, and JetBrains plugins for a one-click intercept experience ## Comparison with Similar Tools - **Skaffold** — deploys to a remote cluster and port-forwards; different model, no intercepts - **Tilt** — dev loop for in-cluster work; pairs well with Telepresence for hybrid setups - **kubectl port-forward** — only outbound; Telepresence adds bidirectional network access - **Okteto** — runs the full dev env in the cluster; Telepresence keeps your IDE local - **mirrord** — newer ebpf-based alternative with fewer cluster-side dependencies ## FAQ **Q: Do I need cluster-admin?** A: No for use, yes for the initial `helm install`. Developers only need RBAC to intercept workloads. **Q: Is traffic encrypted?** A: The agent-to-laptop tunnel is mTLS. Cluster-internal traffic retains whatever your mesh already provides. **Q: Can multiple devs work on the same service?** A: Yes — personal intercepts use request headers to route only your team member's traffic to their laptop. **Q: Does it work with Istio / Linkerd?** A: Yes. Telepresence agents coexist with service meshes and honor mTLS configurations. ## Sources - https://github.com/telepresenceio/telepresence - https://www.telepresence.io/ --- Source: https://tokrepo.com/en/workflows/87729894-3900-11f1-9bc6-00163e2b0d79 Author: Script Depot