(from getambassador.io) Merge pull request #437 from datawire/docs/tp…

…_new_features Docs for new Telepresence features
telepresenceio · Feb 18, 2021 · 69831bf · 69831bf
2 parents 45f12f3 + d632c37
commit 69831bf
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 6 deletions.
diff --git a/faqs.md b/faqs.md
@@ -33,11 +33,7 @@ Yes, please see [this document](../reference/environment/) for more information.
 
 ** When using Telepresence to intercept a pod, are the associated pod volume mounts also proxied and shared with my local machine?**
 
-This feature is coming soon.
-
-For the moment you can `kubectl exec` into a container running on the pod in order to explore the volumes.
-
-If you are using Kubernetes 1.16+, you can also create an ephemeral container (an alpha feature) within a pod, and explore the volumes using this approach.
+Yes, please see [this doc on using volume mounts](../reference/volume/).
 
 ** When connected to a Kubernetes cluster via Telepresence, can I access cluster-based services via their DNS name?**
 
@@ -71,7 +67,7 @@ On Fedora, Telepresence also creates a virtual network device (a TUN network) fo
 
 ** What components get installed in the cluster when running Telepresence?**
 
-A single Traffic Manager service is deployed in the default namespace within your cluster, and this manages resilient intercepts and connections between your local machine and the cluster.
+A single Traffic Manager service is deployed in the `ambassador` namespace within your cluster, and this manages resilient intercepts and connections between your local machine and the cluster.
 
 A Traffic Agent container is injected per pod that is being intercepted. The first time a deployment is intercepted all pods associated with this deployment will be restarted with the Traffic Agent automatically injected.
 

diff --git a/howtos/outbound.md b/howtos/outbound.md
@@ -54,3 +54,9 @@ Connecting to the cluster starts the background daemon on your machine and insta
   $ telepresence quit
   Telepresence Daemon quitting...done
   ```
+
+## Controlling Outbound Connectivity
+
+By default, Telepresence will provide access to all Services found in all namespaces in the connected cluster. This might lead to problems if the user does not have access permissions to all namespaces via RBAC. The `--mapped-namespaces <comma separated list of namespaces>` flag was added to give the user control over exactly which namespaces will be accessible.
+
+When using this option, it is important to include all namespaces containing services to be accessed and also all namespaces that contain services that those intercepted services might use.
diff --git a/reference/volume.md b/reference/volume.md
@@ -0,0 +1,33 @@
+# Volume Mounts
+
+import Alert from '@material-ui/lab/Alert';
+
+Telepresence supports locally mounting of volumes that are mounted to your Pods.  You can specify a command to run when starting the intercept, this could be a subshell or local server such as Python or Node.
+
+```
+telepresence intercept <mysvc> --port <port> --mount=/tmp/ -- /bin/bash
+```
+
+In this case, Telepresence creates the intercept, mounts the Pod's volumes to locally to `/tmp`, and starts a Bash subshell.
+
+Telepresence can set a random mount point for you by using `--mount=true` instead, you can then find the mount point using the `$TELEPRESENCE_ROOT` variable.
+
+```
+$ telepresence intercept <mysvc> --port <port> --mount=true -- /bin/bash
+Using deployment <mysvc>
+intercepted
+    State       : ACTIVE
+    Destination : 127.0.0.1:<port>
+    Intercepting: all connections
+
+bash-3.2$ echo $TELEPRESENCE_ROOT
+/var/folders/yh/42y5h_7s5992f80sjlv3wlgc0000gn/T/telfs-427288831
+```
+
+<Alert severity="info"><code>--mount=true</code> is the default if a <code>mount</code> option is not specified, use <code>--mount=false</code> to disable mounting volumes.</Alert>
+
+With either method, the code you run locally either from the subshell or from the intercept command will need to be prepended with the `$TELEPRESENCE_ROOT` environment variable to utilitze the mounted volumes.
+
+For example, Kubernetes mounts secrets to `/var/run/secrets`.  Once mounted, to access these you would need to change your code to use `$TELEPRESENCE_ROOT/var/run/secrets`.
+
+<Alert severity="info">If using <code>--mount=true</code> without a command, you can use either <a href="../environment/">environment variable</a> flag to retrieve the variable.</Alert>