Add docs for numeric ports.

Signed-off-by: Jose Cortes <[email protected]>
telepresenceio · Sep 22, 2021 · 869eafb · 869eafb
1 parent d93b98d
commit 869eafb
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 8 deletions.
diff --git a/reference/cluster-config.md b/reference/cluster-config.md
@@ -201,11 +201,6 @@ To solve this issue, you can use Telepresence's Mutating Webhook alternative mec
 workloads will then stay untouched and only the underlying pods will be modified to inject the Traffic
 Agent sidecar container and update the port definitions.
 
-<Alert severity="info">
-A current limitation of the Mutating Webhook mechanism is that the <code>targetPort</code> of your intercepted
-Service needs to point to the <strong>name</strong> of a port on your container, not the port number itself.
-</Alert>
-
 Simply add the `telepresence.getambassador.io/inject-traffic-agent: enabled` annotation to your
 workload template's annotations:
 
@@ -221,6 +216,7 @@ workload template's annotations:
        containers:
 ```
 
+
 ### Service Port Annotation
 
 A service port annotation can be added to the workload to make the Mutating Webhook select a specific port
@@ -238,3 +234,53 @@ in the service. This is necessary when the service has multiple ports.
      spec:
        containers:
 ```
+
+### Note on numeric ports
+
+If the <code>targetPort</code> of your intercepted Service is pointing at a port number, in addition to
+injecting the Traffic Agent sidecar, Telepresence will also inject an <code>initContainer</code> that will
+reconfigure the pod's firewall rules to redirect traffic to the Traffic Agent.
+
+<Alert severity="info">
+Note that this <code>initContainer</code> requires `NET_ADMIN` capabilities.
+If your cluster administrator has disabled them, you will be unable to use numeric ports with the agent injector.
+</Alert>
+
+For example, the following service is using a numeric port, and so Telepresence would inject an initContainer into it:
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: your-service
+spec:
+  type: ClusterIP
+  selector:
+    service: your-service
+  ports:
+    - port: 80
+      targetPort: 8080
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: your-service
+  labels:
+    service: your-service
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      service: your-service
+  template:
+    metadata:
+      annotations:
+        telepresence.getambassador.io/inject-traffic-agent: enabled
+      labels:
+        service: your-service
+    spec:
+      containers:
+        - name: your-container
+          image: jmalloc/echo-server
+          ports:
+            - containerPort: 8080
+```
diff --git a/releaseNotes.yml b/releaseNotes.yml
@@ -30,11 +30,14 @@ docDescription: >-
 changelog: https://github.com/telepresenceio/telepresence/blob/$branch$/CHANGELOG.md
 
 items:
-
   - version: 2.4.4
     date: 'TBD'
-    notes: []
-
+    notes:
+      - type: feature
+        title: Numeric ports in agent injector
+        body: >-
+          The agent injector now supports injecting Traffic Agents into pods that have unnamed ports.
+        docs: reference/cluster-config/#note-on-numeric-ports
   - version: 2.4.3
     date: '2021-09-15'
     notes: