From e8255ea3afbd7435816f0be3a2f54fb06d9ff4cf Mon Sep 17 00:00:00 2001 From: Donny Yung Date: Fri, 6 Aug 2021 09:13:29 -0400 Subject: [PATCH 01/12] Update windows instructions with ExecutionPolicy Signed-off-by: Donny Yung --- install/upgrade-tabs.js | 2 ++ quick-start/qs-tabs.js | 2 ++ 2 files changed, 4 insertions(+) diff --git a/install/upgrade-tabs.js b/install/upgrade-tabs.js index 8f15ff5bdd..1a63d8d45d 100644 --- a/install/upgrade-tabs.js +++ b/install/upgrade-tabs.js @@ -122,6 +122,8 @@ export default function SimpleTabs() { '\n' + '# C:\\telepresence by default, but you can specify a custom path by passing in -Path C:\\my\\custom\\path' + '\n' + + 'Set-ExecutionPolicy Bypass -Scope Process' + + '\n' + '.\\install-telepresence.ps1' + '\n \n' + '# 4. Remove the unzipped directory' + diff --git a/quick-start/qs-tabs.js b/quick-start/qs-tabs.js index 931d74d8bb..a026e40d11 100644 --- a/quick-start/qs-tabs.js +++ b/quick-start/qs-tabs.js @@ -122,6 +122,8 @@ export default function SimpleTabs() { '\n' + '# C:\\telepresence by default, but you can specify a custom path $path with -Path $path' + '\n' + + 'Set-ExecutionPolicy Bypass -Scope Process' + + '\n' + '.\\install-telepresence.ps1' + '\n \n' + '# 4. Remove the unzipped directory' + From e6f9d9a48afaeb1b4907636ea7ad72f2a5222ac3 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Mon, 9 Aug 2021 10:48:21 -0600 Subject: [PATCH 02/12] v2.4: reference/config: Clean up the type descriptions and default values Signed-off-by: Luke Shumaker --- reference/config.md | 86 ++++++++++++++++++++++++++++----------------- 1 file changed, 54 insertions(+), 32 deletions(-) diff --git a/reference/config.md b/reference/config.md index b511da0066..8a61fe3b3f 100644 --- a/reference/config.md +++ b/reference/config.md @@ -32,28 +32,42 @@ grpc: ``` #### Timeouts -Values for `timeouts` are all durations either as a number respresenting seconds or a string with a unit suffix of `ms`, `s`, `m`, or `h`. Strings can be fractional (`1.5h`) or combined (`2h45m`). + +Values for `timeouts` are all durations either as a number of seconds +or as a string with a unit suffix of `ms`, `s`, `m`, or `h`. Strings +can be fractional (`1.5h`) or combined (`2h45m`). These are the valid fields for the `timeouts` key: -|Field|Description|Default| -|---|---|---| -|`agentInstall`|Waiting for Traffic Agent to be installed|2 minutes| -|`apply`|Waiting for a Kubernetes manifest to be applied|1 minute| -|`clusterConnect`|Waiting for cluster to be connected|20 seconds| -|`intercept`|Waiting for an intercept to become active|5 seconds| -|`proxyDial`|Waiting for an outbound connection to be established|5 seconds| -|`trafficManagerConnect`|Waiting for the Traffic Manager API to connect for port fowards|20 seconds| -|`trafficManagerAPI`|Waiting for connection to the gPRC API after `trafficManagerConnect` is successful|15 seconds| +| Field | Description | Type | Default | +|-------------------------|------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------|------------| +| `agentInstall` | Waiting for Traffic Agent to be installed | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 2 minutes | +| `apply` | Waiting for a Kubernetes manifest to be applied | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 1 minute | +| `clusterConnect` | Waiting for cluster to be connected | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 20 seconds | +| `intercept` | Waiting for an intercept to become active | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 5 seconds | +| `proxyDial` | Waiting for an outbound connection to be established | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 5 seconds | +| `trafficManagerConnect` | Waiting for the Traffic Manager API to connect for port fowards | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 20 seconds | +| `trafficManagerAPI` | Waiting for connection to the gPRC API after `trafficManagerConnect` is successful | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 15 seconds | #### Log Levels -Values for `logLevels` are one of the following strings: `trace`, `debug`, `info`, `warning`, `error`, `fatal` and `panic`. + +Values for the `logLevels` fields are one of the following strings, +case insensitive: + + - `trace` + - `debug` + - `info` + - `warning` or `warn` + - `error` + - `fatal` + - `panic` + These are the valid fields for the `logLevels` key: -|Field|Description|Default| -|---|---|---| -|`userDaemon`|Logging level to be used by the User Daemon (logs to connector.log)|debug| -|`rootDaemon`|Logging level to be used for the Root Daemon (logs to daemon.log)|info| +| Field | Description | Type | Default | +|--------------|---------------------------------------------------------------------|---------------------------------------------|---------| +| `userDaemon` | Logging level to be used by the User Daemon (logs to connector.log) | [loglevel][logrus-level] [string][yaml-str] | debug | +| `rootDaemon` | Logging level to be used for the Root Daemon (logs to daemon.log) | [loglevel][logrus-level] [string][yaml-str] | info | #### Images Values for `images` are strings. These values affect the objects that are deployed in the cluster, @@ -65,21 +79,21 @@ to handle installation of the `traffic-agents`. These are the valid fields for the `images` key: -|Field|Description|Default| -|---|---|---| -|`registry`|Docker registry to be used for installing the Traffic Manager and default Traffic Agent. If not using a helm chart to deploy server-side objects, changing this value will create a new traffic-manager deployment when using Telepresence commands. Additionally, changing this value will update installed default `traffic-agents` to use the new registry when creating a new intercept.|docker.io/datawire| -|`agentImage`|$registry/$imageName:$imageTag to use when installing the Traffic Agent. Changing this value will update pre-existing `traffic-agents` to use this new image. * the `registry` value is not used for the `traffic-agent` if you have this value set *|| -|`webhookRegistry`|The container $registry that the [Traffic Manager](../cluster-config/#mutating-webhook) will use with the `webhookAgentImage` *This value is only used if a new traffic-manager is deployed*|| -|`webhookAgentImage`|The container image that the [Traffic Manager](../cluster-config/#mutating-webhook) will use when installing the Traffic Agent in annotated pods *This value is only used if a new traffic-manager is deployed*|| +| Field | Description | Default | +|---------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------| +| `registry` | Docker registry to be used for installing the Traffic Manager and default Traffic Agent. If not using a helm chart to deploy server-side objects, changing this value will create a new traffic-manager deployment when using Telepresence commands. Additionally, changing this value will update installed default `traffic-agents` to use the new registry when creating a new intercept. | `docker.io/datawire` | +| `agentImage` | `$registry/$imageName:$imageTag` to use when installing the Traffic Agent. Changing this value will update pre-existing `traffic-agents` to use this new image. *The `registry` value is not used for the `traffic-agent` if you have this value set.* | (unset) | +| `webhookRegistry` | The container `$registry` that the [Traffic Manager](../cluster-config/#mutating-webhook) will use with the `webhookAgentImage` *This value is only used if a new `traffic-manager` is deployed* | `docker.io/datawire` | +| `webhookAgentImage` | The container image that the [Traffic Manager](../cluster-config/#mutating-webhook) will use when installing the Traffic Agent in annotated pods *This value is only used if a new `traffic-manager` is deployed* | (unset) | #### Cloud Values for `cloud` are listed below and their type varies, so please see the chart for the expected type for each config value. These fields control how the client interacts with the Cloud service. -|Field|Description|Type|Default| -|---|---|---|---| -|`skipLogin`|Whether the cli should skip automatic login to Ambassador Cloud. If set to true, you must have a [license](../cluster-config/#air-gapped-cluster) installed in the cluster in order to be able to perform selective intercepts |bools: `1`, `t`, `T`, `TRUE`, `true`, `True`, `0`, `f`, `F,` `FALSE`|false| -|`refreshMessages`|How frequently the CLI should communicate with Ambassador Cloud to get new command messages, which also resets whether the message has been raised or not. You will see each message at most once within the duration given by this config|duration: number respresenting seconds or a string with a unit suffix of `ms`, `s`, `m`, or `h`|168h| +| Field | Description | Type | Default | +|-------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------|---------| +| `skipLogin` | Whether the cli should skip automatic login to Ambassador Cloud. If set to true, you must have a [license](../cluster-config/#air-gapped-cluster) installed in the cluster in order to be able to perform selective intercepts | [bool][yaml-bool] | false | +| `refreshMessages` | How frequently the CLI should communicate with Ambassador Cloud to get new command messages, which also resets whether the message has been raised or not. You will see each message at most once within the duration given by this config | [duration][go-duration] [string][yaml-str] | 168h | Telepresence attempts to auto-detect if the cluster is air-gapped, be sure to set the `skipLogin` value to `true` @@ -123,13 +137,13 @@ clusters: #### DNS The fields for `dns` are: local-ip, remote-ip, exclude-suffixes, include-suffixes, and lookup-timeout. -|Field|Description|Type|Default| -|---|---|---|---| -|`local-ip`|The address of the local DNS server. This entry is only used on Linux system that are not configured to use systemd.resolved|ip|first line of /etc/resolv.conf| -|`remote-ip`|the address of the cluster's DNS service|ip|IP of the kube-dns.kube-system or the dns-default.openshift-dns service| -|`exclude-suffixes`|suffixes for which the DNS resolver will always fail (or fallback in case of the overriding resolver)|list|| -|`include-suffixes`|suffixes for which the DNS resolver will always attempt to do a lookup. Includes have higher priority than excludes.|list|| -|`lookup-timeout`|maximum time to wait for a cluster side host lookup|duration|| +| Field | Description | Type | Default | +|--------------------|---------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------|-----------------------------------------------------------------------------| +| `local-ip` | The address of the local DNS server. This entry is only used on Linux systems that are not configured to use systemd-resolved. | IP address [string][yaml-str] | first `nameserver` mentioned in `/etc/resolv.conf` | +| `remote-ip` | The address of the cluster's DNS service. | IP address [string][yaml-str] | IP of the `kube-dns.kube-system` or the `dns-default.openshift-dns` service | +| `exclude-suffixes` | Suffixes for which the DNS resolver will always fail (or fallback in case of the overriding resolver) | [sequence][yaml-seq] of [strings][yaml-str] | `[".arpa", ".com", ".io", ".net", ".org", ".ru"]` | +| `include-suffixes` | Suffixes for which the DNS resolver will always attempt to do a lookup. Includes have higher priority than excludes. | [sequence][yaml-seq] of [strings][yaml-str] | `[]` | +| `lookup-timeout` | Maximum time to wait for a cluster side host lookup. | [duration][go-duration] [string][yaml-str] | 4 seconds | Here is an example kubeconfig: ``` @@ -184,3 +198,11 @@ clusters: namespace: staging name: example-cluster ``` + +[yaml-bool]: https://yaml.org/type/bool.html +[yaml-float]: https://yaml.org/type/float.html +[yaml-int]: https://yaml.org/type/int.html +[yaml-seq]: https://yaml.org/type/seq.html +[yaml-str]: https://yaml.org/type/str.html +[go-duration]: https://pkg.go.dev/time#ParseDuration +[logrus-level]: https://github.com/sirupsen/logrus/blob/v1.8.1/logrus.go#L25-L45 From 47fac76416ce49d28a10803819ebb6b99c551ab6 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sun, 8 Aug 2021 13:08:39 -0600 Subject: [PATCH 03/12] v2.4: Say "personal" intercepts instead of "selective" intercepts And in doing so, give a lot of the surrounding documentation. In particular, the changes in intercepts.md probably deserve the most scrutiny. Signed-off-by: Luke Shumaker --- concepts/context-prop.md | 17 ++- install/migrate-from-legacy.md | 13 ++- quick-start/demo-node.md | 5 +- quick-start/qs-go.md | 5 +- quick-start/qs-java.md | 5 +- quick-start/qs-node.md | 5 +- quick-start/qs-python-fastapi.md | 5 +- quick-start/qs-python.md | 5 +- reference/cluster-config.md | 13 ++- reference/config.md | 27 +++-- reference/intercepts.md | 194 +++++++++++++++++++++++-------- releaseNotes.yml | 2 +- tutorial.md | 3 +- 13 files changed, 222 insertions(+), 77 deletions(-) diff --git a/concepts/context-prop.md b/concepts/context-prop.md index 4ec09396ff..dc9ee18f37 100644 --- a/concepts/context-prop.md +++ b/concepts/context-prop.md @@ -18,8 +18,19 @@ An application like Datadog or New Relic will use agents running on services thr ## What are intercepts and preview URLs? -[Intercepts](../../reference/intercepts) and [preview URLs](../../howtos/preview-urls/) are functions of Telepresence that enable easy local development from a remote Kubernetes cluster and offer a preview environment for sharing and real-time collaboration. - -Telepresence also uses custom headers and header propagation for controllable intercepts and preview URLs instead of for tracing. The headers facilitate the smart routing of requests either to live services in the cluster or services running locally on a developer’s machine. +[Intercepts](../../reference/intercepts) and [preview +URLs](../../howtos/preview-urls/) are functions of Telepresence that +enable easy local development from a remote Kubernetes cluster and +offer a preview environment for sharing and real-time collaboration. + +Telepresence uses custom HTTP headers and header propagation to +identify which traffic to intercept both for plain personal intercepts +and for personal intercepts with preview URLs; these techniques are +more commonly used for distributed tracing, so what they are being +used for is a little unorthodox, but the mechanisms for their use are +already widely deployed because of the prevalence of tracing. The +headers facilitate the smart routing of requests either to live +services in the cluster or services running locally on a developer’s +machine. Preview URLs, when created, generate an ingress request containing a custom header with a token (the context). Telepresence sends this token to [Ambassador Cloud](https://app.getambassador.io) with other information about the preview. Visiting the preview URL directs the user to Ambassador Cloud, which proxies the user to the cluster ingress with the token header injected into the request. The request carrying the header is routed in the cluster to the appropriate pod (the propagation). The Traffic Agent on the service pod sees the header and intercepts the request, redirecting it to the local developer machine that ran the intercept. diff --git a/install/migrate-from-legacy.md b/install/migrate-from-legacy.md index fc910e38c3..af4a12ff12 100644 --- a/install/migrate-from-legacy.md +++ b/install/migrate-from-legacy.md @@ -6,7 +6,18 @@ In legacy Telepresence, a pod running a service was swapped with a pod running t In practice, this mechanism, while simple in concept, had some challenges. Losing the connection to the cluster would leave the deployment in an inconsistent state. Swapping the pods would take time. -Telepresence introduces a [new architecture](../../reference/architecture/) built around "intercepts" that addresses these problems. With Telepresence, a sidecar proxy is injected onto the pod. The proxy then intercepts traffic intended for the pod and routes it to the workstation/laptop. The advantage of this approach is that the service is running at all times, and no swapping is used. By using the proxy approach, we can also do selective intercepts, where certain types of traffic get routed to the service while other traffic gets routed to your laptop/workstation. +Telepresence 2 introduces a [new +architecture](../../reference/architecture/) built around "intercepts" +that addresses these problems. With the new Telepresence, a sidecar +proxy ("traffic agent") is injected onto the pod. The proxy then +intercepts traffic intended for the Pod and routes it to the +workstation/laptop. The advantage of this approach is that the +service is running at all times, and no swapping is used. By using +the proxy approach, we can also do personal intercepts, where rather +than re-routing all traffic to the laptop/workstation, it only +re-routes the traffic designated as belonging to that user, so that +multiple developers can intercept the same service at the same time +without disrupting normal operation or disrupting eacho. Please see [the Telepresence quick start](../../quick-start/) for an introduction to running intercepts and [the intercept reference doc](../../reference/intercepts/) for a deep dive into intercepts. diff --git a/quick-start/demo-node.md b/quick-start/demo-node.md index 0cb9b5f8df..9e83a38c7b 100644 --- a/quick-start/demo-node.md +++ b/quick-start/demo-node.md @@ -215,7 +215,10 @@ We’ve now set up a local development environment for the DataProcessingService ## 7. Create a Preview URL -Create preview URLs to do selective intercepts, meaning only traffic coming from the preview URL will be intercepted, so you can easily share the services you’re working on with your teammates. + +Create a personal intercept with a preview URL; meaning that only +traffic coming from the preview URL will be intercepted, so you can +easily share the services you’re working on with your teammates. 1. Clean up your previous intercept by removing it: `telepresence leave dataprocessingservice` diff --git a/quick-start/qs-go.md b/quick-start/qs-go.md index bb27070bea..84311f2058 100644 --- a/quick-start/qs-go.md +++ b/quick-start/qs-go.md @@ -249,7 +249,10 @@ We’ve now set up a local development environment for the DataProcessingService ## 7. Create a Preview URL -Create preview URLs to do selective intercepts, meaning only traffic coming from the preview URL will be intercepted, so you can easily share the services you’re working on with your teammates. + +Create a personal intercept with a preview URL; meaning that only +traffic coming from the preview URL will be intercepted, so you can +easily share the services you’re working on with your teammates. 1. Clean up your previous intercept by removing it: `telepresence leave dataprocessingservice` diff --git a/quick-start/qs-java.md b/quick-start/qs-java.md index f04fbf567f..904c13b530 100644 --- a/quick-start/qs-java.md +++ b/quick-start/qs-java.md @@ -243,7 +243,10 @@ We’ve now set up a local development environment for the DataProcessingService ## 7. Create a Preview URL -Create preview URLs to do selective intercepts, meaning only traffic coming from the preview URL will be intercepted, so you can easily share the services you’re working on with your teammates. + +Create a personal intercept with a preview URL; meaning that only +traffic coming from the preview URL will be intercepted, so you can +easily share the services you’re working on with your teammates. 1. Clean up your previous intercept by removing it: `telepresence leave dataprocessingservice` diff --git a/quick-start/qs-node.md b/quick-start/qs-node.md index e0d1b62a63..dd4a3a43d7 100644 --- a/quick-start/qs-node.md +++ b/quick-start/qs-node.md @@ -237,7 +237,10 @@ We’ve now set up a local development environment for the DataProcessingService ## 7. Create a Preview URL -Create preview URLs to do selective intercepts, meaning only traffic coming from the preview URL will be intercepted, so you can easily share the services you’re working on with your teammates. + +Create a personal intercept with a preview URL; meaning that only +traffic coming from the preview URL will be intercepted, so you can +easily share the services you’re working on with your teammates. 1. Clean up your previous intercept by removing it: `telepresence leave dataprocessingservice` diff --git a/quick-start/qs-python-fastapi.md b/quick-start/qs-python-fastapi.md index b21736a9bb..2c0996f992 100644 --- a/quick-start/qs-python-fastapi.md +++ b/quick-start/qs-python-fastapi.md @@ -234,7 +234,10 @@ We’ve now set up a local development environment for the DataProcessingService ## 7. Create a Preview URL -Create preview URLs to do selective intercepts, meaning only traffic coming from the preview URL will be intercepted, so you can easily share the services you’re working on with your teammates. + +Create a personal intercept with a preview URL; meaning that only +traffic coming from the preview URL will be intercepted, so you can +easily share the services you’re working on with your teammates. 1. Clean up your previous intercept by removing it: `telepresence leave dataprocessingservice` diff --git a/quick-start/qs-python.md b/quick-start/qs-python.md index 6674b64b36..ae14c9aae9 100644 --- a/quick-start/qs-python.md +++ b/quick-start/qs-python.md @@ -245,7 +245,10 @@ We’ve now set up a local development environment for the DataProcessingService ## 7. Create a Preview URL -Create preview URLs to do selective intercepts, meaning only traffic coming from the preview URL will be intercepted, so you can easily share the services you’re working on with your teammates. + +Create a personal intercept with a preview URL; meaning that only +traffic coming from the preview URL will be intercepted, so you can +easily share the services you’re working on with your teammates. 1. Clean up your previous intercept by removing it: `telepresence leave dataprocessingservice` diff --git a/reference/cluster-config.md b/reference/cluster-config.md index a13c813b78..4d5dfec95e 100644 --- a/reference/cluster-config.md +++ b/reference/cluster-config.md @@ -74,9 +74,10 @@ Secrets that it detects to be formatted as one of those types. ## Air gapped cluster -If your cluster is air gapped (it does not have access to the -internet and therefore cannot connect to Ambassador Cloud), some additional -configuration is required to acquire a license use selective intercepts. +If your cluster is on an isolated network such that it cannot +communicate with Ambassador Cloud, then some additional configuration +is required to acquire a license key in order to use personal +intercepts. ### Create a license @@ -125,8 +126,10 @@ pulled and in a registry your cluster can pull from. 5. Have users use the `images` [config key](../config/#images) keys so telepresence uses the aforementioned image for their agent. -Users will now be able to use selective intercepts with the -`--preview-url=false` flag (since use of preview URLs requires a connection to Ambassador Cloud). +Users will now be able to use preview intercepts with the +`--preview-url=false` flag. Even with the license key, preview URLs +cannot be used without enabling direct communication with Ambassador +Cloud, as Ambassador Cloud is essential to their operation. If using Helm to install the server-side components, see the chart's [README](https://github.com/telepresenceio/telepresence/tree/release/v2/charts/telepresence) to learn how to configure the image registry and license secret. diff --git a/reference/config.md b/reference/config.md index 8a61fe3b3f..7ded2b85a0 100644 --- a/reference/config.md +++ b/reference/config.md @@ -92,19 +92,26 @@ These fields control how the client interacts with the Cloud service. | Field | Description | Type | Default | |-------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------|---------| -| `skipLogin` | Whether the cli should skip automatic login to Ambassador Cloud. If set to true, you must have a [license](../cluster-config/#air-gapped-cluster) installed in the cluster in order to be able to perform selective intercepts | [bool][yaml-bool] | false | +| `skipLogin` | Whether the CLI should skip automatic login to Ambassador Cloud. If set to true, in order to perform personal intercepts you must have a [license key](../cluster-config/#air-gapped-cluster) installed in the cluster. | [bool][yaml-bool] | false | | `refreshMessages` | How frequently the CLI should communicate with Ambassador Cloud to get new command messages, which also resets whether the message has been raised or not. You will see each message at most once within the duration given by this config | [duration][go-duration] [string][yaml-str] | 168h | -Telepresence attempts to auto-detect if the cluster is air-gapped, -be sure to set the `skipLogin` value to `true` +Telepresence attempts to auto-detect if the cluster is capable of +communication with Ambassador Cloud, but may still prompt you to log +in in cases where only the on-laptop client wishes to communicate with +Ambassador Cloud. If you want those auto-login points to be disabled +as well, or would like it to not attempt to communicate with +Ambassador Cloud at all (even for the auto-detection), then be sure to +set the `skipLogin` value to `true`. -Reminder: To use selective intercepts, which normally require a login, you -must have a license in your cluster and specify which agentImage should be installed, -by also adding the following to your config.yml: - ``` - images: - agentImage: / - ``` +Reminder: To use personal intercepts, which normally require a login, +you must have a license key in your cluster and specify which +`agentImage` should be installed by also adding the following to your +`config.yml`: + +```yaml +images: + agentImage: / +``` #### Grpc The `maxReceiveSize` determines how large a message that the workstation receives via gRPC can be. The default is 4Mi (determined by gRPC). All traffic to and from the cluster is tunneled via gRPC. diff --git a/reference/intercepts.md b/reference/intercepts.md index ef4843537d..00d9fc5bbf 100644 --- a/reference/intercepts.md +++ b/reference/intercepts.md @@ -2,28 +2,103 @@ import Alert from '@material-ui/lab/Alert'; # Intercepts +When intercepting a service, Telepresence installs a *traffic-agent* +sidecar in to the workload. That traffic-agent supports one or more +intercept *mechanisms* that it uses to decide which traffic to +intercept. Telepresence has a simple default traffic-agent, however +you can configure a different traffic-agent with more sophisticated +mechanisms either by setting the [`images.agentImage` field in +`config.yml`](../config/#images) or by writing an +[`extensions/${extension}.yml`][extensions] file that tells +Telepresence about a traffic-agent that it can use, what mechanisms +that traffic-agent supports, and command-line flags to expose to the +user to configure that mechanism. You may tell Telepresence which +known mechanism to use with the `--mechanism=${mechanism}` flag or by +setting one of the `--${mechansim}-XXX` flags, which implicitly set +the mechanism; for example, setting `--http-match=auto` implicitly +sets `--mechanism=http`. + +The default open-source traffic-agent only supports the `tcp` +mechanism, which treats the raw layer 4 TCP streams as opaque and +sends all of that traffic down to the developer's workstation. This +means that it is a "global" intercept, affecting all users of the +cluster. + +In addition to the default open-source traffic-agent, Telepresence +already knows about the Ambassador Cloud +[traffic-agent](ambassador-agent), which supports the `http` +mechanism. The `http` mechanism operates at higher layer, working +with layer 7 HTTP, and may intercept specific HTTP requests, allowing +other HTTP requests through to the regular service. This allows for +"personal" intercepts which only intercept traffic tagged as belonging +to a given developer. + +[extensions]: https://pkg.go.dev/github.com/telepresenceio/telepresence/v2@v$version$/pkg/client/cli/extensions +[ambassador-agent]: https://github.com/telepresenceio/telepresence/blob/release/v2/pkg/client/cli/extensions/builtin.go#L30-L50 + ## Intercept behavior when logged in to Ambassador Cloud -After logging in to Ambassador Cloud (with [`telepresence -login`](../client/login/)), Telepresence will default to -`--preview-url=true`, which will use Ambassador Cloud to create a -sharable preview URL for this intercept. (Creating an intercept -without logging in defaults to `--preview-url=false`.) +Logging in to Ambassador Cloud (with [`telepresence +login`](../client/login/)) changes the Telepresence defaults in two +ways. + +First, being logged in to Ambassador Cloud causes Telepresence to +default to `--mechanism=http --http-match=auto` (or just +`--http-match=auto`, as `--http-match` implies `--mechanism=http`). +If you hadn't been logged in it would have defaulted to +`--mechanism=tcp`. This tells Telepresence to use the Ambassador +Cloud traffic-agent to do smart "personal" intercepts and only +intercept a subset of HTTP requests, rather than just intercepting the +entirety of all TCP connections. This is important for working in a +shared cluster with teammates, and is important for the preview URL +functionality below. See `telepresence intercept --help` for +information on using `--http-match` to customize which requests it +intercepts. + +Secondly, being logged in causes Telepresence to default to +`--preview-url=true`. If you hadn't been logged in it would have +defaulted to `--preview-url=false`. This tells Telepresence to take +advantage of Ambassador Cloud to create a preview URL for this +intercept, creating a shareable URL that automatically sets the +appropriate headers to have requests coming from the preview URL be +intercepted. In order to create the preview URL, it will prompt you +for four settings about how your cluster's ingress is configured. For +each, Telepresence tries to intelligently detect the correct value for +your cluster; if it detects it correctly, may simply press "enter" and +accept the default, otherwise you must tell Telepresence the correct + +When creating an intercept with the `http` mechanism, the +traffic-agent sends a `GET /telepresence-http2-check` request to your +service and to the process running on your local machine at the port +specified in your intercept, in order to determine if they support +HTTP/2. This is required for the intercepts to behave correctly. If +you do not have a service running locally when the intercept is +created, the traffic-agent will use the result it got from checking +the in-cluster service. -In order to do this, it will prompt you for four options. For the first, `Ingress`, Telepresence tries to intelligently determine the ingress controller deployment and namespace for you. If they are correct, you can hit `enter` to accept the defaults. Set the next two options, `TLS` and `Port`, appropriately based on your ingress service. The fourth is a hostname for the service, if required by your ingress. +## Supported workloads -Also because you're logged in, Telepresence will default to `--mechanism=http --http-match=auto` (or just `--http-match=auto`; `--http-match` implies `--mechanism=http`). If you hadn't been logged in it would have defaulted to `--mechanism=tcp`. This tells it to do smart intercepts and only intercept a subset of HTTP requests, rather than just intercepting the entirety of all TCP connections. This is important for working in a shared cluster with teammates, and is important for the preview URL functionality. See `telepresence intercept --help` for information on using `--http-match` to customize which requests it intercepts. +Kubernetes has various +[workloads](https://kubernetes.io/docs/concepts/workloads/). +Currently, Telepresence supports intercepting (installing a +traffic-agent on) `Deployments`, `ReplicaSets`, and `StatefulSets`. -## Supported workloads + -Kubernetes has various [workloads](https://kubernetes.io/docs/concepts/workloads/). Currently, telepresence supports intercepting Deployments, ReplicaSets, and StatefulSets. - While many of our examples may use Deployments, they would also work on ReplicaSets and StatefulSets +While many of our examples use Deployments, they would also work on +ReplicaSets and StatefulSets + + ## Specifying a namespace for an intercept -The namespace of the intercepted workload is specified using the `--namespace` option. When this option is used, and `--workload` is not used, then the given name is interpreted as the name of the workload and the name of the intercept will be constructed from that name and the namespace. +The namespace of the intercepted workload is specified using the +`--namespace` option. When this option is used, and `--workload` is +not used, then the given name is interpreted as the name of the +workload and the name of the intercept will be constructed from that +name and the namespace. -``` +```shell telepresence intercept hello --namespace myns --port 9000 ``` @@ -34,7 +109,7 @@ hello`. The name of the intercept will be left unchanged if the workload is specified. -``` +```shell telepresence intercept myhello --namespace myns --workload hello --port 9000 ``` @@ -42,21 +117,10 @@ This will intercept a workload named `hello` and name the intercept `myhello`. ## Importing environment variables -Telepresence can import the environment variables from the pod that is being intercepted, see [this doc](../environment/) for more details. - -## Creating an intercept without a local process running - -When creating an intercept that is selective (the default if you are -logged in to Ambassador Cloud), the Traffic Agent sends a GET `/` -request to your service and the process running on your local machine -at the port specified in your intercept to determine if they support -HTTP/2. This is required for selective intercepts to behave correctly. +Telepresence can import the environment variables from the pod that is +being intercepted, see [this doc](../environment/) for more details. -If you do not have a service running locally, the Traffic Agent will use the result -it gets from the HTTP check against your app in the cluster to configure requests -from the local process once it has started. - -## Creating an intercept Without a preview URL +## Creating an intercept without a preview URL If you *are not* logged in to Ambassador Cloud, the following command will intercept all traffic bound to the service and proxy it to your @@ -64,21 +128,22 @@ laptop. This includes traffic coming through your ingress controller, so use this option carefully as to not disrupt production environments. -``` +```shell telepresence intercept --port= ``` If you *are* logged in to Ambassador Cloud, setting the `--preview-url` flag to `false` is necessary. -``` -telepresence intercept --port= --preview-url=false +```shell +telepresence intercept --port= --preview-url=false ``` -This will output a header that you can set on your request for that traffic to be intercepted: +This will output an HTTP header that you can set on your request for +that traffic to be intercepted: -``` -$ telepresence intercept --port= --preview-url=false +```console +$ telepresence intercept --port= --preview-url=false Using Deployment intercepted Intercept name: @@ -91,7 +156,7 @@ intercepted Run `telepresence status` to see the list of active intercepts. -``` +```console $ telepresence status Root Daemon: Running Version : v2.1.4 (api 3) @@ -112,9 +177,17 @@ Finally, run `telepresence leave ` to stop the intercept. ## Creating an intercept when a service has multiple ports -If you are trying to intercept a service that has multiple ports, you need to tell telepresence which service port you are trying to intercept. To specify, you can either use the name of the service port or the port number itself. To see which options might be available to you and your service, use kubectl to describe your service or look in the object's YAML. For more information on multiple ports, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services). +If you are trying to intercept a service that has multiple ports, you +need to tell Telepresence which service port you are trying to +intercept. To specify, you can either use the name of the service +port or the port number itself. To see which options might be +available to you and your service, use kubectl to describe your +service or look in the object's YAML. For more information on multiple +ports, see the [Kubernetes documentation][kube-multi-port-services]. -``` +[kube-multi-port-services]: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services + +```console $ telepresence intercept --port=: Using Deployment intercepted @@ -126,16 +199,29 @@ intercepted Intercepting : all TCP connections ``` -When intercepting a service that has multiple ports, the name of the service port that has been intercepted is also listed. +When intercepting a service that has multiple ports, the name of the +service port that has been intercepted is also listed. -If you want to change which port has been intercepted, you can create a new intercept the same way you did above and it will change which service port is being intercepted. +If you want to change which port has been intercepted, you can create +a new intercept the same way you did above and it will change which +service port is being intercepted. ## Creating an intercept When multiple services match your workload -Oftentimes, there's a 1-to-1 relationship between a service and a workload, so telepresence is able to auto-detect which service it should intercept based on the workload you are trying to intercept. But if you use something like [Argo](https://www.getambassador.io/docs/argo/latest/), it uses two services (that use the same labels) to manage traffic between a canary and a stable service. +Oftentimes, there's a 1-to-1 relationship between a service and a +workload, so telepresence is able to auto-detect which service it +should intercept based on the workload you are trying to intercept. +But if you use something like +[Argo](https://www.getambassador.io/docs/argo/latest/), there may be +two services (that use the same labels) to manage traffic between a +canary and a stable service. -Fortunately, if you know which service you want to use when intercepting a workload, you can use the --service flag. So in the aforementioned demo, if you wanted to use the `echo-stable` service when intercepting your workload, your command would look like this: -``` +Fortunately, if you know which service you want to use when +intercepting a workload, you can use the `--service` flag. So in the +aforementioned example, if you wanted to use the `echo-stable` service +when intercepting your workload, your command would look like this: + +```console $ telepresence intercept echo-rollout- --port --service echo-stable Using ReplicaSet echo-rollout- intercepted @@ -149,13 +235,22 @@ intercepted ## Port-forwarding an intercepted container's sidecars -Sidecars are containers that sit in the same pod as an application container; they usually provide auxiliary functionality to an application, and can usually be reached at `localhost:${SIDECAR_PORT}`. -For example, a common use case for a sidecar is to proxy requests to a database -- your application would connect to `localhost:${SIDECAR_PORT}`, and the sidecar would then connect to the database, perhaps augmenting the connection with TLS or authentication. - -When intercepting a container that uses sidecars, you might want those sidecars' ports to be available to your local application at `localhost:${SIDECAR_PORT}`, exactly as they would be if running in-cluster. -Telepresence's `--to-pod ${PORT}` flag implements this behavior, adding port-forwards for the port given. - -``` +Sidecars are containers that sit in the same pod as an application +container; they usually provide auxiliary functionality to an +application, and can usually be reached at +`localhost:${SIDECAR_PORT}`. For example, a common use case for a +sidecar is to proxy requests to a database, your application would +connect to `localhost:${SIDECAR_PORT}`, and the sidecar would then +connect to the database, perhaps augmenting the connection with TLS or +authentication. + +When intercepting a container that uses sidecars, you might want those +sidecars' ports to be available to your local application at +`localhost:${SIDECAR_PORT}`, exactly as they would be if running +in-cluster. Telepresence's `--to-pod ${PORT}` flag implements this +behavior, adding port-forwards for the port given. + +```console $ telepresence intercept --port=: --to-pod= Using Deployment intercepted @@ -167,4 +262,5 @@ intercepted Intercepting : all TCP connections ``` -If there are multiple ports that you need forwarded, simply repeat the flag (`--to-pod= --to-pod=`). +If there are multiple ports that you need forwarded, simply repeat the +flag (`--to-pod= --to-pod=`). diff --git a/releaseNotes.yml b/releaseNotes.yml index 7f4f8bdd6a..d262da8ed9 100644 --- a/releaseNotes.yml +++ b/releaseNotes.yml @@ -233,7 +233,7 @@ items: body: >- We now support configuring which agent image + registry to use in the config. This enables users whose laptop is an air-gapped environment to - create selective intercepts without requiring a login. It also makes it easier + create personal intercepts without requiring a login. It also makes it easier for those who are developing on Telepresence to specify which agent image should be used. Env vars TELEPRESENCE_AGENT_IMAGE and TELEPRESENCE_REGISTRY are no longer used. diff --git a/tutorial.md b/tutorial.md index 85058ca516..3e98f70f1b 100644 --- a/tutorial.md +++ b/tutorial.md @@ -112,8 +112,7 @@ Alternatively, you can use Telepresence's `intercept` command to proxy traffic b 1. You started this guide by installing the Telepresence CLI and logging in to Ambassador Cloud. The Cloud dashboard is used to manage your intercepts and share them with colleagues. You must be - logged in to create selective intercepts as we are going to do - here. + logged in to create personal intercepts as we are going to do here. Run telepresence dashboard if you are already logged in and just need to reopen the dashboard. From b90206e0498396dee177241b3b03ae39ff144667 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sat, 14 Aug 2021 18:28:32 -0600 Subject: [PATCH 04/12] v2.4: reference/config: Add a "Type" column to the images table Signed-off-by: Luke Shumaker --- reference/config.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/reference/config.md b/reference/config.md index 7ded2b85a0..8069dc8937 100644 --- a/reference/config.md +++ b/reference/config.md @@ -79,12 +79,12 @@ to handle installation of the `traffic-agents`. These are the valid fields for the `images` key: -| Field | Description | Default | -|---------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------| -| `registry` | Docker registry to be used for installing the Traffic Manager and default Traffic Agent. If not using a helm chart to deploy server-side objects, changing this value will create a new traffic-manager deployment when using Telepresence commands. Additionally, changing this value will update installed default `traffic-agents` to use the new registry when creating a new intercept. | `docker.io/datawire` | -| `agentImage` | `$registry/$imageName:$imageTag` to use when installing the Traffic Agent. Changing this value will update pre-existing `traffic-agents` to use this new image. *The `registry` value is not used for the `traffic-agent` if you have this value set.* | (unset) | -| `webhookRegistry` | The container `$registry` that the [Traffic Manager](../cluster-config/#mutating-webhook) will use with the `webhookAgentImage` *This value is only used if a new `traffic-manager` is deployed* | `docker.io/datawire` | -| `webhookAgentImage` | The container image that the [Traffic Manager](../cluster-config/#mutating-webhook) will use when installing the Traffic Agent in annotated pods *This value is only used if a new `traffic-manager` is deployed* | (unset) | +| Field | Description | Type | Default | +|---------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------|----------------------| +| `registry` | Docker registry to be used for installing the Traffic Manager and default Traffic Agent. If not using a helm chart to deploy server-side objects, changing this value will create a new traffic-manager deployment when using Telepresence commands. Additionally, changing this value will update installed default `traffic-agents` to use the new registry when creating a new intercept. | Docker registry name [string][yaml-str] | `docker.io/datawire` | +| `agentImage` | `$registry/$imageName:$imageTag` to use when installing the Traffic Agent. Changing this value will update pre-existing `traffic-agents` to use this new image. *The `registry` value is not used for the `traffic-agent` if you have this value set.* | qualified Docker image name [string][yaml-str] | (unset) | +| `webhookRegistry` | The container `$registry` that the [Traffic Manager](../cluster-config/#mutating-webhook) will use with the `webhookAgentImage` *This value is only used if a new `traffic-manager` is deployed* | Docker registry name [string][yaml-str] | `docker.io/datawire` | +| `webhookAgentImage` | The container image that the [Traffic Manager](../cluster-config/#mutating-webhook) will pull from the `webhookRegistry` when installing the Traffic Agent in annotated pods *This value is only used if a new `traffic-manager` is deployed* | non-qualified Docker image name [string][yaml-str] | (unset) | #### Cloud Values for `cloud` are listed below and their type varies, so please see the chart for the expected type for each config value. From 7d1ea08845bebc42f413cd81ab57730470a49a2b Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sat, 14 Aug 2021 18:30:19 -0600 Subject: [PATCH 05/12] v2.4: reference/intercepts: Fix missing line Signed-off-by: Luke Shumaker --- reference/intercepts.md | 1 + 1 file changed, 1 insertion(+) diff --git a/reference/intercepts.md b/reference/intercepts.md index 00d9fc5bbf..608d9fca34 100644 --- a/reference/intercepts.md +++ b/reference/intercepts.md @@ -66,6 +66,7 @@ for four settings about how your cluster's ingress is configured. For each, Telepresence tries to intelligently detect the correct value for your cluster; if it detects it correctly, may simply press "enter" and accept the default, otherwise you must tell Telepresence the correct +value. When creating an intercept with the `http` mechanism, the traffic-agent sends a `GET /telepresence-http2-check` request to your From db6b938f73b97d162183b64bd4e50feb40173788 Mon Sep 17 00:00:00 2001 From: Jose Cortes Date: Thu, 19 Aug 2021 14:07:32 -0400 Subject: [PATCH 06/12] Add docs for new timeout.helm flag Signed-off-by: Jose Cortes --- reference/config.md | 2 ++ releaseNotes.yml | 11 ++++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/reference/config.md b/reference/config.md index 8069dc8937..bc56331e79 100644 --- a/reference/config.md +++ b/reference/config.md @@ -48,6 +48,8 @@ These are the valid fields for the `timeouts` key: | `proxyDial` | Waiting for an outbound connection to be established | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 5 seconds | | `trafficManagerConnect` | Waiting for the Traffic Manager API to connect for port fowards | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 20 seconds | | `trafficManagerAPI` | Waiting for connection to the gPRC API after `trafficManagerConnect` is successful | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 15 seconds | +| `helm` | Waiting for Helm operations (e.g. `install`) on the Traffic Manager | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 2 minutes | + #### Log Levels diff --git a/releaseNotes.yml b/releaseNotes.yml index d262da8ed9..3d0956f3ef 100644 --- a/releaseNotes.yml +++ b/releaseNotes.yml @@ -30,7 +30,16 @@ docDescription: >- changelog: https://github.com/telepresenceio/telepresence/blob/$branch$/CHANGELOG.md items: - + - version: 2.4.1 + date: 'TBD' + notes: + - type: change + title: Traffic Manager installed via helm + body: >- + The traffic-manager is now installed via an embedded version of the Helm chart when telepresence connect is first performed on a cluster. + This change is transparent to the user. + A new configuration flag, timeouts.helm sets the timeouts for all helm operations performed by the Telepresence binary. + docs: reference/config#timeouts - version: 2.4.0 date: '2021-08-04' notes: From 823e92bc245222504f9bf2c4f44387e7e3416ba3 Mon Sep 17 00:00:00 2001 From: Jose Cortes Date: Mon, 23 Aug 2021 15:53:22 -0400 Subject: [PATCH 07/12] Make docs for upgrading Traffic Managers a little more specific. Signed-off-by: Jose Cortes --- faqs.md | 2 +- install/helm.md | 22 +++++++++++++++++++++- install/upgrade.md | 2 +- 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/faqs.md b/faqs.md index 0ae3bcca2f..7ed264659c 100644 --- a/faqs.md +++ b/faqs.md @@ -117,7 +117,7 @@ More authentication mechanisms and identity provider support will be added soon. ** Is Telepresence open source?** - Telepresence will be open source soon, in the meantime it is free to download. We prioritized releasing the binary as soon as possible for community feedback, but are actively working on the open sourcing logistics. +Yes it is! You can find its source code on [GitHub.](https://github.com/telepresenceio/telepresence) ** How do I share my feedback on Telepresence?** diff --git a/install/helm.md b/install/helm.md index bcb97d7c64..9635494194 100644 --- a/install/helm.md +++ b/install/helm.md @@ -2,6 +2,8 @@ [Helm](https://helm.sh) is a package manager for Kubernetes that automates the release and management of software on Kubernetes. The Telepresence Traffic Manager can be installed via a Helm chart with a few simple steps. +**Note** that installing the Traffic Manager through Helm will prevent `telepresence connect` from ever upgrading it. If you wish to upgrade a Traffic Manager that was installed via the Helm chart, please see the steps [below](#upgrading-the-traffic-manager) + ## Before you begin The Telepresence Helm chart is hosted by Ambassador Labs and published at `https://app.getambassador.io`. @@ -40,7 +42,7 @@ For example, if you wanted to deploy the traffic manager to the `staging` namesp helm install traffic-manager --namespace staging datawire/telepresence ``` -Note that users of telepresence will need to configure their kubeconfig to find this installation of the traffic manager: +Note that users of Telepresence will need to configure their kubeconfig to find this installation of the Traffic Manager: ```yaml apiVersion: v1 @@ -57,6 +59,24 @@ clusters: See [the kubeconfig documentation](../reference/config#manager) for more information. +### Upgrading the Traffic Manager. + +Versions of the Traffic Manager Helm chart are coupled to the versions of the Telepresence CLI that they are intended for. +Thus, for example, if you wish to use Telepresence `v2.4.0`, you'll need to install version `v2.4.0` of the Traffic Manager Helm chart. + +Upgrading the Traffic Manager is the same as upgrading any other Helm chart; for example, if you installed the release into the `ambassador` namespace, and you just wished to upgrade it to the latest version without changing any configuration values: + +```shell +helm repo up +helm upgrade ambassador datawire/telepresence --reuse-values --namespace traffic-manager +``` + +Alternatively, if you wished to upgrade it, say, to `v2.4.1`: +```shell +helm repo up +helm upgrade ambassador datawire/telepresence --reuse-values --namespace traffic-manager --version v2.4.1 +``` + ## RBAC ### Installing a namespace-scoped traffic manager diff --git a/install/upgrade.md b/install/upgrade.md index b665e91e54..02460e4a40 100644 --- a/install/upgrade.md +++ b/install/upgrade.md @@ -9,4 +9,4 @@ The Telepresence CLI will periodically check for new versions and notify you whe -After upgrading your CLI, the Traffic Manager **must be uninstalled** from your cluster. This can be done using `telepresence uninstall --everything` or by `kubectl delete svc,deploy -n ambassador traffic-manager`. The next time you run a `telepresence` command it will deploy an upgraded Traffic Manager. +After upgrading your CLI you must stop any live Telepresence processes by issuing `telepresence quit`, then upgrade the Traffic Manager by running `telepresence connect` From 7773606b6db82e80407b383bd1cb166bbf288287 Mon Sep 17 00:00:00 2001 From: Jose Cortes Date: Fri, 27 Aug 2021 13:18:03 -0400 Subject: [PATCH 08/12] Address PR feedback Signed-off-by: Jose Cortes --- install/upgrade.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/install/upgrade.md b/install/upgrade.md index 02460e4a40..9dfb20ce58 100644 --- a/install/upgrade.md +++ b/install/upgrade.md @@ -10,3 +10,5 @@ The Telepresence CLI will periodically check for new versions and notify you whe After upgrading your CLI you must stop any live Telepresence processes by issuing `telepresence quit`, then upgrade the Traffic Manager by running `telepresence connect` + +**Note** that if the Traffic Manager has been installed via Helm, `telepresence connect` will never upgrade it. If you wish to upgrade a Traffic Manager that was installed via the Helm chart, please see the [the Helm documentation](../helm#upgrading-the-traffic-manager) From 8a24ec7dd913120bdca7f42f55bb59a20d412be5 Mon Sep 17 00:00:00 2001 From: Donny Yung Date: Sun, 29 Aug 2021 17:50:33 -0600 Subject: [PATCH 09/12] Add releaseNote for change of cluster-id Signed-off-by: Donny Yung --- releaseNotes.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/releaseNotes.yml b/releaseNotes.yml index 3d0956f3ef..16e73c1424 100644 --- a/releaseNotes.yml +++ b/releaseNotes.yml @@ -40,6 +40,16 @@ items: This change is transparent to the user. A new configuration flag, timeouts.helm sets the timeouts for all helm operations performed by the Telepresence binary. docs: reference/config#timeouts + + - type: change + title: traffic-manager gets cluster ID itself instead of via environment variable + body: >- + The traffic-manager used to get the cluster ID as an environment variable when running + telepresence connnect or via adding the value in the helm chart. This was + clunky so now the traffic-manager gets the value itself as long as it has permissions + to "get" and "list" namespaces (this has been updated in the helm chart). + docs: install/helm + - version: 2.4.0 date: '2021-08-04' notes: From 8500c2cfeb6fbbc0c0a446e9e34162d9ebb449fb Mon Sep 17 00:00:00 2001 From: Donny Yung Date: Sun, 29 Aug 2021 17:50:33 -0600 Subject: [PATCH 10/12] Add releaseNote for systema-vars change Signed-off-by: Donny Yung --- reference/config.md | 3 ++- .../telepresence-2.4.1-systema-vars.png | Bin 0 -> 11557 bytes releaseNotes.yml | 12 ++++++++++++ 3 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 release-notes/telepresence-2.4.1-systema-vars.png diff --git a/reference/config.md b/reference/config.md index bc56331e79..86a67296ea 100644 --- a/reference/config.md +++ b/reference/config.md @@ -50,7 +50,6 @@ These are the valid fields for the `timeouts` key: | `trafficManagerAPI` | Waiting for connection to the gPRC API after `trafficManagerConnect` is successful | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 15 seconds | | `helm` | Waiting for Helm operations (e.g. `install`) on the Traffic Manager | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 2 minutes | - #### Log Levels Values for the `logLevels` fields are one of the following strings, @@ -96,6 +95,8 @@ These fields control how the client interacts with the Cloud service. |-------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------|---------| | `skipLogin` | Whether the CLI should skip automatic login to Ambassador Cloud. If set to true, in order to perform personal intercepts you must have a [license key](../cluster-config/#air-gapped-cluster) installed in the cluster. | [bool][yaml-bool] | false | | `refreshMessages` | How frequently the CLI should communicate with Ambassador Cloud to get new command messages, which also resets whether the message has been raised or not. You will see each message at most once within the duration given by this config | [duration][go-duration] [string][yaml-str] | 168h | +| `systemaHost` | The host used to communicate with Ambassador Cloud | [string][yaml-str] | app.getambassador.io | +| `systemaPort` | The port used with `systemaHost` to communicate with Ambassador Cloud | [string][yaml-str] | 443 | Telepresence attempts to auto-detect if the cluster is capable of communication with Ambassador Cloud, but may still prompt you to log diff --git a/release-notes/telepresence-2.4.1-systema-vars.png b/release-notes/telepresence-2.4.1-systema-vars.png new file mode 100644 index 0000000000000000000000000000000000000000..c098b439fd06ef1d53f2040f6544dad5eca07041 GIT binary patch literal 11557 zcmch5byQtJ(&vL0T!Xu7aDuzLy9al9xVyVsa3{FC6WrYi4#71zESZ^aW_I`AJ=^Eh zt-4jes_L%3=XBQ%SCA7&fW?6Y000P*5+X_;eEoxLp&>t>G8*3R008WYg|M)Kq_8lN zf`gr@g|!I)AQ7IN3Z;&BjGYdmRehZMQ&PPcQ5P~6wfM{pt04I$I zgDxfI`jWqO1U;;Q45x;M`v(jgEy=k?U)Y4OCMbQSzTNDC)A!uf_S|=j`~7{=8=%m~ zVQ7z00WQ!aK@kpnZ9+yy!2|*Vkj(u6EPlM9H0bptBz*vqxu@#uH+nycTe^&JjrX^A zUvyT2Z=(R&&4Vu)wx8n3P6NW%+ z8T<+pD3C`yF7v89e%t+1UiIf8XcnDkVX1KIHCV|WgYx~|i{)Lru6}Qhb39HILn5F6 zxiXxm+cTXr4;G_n5-!J-*lyN00pfaV+2TOzHK90t=n6^obmBWE+k{1*Kodz!6#mx< zFAITN7HNlkwANWNp9+fu3DfJ*uSV!DU^$gx--yD(a}Ib6);laxOvOScA0DVrQQVXA zeY&WIT`BBx^Y5*H=RBd;p?jJHr0I)ZWTrnok}S%|SOny=5&YuUAEZ> zg7)@OK@_a}9kX(oMi}vMd=q-$>-biXh|E`Lpr9X^p&&*a7|fQR0MRFsp46+_GoC|wTBi}+k!58Q=%LLx(e|2LU57Got;Q<-^=C*ZO0Q5oZJ*pslFJ#-0sUGz$ zZVIL@&88e5|&C}jTpKsaWAqpaE2V0Dm(>}>?nKBhaD~GQ{ za)xlmwgzJNbPO5RI#qBkqT@!%{xsE3HI%MhtCd}Lv1V@~jy3}qrb`zMwmq&;hG#IgjByqAcVG)a7vgl(ZjLR>?HiYS*%o5V4xH%WPX z<*?75ab0GIe@E=PT$j9$be_UE6<-orL{y!>l02uhyU=5)h-#gxA z$GJFi6EbuH(Isl7P1s53LKX?48L6jX54lP%%a1=T8r?0Ro!Yyi7acw?V z-B9H9?j+)^-DK;m_vn9e@+N$Re}#QjeiDXM0Wtvd1cQ4m0x{v8AtU1lN)0oOqOgu} zAaO?#T(MoSW3bb42XHExESWv5WmrscO0d=c{^z=9N--ZJWw{7CB6wU0{P^?B8#v9gc-TPsi9GXxx7BqC5 zLn?JEf*02++szD2TPIK^$}$#=gqsXj_EuPyZ&zk*`mL9io0hx2+c0xm{3%|^s_$Om zTr*iYtMxRmHYGId9_*TUiw;Z%F69kwH<1o7P1_e4mG4?nT2Xe*A(nVfsvNdXo@8=o zcDJ>(N$B9{hUm!ZDC=11dZw|MeyUG$pF!9?IBA+a3tFRe#dJ-7{(R5RW6i_Ni|7VF z$&}NdQ*S2MT@p_@YeD_@VyGq=(p^5>__P@=KtFt!JkxcQcyZ@HIS({uQwyWbJ@e1 zzCD{4We2B@XHSQUlZC5+>((MoHI1yohMtGr`23(X_8@%{b;1e;YWwtZVmp>}oYaBT zC;F$Dn8>0CUu0dZ7RCa$Y_uMlH_?-Kl%0&`c)v!ZhP$w?(F$iP)#Ew%4TLm?j#gq1Seh<1t6UkJI_p`Oj5^t~B@LQ=#g;xI3QLV~?KGr9T3R@ z26;I(S`S>L97bk?q2rh1-s!uVSDLab52s0|yCkfN#YZ|ZK9dQVwzZ8d66+Z!+3n=6 zA}C*0Xo3sj3M-j$n5lG=wTHVC@AuvJ7xuh$@R}cvP!`DZ$<=Qvua^$_8K7w&ET}!G zT`h)~`%TJI@950vel>z?#kb`f6SVP(t>Uz^?ptkEMt@sVD^+hP zt9ftFy}*e`iXao^J>gkAdm(u3ynL>@i#chod{-N%>C!P&SJJ#LO49atgnA|{^TGNR z*OXU2USvHab}BYA*q+hBe#W3q$3S)Qi^tW`5uzZ!WoIKrRGVIvOZ9wRYW>TvRc&;& zg|-RfwLzP2We^LlmR?rhEuF2FmVA~c*L)m9r(y=PJh-J@eBKlvb~|+i+rOWTAAfN* zay>lrX`-~1Ka?NOIli~Npj&x%&N2UX@mBhJc&vMJf^kRna;~nb`1N%}ps)yx6Rh-|r7x!luyf*GUP7s=LZ8jX+ zbT%r<;qi7tAV`&DBZV7WbV}8qTnjKI3NICpfF=SEj9Vs0IzRFK(Cud!*au-};q+&T8Q$GBE@*WBn zhhB5ia=7@1e0}(u9^lTU7u3h9ZGH)L^Wsbq5Mnx#WsWEUf@wME5d7Gm<2Z>w1C9{@ zVK*fQCzAffT`&|dFO=EednpGX{KP~=8-U0`6@lddMkwX4k3Tigc7gih;sZ~q5_5R? z#fI_mzfo@Ny>SU0KQKZd%k7#00dAKKq2hmdeX3Lc^IKkm8_CK{5ava*0LA2KxH6BrHv;zI)aAU-hM zf6HQEQ~=;V^xyzMs0HBDzc6wi{O^eSpuax<JNJ7&Q0Kg#sOJI^pWS1ZD7cEpYoHS%*xQy&< z=nahR3{B|WY(RhG0C?QEK13T6Cj%lk8*5ufE;nA1e;~L%GZ|7jfz{JVP z$-v0Wz|2hdfuM7Aw{i6dg-Xyjl4a2K3{+H$d^i*{;aS*n%`AF%+_n+zbv;qS`-s}lb# z^FOp7b>@TRVfgo+@xd({g5O8WhL9*J zBB9W#e2p3 zx#OP|GdfIw!sU?vXZ=rjetvMH`hA=LbBtbSWN;adMW9%ZKQ!Yu9yD8|;ioiE1u)7F z`1u2YY>hGSq1S-I0)ryy334P_rj7W}*CH~4BZ~OJ917HEqLKCl8R35f4f7L*S@IsV zLQZEyEK@5tT^#7h;H)t^fM4b`OVRXl=d)lpL=)*|g45a9*xoCatzmAmbGM~$uFNFb z0`)nE5yIJKXNzvQ+Jj-fC@%9ka#?3_6;XA8TXRSGVt7oYQ)+pb4!KC2u2h0Ie9zDz zK+bJUl6xHR=}>YXP$BYBR4(Q!LJ)h72}-mfe7b8!FFO-^9^XIhLv2?vl-N!KP4;Jx z?6RC@QD_+SaUywAWIEO~uYJuFkH(p#0dpcd8*sFDz zq)Slmj~9B!s$;@Rc-+&|G2E&83QT38&GBIyGgyNA`oPVxX2AOFcY*>M&03y?gmNuF zjMmFd2-k41B0ifcdY`0ZIh2;gH?xuQ0wKp>km)iX-6=S(S1cuPo*LM+@KTdNUBt5b zJ;!91b~AnX^a(fn5B8VJJ4)$`FLts0e#zwnkI6Z{A&+z!BP@4Y@epu%ufsDtPE*{G z`u)F#en=XAW3QmQ^|`TuK3*Q7)$?>XXvdFRCY8b^k0Bi3&nX;;{CU+zr=4rprxD46 zr`U>2g}&{T@dgp%b;mkyj!dOM)8Y(APsoqBb3P$q(h4Zgz}4Y%N5KebtP^M= z3xe~gp@G+{Cs^<35aC@(o!##14cyXPLplx)maMzbzNW7r#AUcnN&(Gx&+wmu#d?-S zKEdAH5YxPppdDcP#rgueHZPH{TuIhrHf>xPMT_!l*lR&h*!!3}ORqQQmIKVK*)MZrY?Y@zR=5 zVzNh6G!?65=8~P|^>fFC-7V^hHOGyZZC_?k+x8op%a033b}xL1#s+NGE41l77V*+U zQ(ds<@^)@_>1Ej=7sD=GC4&pFc}TaGrCOF_)g&})bG*uEB26h&m1Z{!)aZ)rW3!ph zTb0ddM;i%llVnPmy${~i_hu5PeS9NCTL(8hsg!Lu6HG#V>K902Kl8LiG3i$5w_u+b zw<{VI_QltQ@K|%!D&QeEq0l>lGLu+2Zz#Hapc@oGXB9h_XTKtEd!V>R9auf6QI_r`qmj3+oNBP$Dkt(M$h%`THwNZVP1ft~LxQzCN zO?Ldt>^RBm{JqbDm$wNviP&0RzX&!C!n^Z%K2}k~#l=Uz;ZlEKdU5wutx+`n)$rA2 zdz4@9MTu-IWN z)o&e7mGsoB(Uq>0#)m1RiF&Cw+pN;;WU|Fl`as)2@{vzc^DnH2S(8c->Ad+5)#_F|A&qt9+9>HrGU^s;QdA{AO+?&m{AyX0A&x%DqE24>U!L!Q zcQ8id`JF)U++R>*+j?XzPupeRi4Tv_C2-#0GuJPRaLE7MmM~t{GXQeh$494EM+>)w z^Cq@9HX4&us*tKaclsVN)<0F16!m_eA?@ilDL3R7z<`SLMXqmq zD7+?CuoThM5=iqCK`j?b27Kv`iVm(|R$M?wt=nJX7`p3cT5}Zh5 z^r_j|;ikB50Z#&DH8P{(3g*M2af@9Bu1jqAT3whCRyByWGB7zdVNxmU@JOuu3%n_n-8T(L_e-A~HDrNX~&V!>n2^N>KVXUZ>z;wm1?*qu>@)zo!=L z86wQC+2jXcwiN$(du#p~&r!kwLHK*8)W-=gg*P|bV!oV{^5 zmSRVA^5U);vh!o&oNqxiL-q)U4LJw<^*j4ecmyd3k#|~&$gbAhA4f(r9prRZ#=V+G zoWbC{79=>4t3S-X-xvMM2bI9cZhtTA>4urPM{f$$kiZrP(U5g>(33KfC?L2rz=F+q-a{O}pK7BW zT)uZ8LCb3GYXkZAxk%vjT0W>wiAUCu)_iXCbPCGGN$8^0?zcy>>d9)Xp2<=Sfu?0& z@_bG`nP;0Ql97;7a?SK4mV|36Q?2LN`NJEME+0`F5s$!HEr38ubUfi%N zA{iWr*D+;}gAuW)uIFU7XG7bGp1+NL5K8P$LI7riA?-=^3pBkCGv1;CZh-9fknr=0fj6sp#nbF(2ZtDO6Nrpb=(u}&@^pgt+8+=N`&)u9{b@axt)Twiw&_WYR05Ya;3rN$KQsv z|5?CRjkio_IPF(?49<1a=g!e=N0=$Q3AKUD54&dC0c%W!DcjVaMtC1U*~L%*a$6|r z+bp(RjI(wSi;_gP7`f<%IvI>&#@%-K{G24O9_DmLk*jL;8%fujPJn~#R35C`bV6j& z$ZDy_%s%jE4!LM9A^%YaydmTfUp8@K( zX$oAvDr8iG&Vx?!l8hljIo08Lu0JiyIg5vW*{Qe<8qOvgBDT*sV9> zD~JnwZCaRbMpW-SSrl`g<6gSGzCP}9rt44@aws;GUoV~Hx>Ku6srJ~bC+38Wb#6~v zVPjk(7D+$jj3&RTnUHK7r>6~EL^z$%7Jcbo)yraGI_^zb-T9c}pKlv$Yk_BkA068J zd#dfR1px55{%?DBrVFKkK7_#+5y85gZzvkKT$`644$)5W2T3}=mOX%iX^|(ocF>$Q z96=gBVg?J9<`3kbfX)-)(@t;_qPC07?TMD=9vjc#$gjVk>bdtbSH9j{j8AUz`a*s* zV+<2e%}-s^-Y1ANliK33Jt@S2+lzUDBooVm+m@Tt_dN#jjV%V=Ewy$G+*8^7{O~ay zU~=j8x#(zVnr&!2-S%1gn&q)HmYjBcDkm!$Sp?bKxNN@9tW(TkUroj!NeTG|T#QZK z;ZEj5*2FiP(oy)ccrnZFe-B+xRcj)&561ZWC7LaBzG^G9Q>=4hAnLMN2PnyYue&XP zJM13>_)`6`KD^pA=Ci>4cF)q#L(~3k-*TH(}5+IGwdWCaG3~J{PDsik{`xbACupBpf}1XA^$oP&DC?5T_Woj zjX)1hU0s9WMr{&r`#=wn(L0}8>MK#w+EtGMV8}+mwQmsBHz1$Y+Yb^E$qof|TjUaD znd_EYA}r=$gqB{fg#LEDR=bd{;+ZK!5HhP9-hE?3)8o=?g4pnxO)-Q}qagNJ3%un! zSYYmB1GY?2z*ieX9XxeA8lOQUadf3VK3DeBwZGBCj_dptqCoTy21oKbtG_lx&)s5uBDMldi2r_+nH$z z=OA=DPY5_-EiGt@EP6r)3HjV$cNbH&8y-%HYT`MGtySB?;U6++%gsMJoFEbtf>F*o zqEq+H+J~T8$QH{fdz`H>Opb&+)&1_c>9!J0Pw|J-z}8WUV5zIG_2B3aXYN1e(>H+( z%0aW};*a^NbrF~^DvEtPMZ)SGl~QlUkJV1VUC2qWJTEq!#9DrR6=yJ-mRce(Z=`5O(zlFcI~lGs&|B^hbq?tL0`@OnDG8}p|o8{^Qy#1cl`B)*qT(k3m1 zwZy4_MevxElj98Cd;E5EGfYf-?*)&06Lx+dR9c-*$T8_?ABEUJ96i0!f&%g6ph(Ol z>i*F1KV@SY9;e6|6y|PN_~?;KDQGCWJH*G6Ho5pxt5OUKUEs!pmCmrSq$K)XvFv0b zqU7jm??bW}@4F>=0mtE%q`ZzN51P% zlqKV!XE%1XnapdBNAZj%{W)o-A->K|&0XC$e z+MO142<$1Btw`%vs&Givs3<+ua9sqwacRg%;)hTXSu!3F^+$T(WjcexIp*JEHd(y__KF~I#8?0n7Jl=V|8BKm&G->*|OVOX_UyeM)qa4 z{=|aAA73OM65N+Sfq*b-Uc^9(xU~p};jcb4Y3-?98P@b>0XoZI*35$E2o#P??+*9> zF zTSRXF^Cc7{)&kC=Y>9oHa{Xz&20%HF9p2>T_LiBl6FoW__0=W*m^BxaTz0uLBOJEg z372o%=?!I8p=5arZ0uheg5r^G>-~l+MD&GXP-Bi(%8{c-)5+N*xZLRirt*-%_y;>8 zf#1O0$x(7#$t?Jv#vV@~#}r16P)YaIBlN`{>|18I&yLBlnZX~{&ZIX!EuszZ$&*O> zt(68&<6iO=DA7p4ya@CG$9dBigoABONq&A0LT+6>$79V8WYt~%fI?CExv*_tBxcR) z^JfqX$o5!M$I_>oF3uKA9hz`>tjQMGy0N}B5C{cwzPEj0I@Q~)hTA+LCSrKg{hRGv z7f10p0fTV~90hcsC6$thG2Qba;$SI8#Qne28es^$(>#EkiSM}n*qi#w#|4>x6}WZS zY%BCqZ#Jt$tswwT53#$P5KNDpnU%*)Tq3QbbbtsP2_1riEnGh9$ zGBCBTXs0miyA_*Q^$3Hc z!7b8`S~cI^-KGAN#QjvJfsYV@UI)N#`WX#^WO(?>0IX@AxEs6nAzaSEKShXhnqO*h z-90T9!CBMs?)TVW3WeP#)|ZQkfjzKVoWXndnRpQ=bXqkeCE zU={EEmOA%@clcW|JP(H};(2Zf9W4ETw19<^mE4rt;kzb8^<{>D5%F^?=KbEI9%s##!aMJzs_}hdsBygY zO^bwHg;(%ABjJOX#1y#e^Z5?_QE^EA+i_8L1Xvb*Gxf4u#~WfOp^1`-d3*d}*zz}g zBrW)p=Q{)HVu1Mh%r{^h1yz=`(f6({ua5)-zu-M>_hOB37N0={<=hN{^_E?}h34{fm zdIb!er))t_QzrV+U3T=}2C(x#B^ph3-z`t>Mq-BNqt{fP1qKW}+GG~(*w6JMz{s>r z4I61>SIHx^P{zlPH_XPVtPKm)I856-SOW008~lC~EoR$hG&AutBnfm; zk1SEb`e#DG!88#_143euXMQ`Y{Y%Y7W}(}esOt0>j+e_ z!~R6+WOHgc_ZAtw3yTwLZ+6hW(lRepoGfY6az@u4D)c6q za@6_8>U#DxDxthC6vZLbB3pUiN^GW;h?}>ABuRd0dF$}e zn*`}7pK_{{OuY%`dqrwGig2g#IHAYC?C;mDz9UYO%~Z&YHGSOAJHCTk3l(Q`4{&MBNZq43BF; zHSEjS`%i3q+t6wTQ7Vo=*z{q)FSq34DnhS))v<=hxR#N8TVa+_&GCjLgn12Jp?&DL zWtEBIk14l-T2-Af_y^cA*@9%iFZAq8g&4puzttG1f9v3zugHuI$N9f;>DAa62rPV4 znk}9pU5{pCC)%pmq+?SLCEv$`1ij=}81yBkT4c^uA}j@SeeLlPgOkB!ah1ml zeLiy7Twd&=gD-vZ+pVbb;z^5`!`UkBgq*7(Ez}$hqQ+K8)G+*rUt}M@{#8fHNbI%4 zoElj6mXJ{2R$M5bmAaUcw9Gd23D2&%RVFO~?2c}$!bE^PLmSAUjiq1%kx4Go;3c!d z>0;euznf;*SLk4=Bp~-jiLEeUCP0p>^*^wp4;ast26L_y? z25bd#pk*0z?krM&B?KOVp)|I_kC;k7QtU;>871BkzX-8h#5nj;7Q6QP6Dtsv$mb}`+PjJNhowe2S6!_9bExEg)FtSR!- + We now support configuring the host and port for the cloud in your config.yml. These + are used when logging in to utilize features provided by an extension, and are also passed + along as environment variables when installing the `traffic-manager`. Additionally, we + now run our testsuite with these variables set to localhost to continue to ensure Telepresence + is fully fuctional without depeneding on an external service. The SYSTEMA_HOST and SYSTEMA_PORT + environment variables are no longer used. + image: telepresence-2.4.1-systema-vars.png + docs: reference/config/#cloud + - type: change title: Traffic Manager installed via helm body: >- From 57f4967b5e27992378b60fde3595c7d0baa853dd Mon Sep 17 00:00:00 2001 From: Donny Yung Date: Mon, 30 Aug 2021 13:40:34 -0400 Subject: [PATCH 11/12] Catching up releaseNotes from the changelog for v2.4.1 Signed-off-by: Donny Yung --- releaseNotes.yml | 64 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/releaseNotes.yml b/releaseNotes.yml index 1ae12cafa8..e39c4ed7a7 100644 --- a/releaseNotes.yml +++ b/releaseNotes.yml @@ -45,6 +45,13 @@ items: image: telepresence-2.4.1-systema-vars.png docs: reference/config/#cloud + - type: feature + title: Helm chart can now regenerate certificate used for mutating webhook on-demand. + body: >- + You can now set agentInjector.certificate.regenerate when deploying Telepresence + with the Helm chart to automatically regenerate the certificate used by the agent injector webhook. + docs: install/helm + - type: change title: Traffic Manager installed via helm body: >- @@ -62,6 +69,63 @@ items: to "get" and "list" namespaces (this has been updated in the helm chart). docs: install/helm + - type: bugfix + title: Telepresence now mounts all directories from /var/run/secrets + body: >- + In the past, we only mounted secret directories in /var/run/secrets/kubernetes.io. + We now mount *all* directories in /var/run/secrets, which, for example, includes + directories like eks.amazonaws.com used for IRSA tokens. + docs: reference/volume + + - type: bugfix + title: Max gRPC receive size correctly propagates to all grpc servers + body: >- + This fixes a bug where the max gRPC receive size was only propagated to some of the + grpc servers, causing failures when the message size was over the default. + docs: reference/config/#grpc + + - type: bugfix + title: Updated our Homebrew packaging to run manually + body: >- + We made some updates to our script that packages Telepresence for Homebrew so that it + can be run manually. This will enable maintainers of Telepresence to run the script manually + should we ever need to rollback a release and have latest point to an older verison. + docs: install/ + + - type: bugfix + title: Telepresence uses namespace from kubeconfig context on each call + body: >- + In the past, Telepresence would use whatever namespace was specified in the kubeconfig's current-context + for the entirety of the time a user was connected to Telepresence. This would lead to confusing behavior + when a user changed the context in their kubeconfig and expected Telepresence to acknowledge that change. + Telepresence now will do that and use the namespace designated by the context on each call. + + - type: bugfix + title: Idle outbound TCP connections timeout increased to 7200 seconds + body: >- + Some users were noticing that their intercepts would start failing after 60 seconds. + This was because the keep idle outbound TCP connections were set to 60 seconds, which we have + now bumped to 7200 seconds to match Linux's tcp_keepalive_time default. + + - type: bugfix + title: Telepresence will automatically remove a socket upon ungraceful termination + body: >- + When a Telepresence process terminates ungracefully, it would inform users that "this usually means + that the process has terminated ungracefully" and implied that they should remove the socket. We've + now made it so Telepresence will automatically attempt to remove the socket upon ungraceful termination. + + - type: bugfix + title: Fixed user daemon deadlock + body: >- + Remedied a situation where the user daemon could hang when a user was logged in. + + - type: bugfix + title: Fixed agentImage config setting + body: >- + The config setting images.agentImages is no longer required to contain the repository, and it + will use the value at images.repository. + docs: reference/config/#images + - version: 2.4.0 date: '2021-08-04' notes: From edb8309679f7b466722667cc3c3c29513fd8436b Mon Sep 17 00:00:00 2001 From: Donny Yung Date: Mon, 30 Aug 2021 16:00:35 -0400 Subject: [PATCH 12/12] bump date for 2.4.1 release Signed-off-by: Donny Yung --- releaseNotes.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releaseNotes.yml b/releaseNotes.yml index e39c4ed7a7..e2a17fa534 100644 --- a/releaseNotes.yml +++ b/releaseNotes.yml @@ -31,7 +31,7 @@ changelog: https://github.com/telepresenceio/telepresence/blob/$branch$/CHANGELO items: - version: 2.4.1 - date: 'TBD' + date: '2021-08-30' notes: - type: feature title: External cloud variables are now configurable