telepresenceio · thallgren · Feb 2, 2025 · Feb 2, 2025 · Feb 2, 2025 · Feb 2, 2025
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -112,7 +112,7 @@ jobs:
             echo "prerelease=false" >> $GITHUB_OUTPUT
           fi
       - name: Create draft release
-        if: steps.semver_check.outputs.draft == true
+        if: ${{ steps.semver_check.outputs.draft == 'true' }}
         uses: ncipollo/release-action@v1
         with:
           artifacts: "binaries-*/*"
@@ -123,7 +123,7 @@ jobs:
             ## Draft Release
             For more information, visit our [installation docs](https://www.telepresence.io/docs/latest/quick-start/).
       - name: Create release
-        if: steps.semver_check.outputs.draft != true
+        if: ${{ steps.semver_check.outputs.draft == 'false' }}
         uses: ncipollo/release-action@v1
         with:
           artifacts: "binaries-*/*"
@@ -148,9 +148,9 @@ jobs:
 
             ![Assets](https://static.scarf.sh/a.png?x-pxid=d842651a-2e4d-465a-98e1-4808722c01ab)
       - uses: actions/checkout@v4
-        if: steps.semver_check.outputs.make_latest == true
+        if: ${{ steps.semver_check.outputs.make_latest == 'true' }}
       - name: Update Homebrew
-        if: steps.semver_check.outputs.make_latest == true
+        if: ${{ steps.semver_check.outputs.make_latest == 'true' }}
         run: |
           v=${{ github.ref_name }}
           packaging/homebrew-package.sh "${v#v}" tel2oss "${{ vars.GH_BOT_USER }}" "${{ vars.GH_BOT_EMAIL }}" "${{ secrets.HOMEBREW_TAP_TOKEN }}"
@@ -159,7 +159,7 @@ jobs:
     needs:
       - push-images
       - publish-release
-    if: needs.publish-release.semver_check.outputs.draft != true
+    if: ${{ needs.publish-release.semver_check.outputs.draft == 'false' }}
     strategy:
       fail-fast: false
       matrix:

diff --git a/CHANGELOG.yml b/CHANGELOG.yml
@@ -27,6 +27,42 @@ items:
   - version: 2.22.0
     date: (TBD)
     notes:
+      - type: feature
+        title: New telepresence replace command.
+        body: |-
+          The new `telepresence replace` command simplifies and clarifies container replacement.
+
+          Previously, the `--replace` flag within the `telepresence intercept` command was used to replace containers.
+          However, this approach introduced inconsistencies and limitations:
+
+          * **Confusion:** Using a flag to modify the core function of a command designed for traffic interception led
+            to ambiguity.
+          * **Inaccurate Behavior:** Replacement was not possible when no incoming traffic was intercepted, as the
+            command's design focused on traffic routing.
+
+          To address these issues, the `--replace` flag within `telepresence intercept` has been deprecated. The new
+          `telepresence replace` command provides a dedicated and consistent method for replacing containers, enhancing
+          clarity and reliability.
+
+          Key differences between `replace` and `intercept`:
+
+          1. **Scope:** The `replace` command targets and affects an entire container, impacting all its traffic, while
+             an `intercept` targets specific services and/or service/container ports.
+          2. **Port Declarations:** Remote ports specified using the `--port` flag are container ports. 
+          3. **No Default Port:** A `replace` can occur without intercepting any ports.
+          4. **Container State:** During a `replace`, the original container is no longer active within the cluster.
+
+          The deprecated `--replace` flag still works, but is hidden from the `telepresence intercept` command help, and
+          will print a deprecation warning when used.
+      - type: feature
+        title: No dormant container present during replace.
+        body: |-
+          Telepresence will no longer inject a dormant container during a `telepresence replace` operation. Instead, the
+          Traffic Agent now directly serves as the replacement container, eliminating the need to forward traffic to the
+          original application container. This simplification offers several advantages when using the `--replace` flag:
+
+          - **Removal of the init-container:** The need for a separate init-container is no longer necessary.
+          - **Elimination of port renames:** Port renames within the intercepted pod are no longer required.
       - type: feature
         title: One single invocation of the Telepresence intercept command can now intercept multiple ports.
         body: >-
@@ -50,15 +86,22 @@ items:
           ```
         docs: install/manager#static-versus-dynamic-namespace-selection
       - type: feature
-        title: Removal of the dormant container during intercept with --replace.
-        body: |-
-          During a `telepresence intercept --replace operation`, the previously injected dormant container has been
-          removed. The Traffic Agent now directly serves as the replacement container, eliminating the need to forward
-          traffic to the original application container. This simplification offers several advantages when using the
-          `--replace` flag:
-
-          - **Removal of the init-container:** The need for a separate init-container is no longer necessary.
-          - **Elimination of port renames:** Port renames within the intercepted pod are no longer required.
+        title: List output includes workload kind.
+        body: >-
+          The output of the `telepresence list` command will now include the workload kind (deployment, replicaset,
+          statefulset, or rollout) in all entries.
+      - type: change
+        title: Trigger the mutating webhook with Kubernetes eviction objects instead of patching workloads.
+        body: >-
+          Instead of patching workloads, or scaling the workloads down to zero and up again, Telepresence will now
+          create policy/v1 Eviction objects to trigger the mutating webhook. This causes a slight change in the
+          traffic-manager RBAC. The `patch` permissions are no longer needed. Instead, the traffic-manager must be
+          able to create "pod/eviction" objects.
+      - type: change
+        title: The telepresence-agents configmap is no longer used.
+        body: >-
+          The traffic-agent configuration was moved into a pod-annotation. This avoids sync problems between the
+          telepresence-agents (which is no no longer present) and the pods.
       - type: change
         title: Drop deprecated current-cluster-id command.
         body: >-
@@ -75,6 +118,37 @@ items:
         body: >-
           macOS based systems will often PTR queries using nameslike `b._dns-sd._udp`, lb._dns-sd._udp, or
           `db-dns-sd._udp`. Those queries are no longer dispatched to the cluster.
+      - type: bugfix
+        title: Using the --namespace option with telepresence causes a deadlock.
+        body: >-
+          Using `telepresence list --namespace <ns> with a namespace different from the one that telepresence was
+          connected to, would cause a deadlock, and then produce an empty list.
+      - type: bugfix
+        title: Fix problem with exclude-suffix being hidden by DNS search path.
+        body: >-
+          In some situations, a name ending with an exclude-suffix like "xyz.com" would be expanded by a search path
+          into "xyz.com.<connected namespace>" and therefore not be excluded. Instead, the name was sent to the cluster
+          to be resolved, causing an unnecessary load on its DNS server.
+  - version: 2.21.3
+    date: 2025-02-06
+    notes:
+      - type: bugfix
+        title: Using the --proxy-via flag would sometimes cause connection timeouts.
+        body: >-
+          Typically, a `telepresence connect --proxy-via <subnet>=<workflow>` would fail with a "deadline exceeded"
+          message when several workloads were present in the namespace, the one targeted by the proxy-via didn't yet
+          have an agent installed, and other workloads had an agent. This was due to a race condition in the logic
+          for the agent-based port-forwards in the root daemon. The conditions causing this race are now eliminated.
+      - type: bugfix
+        title: Fix panic in root daemon when using the "allow conflicting subnets" feature on macOS.
+        body: >-
+          A regression was introduced in version 2.21.0, causing a panic due to an unimplemented method in the
+          TUN-device on macOS based clients.
+      - type: bugfix
+        title: Ensure that annotation enabled traffic-agents are uninstall when uninstalling the traffic-manager.
+        body: >-
+          A traffic-agent injected because the workload had the inject annotation enabled would sometimes not get
+          uninstalled when the traffic-manager was uninstalled.
   - version: 2.21.2
     date: 2025-01-26
     notes:

diff --git a/DEPENDENCIES.md b/DEPENDENCIES.md
@@ -25,7 +25,7 @@ following Free and Open Source software:
     github.com/containerd/log                                      v0.1.0                                Apache License 2.0
     github.com/containerd/platforms                                v0.2.1                                Apache License 2.0
     github.com/coreos/go-iptables                                  v0.8.0                                Apache License 2.0
-    github.com/cyphar/filepath-securejoin                          v0.4.0                                3-clause BSD license
+    github.com/cyphar/filepath-securejoin                          v0.4.1                                3-clause BSD license
     github.com/datawire/argo-rollouts-go-client                    v0.0.0-20241216133646-cb1073556c99    Apache License 2.0
     github.com/datawire/dlib                                       v1.3.1                                Apache License 2.0
     github.com/datawire/dtest                                      v0.0.0-20210928162311-722b199c4c2f    Apache License 2.0
@@ -41,7 +41,7 @@ following Free and Open Source software:
     github.com/docker/go-metrics                                   v0.0.1                                Apache License 2.0
     github.com/docker/go-units                                     v0.5.0                                Apache License 2.0
     github.com/emicklei/go-restful/v3                              v3.12.1                               MIT license
-    github.com/evanphx/json-patch                                  v5.9.0+incompatible                   3-clause BSD license
+    github.com/evanphx/json-patch                                  v5.9.11+incompatible                  3-clause BSD license
     github.com/exponent-io/jsonpath                                v0.0.0-20210407135951-1de76d718b3f    MIT license
     github.com/fatih/camelcase                                     v1.0.0                                MIT license
     github.com/fatih/color                                         v1.18.0                               MIT license
@@ -52,7 +52,7 @@ following Free and Open Source software:
     github.com/fxamacker/cbor/v2                                   v2.7.0                                MIT license
     github.com/go-errors/errors                                    v1.5.1                                MIT license
     github.com/go-gorp/gorp/v3                                     v3.1.0                                MIT license
-    github.com/go-json-experiment/json                             v0.0.0-20250124004741-3d76ae074650    3-clause BSD license
+    github.com/go-json-experiment/json                             v0.0.0-20250129011340-4e0381018ad6    3-clause BSD license
     github.com/go-logr/logr                                        v1.4.2                                Apache License 2.0
     github.com/go-logr/stdr                                        v1.2.2                                Apache License 2.0
     github.com/go-openapi/jsonpointer                              v0.21.0                               Apache License 2.0
@@ -73,11 +73,13 @@ following Free and Open Source software:
     github.com/gorilla/websocket                                   v1.5.3                                2-clause BSD license
     github.com/gosuri/uitable                                      v0.0.4                                MIT license
     github.com/gregjones/httpcache                                 v0.0.0-20190611155906-901d90724c79    MIT license
+    github.com/grpc-ecosystem/go-grpc-middleware/v2                v2.2.0                                Apache License 2.0
     github.com/hashicorp/errwrap                                   v1.1.0                                Mozilla Public License 2.0
     github.com/hashicorp/go-multierror                             v1.1.1                                Mozilla Public License 2.0
     github.com/hectane/go-acl                                      v0.0.0-20230122075934-ca0b05cb1adb    MIT license
     github.com/huandu/xstrings                                     v1.5.0                                MIT license
     github.com/inconshreveable/mousetrap                           v1.1.0                                Apache License 2.0
+    github.com/jlaffaye/ftp                                        v0.2.0                                ISC license
     github.com/jmoiron/sqlx                                        v1.4.0                                MIT license
     github.com/josharian/intern                                    v1.0.1-0.20211109044230-42b52b674af5  MIT license
     github.com/json-iterator/go                                    v1.1.12                               MIT license
@@ -125,12 +127,14 @@ following Free and Open Source software:
     github.com/spf13/afero                                         v1.12.0                               Apache License 2.0
     github.com/spf13/cast                                          v1.7.1                                MIT license
     github.com/spf13/cobra                                         v1.8.1                                Apache License 2.0
-    github.com/spf13/pflag                                         v1.0.5                                3-clause BSD license
+    github.com/spf13/pflag                                         v1.0.6                                3-clause BSD license
     github.com/stretchr/testify                                    v1.10.0                               MIT license
-    github.com/telepresenceio/go-fuseftp/rpc                       v0.5.0                                Apache License 2.0
+    github.com/telepresenceio/go-fuseftp                           v0.6.1                                Apache License 2.0
+    github.com/telepresenceio/go-fuseftp/rpc                       v0.6.1                                Apache License 2.0
     github.com/telepresenceio/telepresence/rpc/v2                  (modified)                            Apache License 2.0
     github.com/vishvananda/netlink                                 v1.3.0                                Apache License 2.0
     github.com/vishvananda/netns                                   v0.0.5                                Apache License 2.0
+    github.com/winfsp/cgofuse                                      v1.6.0                                MIT license
     github.com/x448/float16                                        v0.8.4                                MIT license
     github.com/xeipuuv/gojsonpointer                               v0.0.0-20190905194746-02993c407bfb    Apache License 2.0
     github.com/xeipuuv/gojsonreference                             v0.0.0-20180127040603-bd5ef7bd5415    Apache License 2.0
@@ -154,13 +158,13 @@ following Free and Open Source software:
     golang.zx2c4.com/wintun                                        v0.0.0-20230126152724-0fa3db229ce2    MIT license
     golang.zx2c4.com/wireguard                                     v0.0.0-20231211153847-12269c276173    MIT license
     golang.zx2c4.com/wireguard/windows                             v0.5.3                                MIT license
-    google.golang.org/genproto/googleapis/rpc                      v0.0.0-20250124145028-65684f501c47    Apache License 2.0
+    google.golang.org/genproto/googleapis/rpc                      v0.0.0-20250127172529-29210b9bc287    Apache License 2.0
     google.golang.org/grpc                                         v1.70.0                               Apache License 2.0
     google.golang.org/protobuf                                     v1.36.4                               3-clause BSD license
     gopkg.in/evanphx/json-patch.v4                                 v4.12.0                               3-clause BSD license
     gopkg.in/inf.v0                                                v0.9.1                                3-clause BSD license
     gopkg.in/yaml.v3                                               v3.0.1                                Apache License 2.0, MIT license
-    gvisor.dev/gvisor                                              v0.0.0-20250115195935-26653e7d8816    Apache License 2.0, MIT license
+    gvisor.dev/gvisor                                              v0.0.0-20250131185017-b744a1bd640b    Apache License 2.0, MIT license
     helm.sh/helm/v3                                                v3.17.0                               Apache License 2.0
     k8s.io/api                                                     v0.32.1                               Apache License 2.0
     k8s.io/apiextensions-apiserver                                 v0.32.1                               Apache License 2.0