Proto commits in telepresenceio/telepresence

These commits are when the Protocol Buffers files have changed: (only the last 100 relevant commits are shown)

2025-05-06

Network plugin work to be merged down Signed-off-by: Thomas Hallgren <thomas@tada.se>

2025-05-04

Fix bad neighbor issue Signed-off-by: Thomas Hallgren <thomas@tada.se>

Fix bad neighbor issue Signed-off-by: Thomas Hallgren <thomas@tada.se>

2025-04-26

Add Teleroute network driver. Signed-off-by: Thomas Hallgren <thomas@tada.se>

Add the ability to use a name for the target host. Knowing the IP of the local container that acts as the handler service for an intercept, replace, or wiretap is not possible until the container has been started. This commit introduces the concept of target host synthetic IP. A named target host will be replaced by a random synthesized IPv6 IP when the engagement is initialized. Later, when the traffic-agent container dials this IP, the original name will be found and resolved into an IP, thus deferring the name resolution until an actual request is made to the engaged pod. This allows the engagement to be created before the creation of the handler service, and removes the need for the user to use IP addresses. Signed-off-by: Thomas Hallgren <thomas@tada.se>

2025-04-25

Lint fixes. Signed-off-by: Thomas Hallgren <thomas@tada.se>

Add Teleroute network driver. Signed-off-by: Thomas Hallgren <thomas@tada.se>

rewire docker-run Signed-off-by: Thomas Hallgren <thomas@tada.se>

Add the ability to use a name for the target host. Knowing the IP of the local container that acts as the handler service for an intercept, replace, or wiretap is not possible until the container has been started. This commit introduces the concept of target host synthetic IP. A named target host will be replaced by a random synthesized IPv6 IP when the engagement is initialized. Later, when the traffic-agent container dials this IP, the original name will be found and resolved into an IP, thus deferring the name resolution until an actual request is made to the engaged pod. This allows the engagement to be created before the creation of the handler service, and removes the need for the user to use IP addresses. Signed-off-by: Thomas Hallgren <thomas@tada.se>

2025-04-14

W.I.P. Telepresence Docker Network Plugin Signed-off-by: Thomas Hallgren <thomas@tada.se>

Update module dependencies. Signed-off-by: Thomas Hallgren <thomas@tada.se>

The documentation is generated from this commit.

W.I.P. Telepresence Docker Network Plugin Signed-off-by: Thomas Hallgren <thomas@tada.se>

2025-03-26

Add a telepresence wiretap command. A wiretap is a read-only form of an intercept. The original container will still receive the wiretapped traffic, and a copy of the traffic is sent to the client. Writes on the client connection are discarded. Similar to an ingest, a wiretap will always enforce read-only status on all volume mounts, and since the wiretap then is completely read-only, there's no limit to how many simultaneous wiretaps that can be served. Signed-off-by: Thomas Hallgren <thomas@tada.se>

2025-03-11

Decouple downloads from getambassador.io Changes download links to point directly to GitHub instead of being forwarded from getambassador.io. Signed-off-by: Thomas Hallgren <thomas@tada.se>

2025-03-08

Decouple downloads from getambassador.io Changes download links to point directly to GitHub instead of being forwarded from getambassador.io. Signed-off-by: Thomas Hallgren <thomas@tada.se>

Improved control over remote volume mounts using mount policies Mount policies, that affects how the telepresence traffic-agent shares the pod's volumes, and also how the client will mount them, can now be provided using the Helm chart value `agent.mountPolicies` or as JSON object in the workload annotation `telepresence.io/mount-policies`. A mount policy is applied to a volume or to all paths matching a path-prefix (distinguished by checking if first character is a '/'), and can be one of `Ignore`, `Local`, `Remote`, or `RemoteReadOnly`. Signed-off-by: Thomas Hallgren <thomas@tada.se>

2025-02-21

Make the DNS recursion check configurable and turn it off by default. Very few systems experience a DNS recursion lookup problem. It can only occur when the cluster runs locally and the cluster's DNS is configured to somehow use DNS server that is started by Telepresence. The check is therefore now configurable through the client setting `dns.recursionCheck`, and it is `false` by default. Signed-off-by: Thomas Hallgren <thomas@tada.se>

2025-02-17

Cache port-forward dialers on pod ID, not pod name and namespace. StatefulSets reuse pod-names so using that as a cache key is a no-go. Signed-off-by: Thomas Hallgren <thomas@tada.se>

2025-02-08

Use podUid to identify pods. Signed-off-by: Thomas Hallgren <thomas@tada.se>

New telepresence replace command. The new `telepresence replace` command simplifies and clarifies container replacement. Previously, the `--replace` flag within the `telepresence intercept` command was used to replace containers. However, this approach introduced inconsistencies and limitations: * **Confusion:** Using a flag to modify the core function of a command designed for traffic interception led to ambiguity. * **Inaccurate Behavior:** Replacement was not possible when no incoming traffic was intercepted, as the command's design focused on traffic routing. To address these issues, the `--replace` flag within `telepresence intercept` has been deprecated. The new `telepresence replace` command provides a dedicated and consistent method for replacing containers, enhancing clarity and reliability. Key differences between `replace` and `intercept`: 1. **Scope:** The `replace` command targets and affects an entire container, impacting all its traffic, while an `intercept` targets specific services and/or service/container ports. 2. **Port Declarations:** Remote ports specified using the `--port` flag are container ports. 3. **No Default Port:** A `replace` can occur without intercepting any ports. 4. **Container State:** During a `replace`, the original container is no longer active within the cluster. The deprecated `--replace` flag still works, but is hidden from the `telepresence intercept` command help, and will print a deprecation warning when used. Signed-off-by: Thomas Hallgren <thomas@tada.se>

Drop use of the telepresence-agents configmap. This commit removes the complex pattern used when engaging with a workload to get a traffic-agent injected into its pods. 1. Generate an agent configuration. 2. Store the configuration in the `telepresence-agents` configmap. 3. Wait for the agent to arrive. A watcher on the `telepresence-agents` configmap would now get an event and discover the new or modified configuration. It took the following steps: 1. Determine if a rollout is needed. 2. Perform a rollout to trigger the mutating webhook. 1. Check if the pod has a configuration entry in the configmap. 2. Patch pod if necessary. 1. Generate an agent configuration. 2. Evict pods with config annotation mismatch (triggers the webhook). No action. The configmap no longer exists 1. Check if the pod has a configuration entry in the configmap. 2. Patch pod if necessary and include the config as an annotation. Signed-off-by: Thomas Hallgren <thomas@tada.se>

2025-01-06

One single invocation of intercept can now intercept multiple ports. It is now possible to intercept multiple ports with one single invocation of `telepresence intercept` by just repeating the `--port` flag. Signed-off-by: Thomas Hallgren <thomas@tada.se>

2024-12-17

Get rid of old code that retrieves "clusterID". The clusterID was replaced with installID some time ago, the difference being that the clusterID was the UID of the "default" namespace whereas the installID is the UID of the namespace where the traffic-manager is installed. Signed-off-by: Thomas Hallgren <thomas@tada.se>

2024-12-08

Remove the gather-traces and upload-traces commands. The ability to collect trace has been removed. The code was complex and has not been well maintained since its inception in 2022. We have seen no indication that it has ever been used. Signed-off-by: Thomas Hallgren <thomas@tada.se>

2024-12-06

Introduce Virtual Network Address Translation (VNAT) Adds the `telepresence connect --vnat CIDR` flag, and a default conflict resolution behavior that relies on its function. Signed-off-by: Thomas Hallgren <thomas@tada.se>

2024-12-04

Improve auto-completion. Improves auto-completion of several commands, and removes the default file completion from almost all of them. Signed-off-by: Thomas Hallgren <thomas@tada.se>

Delete daemon.Routing protobuf message. It's never used. Signed-off-by: Thomas Hallgren <thomas@tada.se>

Mount everything read-only during intercept It is now possible to append ":ro" to the intercept `--mount` flag value. This ensures that all remote volumes that the intercept mounts are read-only. Signed-off-by: Thomas Hallgren <thomas@tada.se>

Added ingest command A `telepresence ingest` command, similar to `telepresence intercept`, provides local access to the volume mounts and environment variables of a targeted container. However, unlike `intercept`, `ingest` does not redirect traffic to the container and ensures that the mounted volumes are read-only. An ingest requires a traffic-agent to be installed in the pods of the targeted workload. Beyond that, it's a client-side operation. This allows developers to have multiple simultaneous ingests on the same container.

Let list command use an agent watcher instead of listing configmaps This alters the detailed output of the list command slightly, so that it no longer contains potential services that can be used when intercepting. Signed-off-by: Thomas Hallgren <thomas@tada.se>

Add properties needed for ingest to the manager.AgentInfo proto message The client must be able to perform mounts and convey the contents of the container's environment to perform an ingest. This commit adds the necessary properties to the `AgentInfo` proto message, and also modifies the traffic-manager gRPC function `EnsureAgent` to return the `AgentInfo` of the workload's pods. Signed-off-by: Thomas Hallgren <thomas@tada.se>

2024-12-02

Merge branch 'release/v2.20' into release/v2

2024-11-21

add valid field to provide validation status Signed-off-by: Fu Yu <fuyu@Fus-MacBook-Pro.local>

2024-11-18

Merge branch 'release/v2.20' into release/v2

2024-11-16

Ensure that local volume mounter uses correct IP when proxyVia is active A proxy-via will swap the IP of an intercepted pod. This swap must be propagated to the sftp/ftp/volume mounter. Closes #3715 Signed-off-by: Thomas Hallgren <thomas@tada.se>

2024-11-12

Add deployments, statefulSets, replicaSets to .workloads Helm chart values Signed-off-by: Jakub Rożek <jrozek@datawire.io>

2024-10-28

Add namespace to WorkloadEventsRequest and UID to the WorkloadInfo Signed-off-by: Thomas Hallgren <thomas@tada.se>

2024-10-27

Use netip.Prefix and netip.Addr instead of net.IPNet and net.IP This is a fairly comprehensive change, but it's been pending for some time now, and gets rid of a lot of unnecessary conversion and utility functions. Signed-off-by: Thomas Hallgren <thomas@tada.se>

2024-10-05

Add an option to specify target container when intercepting. An intercept ultimately targets a specific port within a container. The port is usually determined by examining the relationship between the service's `targetPort` and the container's `containerPort`. In certain scenarios, the container owning the intercepted port differs from the container the intercept targets. This container's sole purpose is to route traffic from the service to the intended container, often using a direct localhost connection. This commit introduces a `--container <name>` option to the intercept command. While this option doesn't influence the port selection, it guarantees that the environment variables and mounts propagated to the client originate from the specified container. Additionally, if the `--replace` option is used, it ensures that this container is replaced. Signed-off-by: Thomas Hallgren <thomas@tada.se>

2024-08-29

Enable intercepts of workloads that have no service. Telepresence is now capable of intercepting workloads that have no associated service. The intercept will then target container port instead of a service port. The new behavior is enabled by adding a `telepresence.getambassador.io/inject-container-ports` annotation where the value is a comma separated list of port identifiers consisting of either the name or the port number of a container-port, optionally suffixed with `/TCP` (the default) or `/UDP`. Closes #1647 Signed-off-by: Thomas Hallgren <thomas@tada.se>

2024-08-05

Support Argo Rollout workloads Signed-off-by: Jakub Rożek <jrozek@datawire.io>

Use Helm chart value to control Argo Rollouts support Signed-off-by: Jakub Rożek <jrozek@datawire.io>

2024-06-30

Enable passing a client identifier when using the API to connect. Adds a client identifier to the `ConnectRequest` structure used when connecting via the API. If set, this identifier will override the default `<user>@<host>` value of the `client` property in the `ClientInfo` structure that is passed to the manager's `ArriveAsClient` method. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2024-06-29

Add `state` and `intercept_clients` to event sent by `WatchWorkloads` The `state` property reflects the current state of a workload as `UNKNOWN`, `AVAILABLE`, `PROGRESSING`, or `FAILURE`. The `intercept_clients` property is included when the workload is intercepted. Its entries contain the client-id of the currently intercepting users. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2024-06-10

Warn when connecting to an Enterprise traffic-manager from an OSS client The difference between the OSS and the Enterprise offering is not well understood, and OSS users often install a traffic-manager using the Helm chart published at getambassador.io. This Helm chart installs an enterprise traffic-manager, which is probably not what the user would expect. Telepresence will now warn when an OSS client connects to an enterprise traffic-manager and suggest switching to an enterprise client, or use `telepresence helm install` to install an OSS traffic-manager. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2024-06-04

Watch intercepts from all sessions. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

Add state to the WorkloadInfo sent by WatchWorkloads. Adds a state, that reflects the current state of a workload as `UNKNOWN`, `AVAILABLE`, `PROGRESSING`, or `FAILURE`. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2024-06-03

Add a `intercept_clients` property the event sent by `WatchWorkloads`. The new attribute is included when the workload is intercepted. The entries contain the client-id of the currently intercepting users. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

Enable passing a client identifier when using the API to connect. Adds a client identifier to the `ConnectRequest` structure used when connecting via the API. If set, this identifier will override the default `<user>@<host>` value of the `client` property in the `ClientInfo` structure that is passed to the manager's `ArriveAsClient` method. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2024-05-27

Add a `intercept_clients` property the event sent by `WatchWorkloads`. The new attribute is included when the workload is intercepted. The entries contain the client-id of the currently intercepting users. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

Enable passing a client identifier when using the API to connect. Adds a client identifier to the `ConnectRequest` structure used when connecting via the API. If set, this identifier will override the default `<user>@<host>` value of the `client` property in the `ClientInfo` structure that is passed to the manager's `ArriveAsClient` method. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2024-05-15

Add WorkloadEventsWatcher to the gRPC API. This watcher enables a client to watch for modifications in workloads, including their agent's state (as not installed, installed, or intercepted). Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2024-04-14

Clean up confusion concerning DNS TLDs, search paths, and namespaces. The code seemingly used namespaces as search paths, but it didn't (luckily). Only one namespace (the connected one) should be a search path. Other namespaces must be top level domains. This commit refactors the passing of TLDs (namespaces) from the user daemon to the root daemon. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2024-02-11

Add option to load the kubeconfig yaml from stdin during connect. This allows another process with a kubeconfig already loaded in memory to directly pass it to `telepresence connect` without needing a separate file. Simply use a dash "-" as the filename for the `--kubeconfig` flag. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2024-02-06

Get rid of excessive debug log-output used during development. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2024-01-30

Add traffic-manager's installation ID to ConnectInfo message and status. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

Add UNAUTHORIZED and UNAUTHENTICATED to the connector.ConnectInfo enum. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2024-01-11

Add current subnet proxies to the output of the status command. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2024-01-09

Include traffic-agent image in status and version command output. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

Translation of remote IP to local virtual IP using --proxy-via flag Adds a new `--proxy-via CIDR=WORKLOAD` flag to `telepresence connect`, allowing Telepresence to translate DNS responses matching specific subnets into virtual IPs that are used locally. Those virtual IPs are then routed (with reverse translation) via the pod's of a given workload. This bidirectional translation makes it possible to handle custom DNS servers that resolve domains into loopback IPs. The flag may also be used in cases where the cluster's subnets are in conflict with the workstation's VPN. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2024-01-04

Add EnsureAgent function to the traffic-manager gRPC API. The new `EnsureAgent` function asserts that a traffic-agent is injected to the pod(s) of a given workload. This is essentially the same thing that happens when doing a `PrepareIntercept` but without knowing any intercept details besides the workload name. The namespace is known implicitly from the required session. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

Add function to get a tunnel.Provider for a workload to agentpf.Clients This commit adds the functionality needed to create a port-forward to the traffic-agent of a pod that belongs to a workload by adding the function `GetWorkloadClient` to the `agentpf.Clients` implementation. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2023-11-19

Removal of backward support for versions predating 2.6.0 The telepresence helm installer will no longer discover and convert workloads that were modified by versions prior to 2.6.0. The traffic manager will and no longer support the muxed tunnels used in versions prior to 2.5.0. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2023-11-02

Add gRPC service to the traffic-agent. Adds a new gRPC service that will allow clients to do a direct port-forward and then establish tunnels and dial watchers so that both outbound and inbound traffic can bypass the traffic-manager. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

Use traffic-agent port-forwards for outbound and intercepted traffic. The telepresence TUN-device is now capable of establishing direct port-forwards to a traffic-agent in the connected namespace. That port-forward is then used for all outbound traffic to the device, and also for all traffic that arrives from intercepted workloads. Getting rid of the extra hop via the traffic-manager improves performance and reduces the load on the traffic-manager. The feature can only be used if the client has Kubernetes port-forward permissions to the connected namespace. It can be disabled by setting `cluster.agentPortForward` to `false` in `config.yml`. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

Add WatchAgentPods service to traffic-manager. This service makes it possible for clients to watch for changes in intercepted traffic-agents. The watcher will only notify the client about changes that are relevant the client's session. It is triggered both when by agent changes and when agents change their intercept status with respect to the client session. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

Make it possible for a traffic-agent to report consumption metrics. Adds the `AddSessionConsumptionMetrics` to the traffic-manager gRPC so that traffic-agents can report such metrics when the traffic-manager no longer forwards the traffic. Also adds the prometheus gauges representing the sum total of all ingress and egress bytes. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

Introduce intercept disposition type REMOVED and modified timestamp. We want to track personal intercepts that have been REMOVED and let them linger for some time period while the agent responds with an error. This commit adds the disposition type REMOVED so that the existing WatchIntercepts subscription can be used to track that state. This commit also separates the actual remove from running finalizers in the traffic-manager state, so that finalizers can run when the user leaves the intercept and the actual remove can happen later on. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2023-11-01

Add an --allow-conflicting-subnets flag locally. Signed-off-by: Jose Cortes <josecortes@datawire.io>

2023-10-25

Add an --allow-conflicting-subnets flag locally. Signed-off-by: Jose Cortes <josecortes@datawire.io>

2023-10-20

Improve outbound traffic performance. The root-daemon now communicates directly with the traffic-manager instead of routing all outbound traffic through the user-daemon. The root-daemon uses a patched kubeconfig where `exec<` configurations to obtain credentials are dispatched to the user-daemon. This to ensure that all authentication plugins will execute in user-space. The old behavior of routing everything through the user-daemon can be restored by setting `cluster.connectFromUserDaemon` to `true` in `config.yml` Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2023-10-01

Make the helm command cli-only and get rid of pkg/install. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2023-09-26

Wire the replace parameter into the configmap Signed-off-by: Jose Cortes <josecortes@datawire.io>

2023-09-16

Don't clobber host's kubeconfig when connecting to containerized daemon. Connecting to a containerized daemon means that we also modify the `kubeconfig` flag to point to a copy of the config file in the cache. This modification is now kept in a special map that serves as an override when connecting. This means that the original host kubeconfig flag (if any) isn't affected. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2023-09-09

Add explicit environment propagation between client and connector This commit removes the code that passed environment variables in as kubernetes flags, to instead pass them explicitly where needed. Also adds propagation of the kubernetes flags to the client when it reconnects, so that those flags can be used for other purposes. The commit removes the propagation of kubernetes flags to the root daemon. It has no use for them. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2023-09-02

Introduce connection name. Adds a `--name <name>` option to the `telepresence connect` command, so that a connection can be given a name that is different from the <kubeContext>-<namespace> name that is generated by default. When a connection is named, a containerized daemon will be generated by prepending "tp-" to that name. The introduction of named connections enable use of multiple daemonized connections that uses the same namespace. This is beneficial because then pods with conflicting localhost ports can be intercepted simultaneously into different containers (each with a unique localhost). Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2023-08-24

Propagate namespace to traffic-manager in ClientInfo. The `ClientInfo` is sent in the client's `ArriveAsClient` call to the traffic-manager. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

Show namespace in connect response and in status command output. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2023-08-21

Add sidecar to json list output Signed-off-by: shepz <gveschambre@datawire.io>

Fix PR comments Signed-off-by: shepz <gveschambre@datawire.io>

Fix lint Signed-off-by: shepz <gveschambre@datawire.io>

Put back ServiceReference but within a map Signed-off-by: shepz <gveschambre@datawire.io>

Remove ServiceReference.uid since it's already used as the map key Signed-off-by: shepz <gveschambre@datawire.io>

2023-06-30

Reinstate the connector's UpdateIntercept delegation. Removing it breaks API. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2023-06-29

Remove everything related to cloud features or personal intercepts. This commit removes all code that deals with: - SystemA - Cloud tokens - Cloud messages - Cloud selection of agent image - Licenses - Personal intercepts - Preview URLs - API keys - Cluster ID Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2023-06-05

Allow users to configure an allow list for routing overrides Signed-off-by: Jose Cortes <josecortes@datawire.io>

2023-05-30

Expose new mappings / excludes endpoints to embedded daemon Signed-off-by: Kévin Lambert <kevin.lambert.ca@gmail.com>

Add GRPC endpoints for mappings and suffixes Signed-off-by: Kévin Lambert <kevin.lambert.ca@gmail.com>

2023-05-29

Add excludes and mapping fields to the DNS configuration Signed-off-by: Kévin Lambert <kevin.lambert.ca@gmail.com>

2023-04-29

Don't fail telepresence connect when DNS doesn't work. Some users benefit from having the routing up and running even though DNS isn't working. This commit ensures that `telepresence connect` succeeds even though the DNS server configuration was unsuccessful but a warning is printed on stderr, informing the user that the DNS isn't functional. A call to `telepresence status` will also show the DNS error. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2023-04-12

Ensure proper stop of intercept handler container. The container is stopped using `docker stop` instead of just killing the `docker run` with a signal, regardless of if the stop is triggered by a signal, by a `telepresence leave`, or a `telepresence quit`. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2023-03-30

Include mapped namespaces in the output of `telepresence status`. When the `--mapped-namespaces` connect option is used, or when namespaces are limited by use of `managed-namespaces` in the traffic manager, then the namespaces currently accessible to the user are included in the output of the `telepresence status` command. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2023-03-26

Add `--no-hooks` flag to the telepresence helm commands Enables passing of the boolean `--no-hooks` flag to the telepresence helm install, upgrade, and uninstall commands. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2023-03-14

Check for service connectivity independently from pod connectivity. Signed-off-by: Jose Cortes <josecortes@datawire.io>

2023-03-06

Fix linting in the RPC proto Signed-off-by: Kévin Lambert <kevin.lambert.ca@gmail.com>

Add authenticator middleware to integrate gke with docker mode Signed-off-by: Kévin Lambert <kevin.lambert.ca@gmail.com>

2023-02-13

Add --local-mount-port option to the intercept command. Adds a `telepresence intercept` flag `--local-mount-port <port number>`. The user daemon will not perform mounts of remote directories when this flag is given. Instead, it will create a bridge the given port on localhost to the SFTP server running in the intercepted agent. This will enable two things: 1. When the daemon runs in a Docker container, and in Docker Desktop specifically, the port can be published so that the host can do the actual mount without having access to the cluster network. 2. Any remote mounter capable of doing SFTP mounts, can be used. Mounting by forwarding a port this way only works with SFTP because FTP will try to open additional ports in the server when it does PASV/EPSV. Signed-off-by: Thomas Hallgren <thomas@datawire.io>

2023-02-07

Add support for CRD helm chart & integrate with helm install command Signed-off-by: Kévin Lambert <kevin.lambert.ca@gmail.com>

2023-01-25

Add a status indicator for the manager namespace Signed-off-by: Jose Cortes <josecortes@datawire.io>

Add a new flag to connect commands to pass the manager namespace Signed-off-by: Jose Cortes <josecortes@datawire.io>