Merge pull request #227 from telepresenceio/docs/v2.21.1

Release notes for 2.21.1 and an addition to the troubleshooting guide.

versioned_docs/version-2.21/release-notes.md

@@ -1,6 +1,19 @@
 
 [comment]: # (Code generated by relnotesgen. DO NOT EDIT.)
 # <img src="images/logo.png" height="64px"/> Telepresence Release Notes
+## Version 2.21.1 <span style="font-size: 16px;">(December 17)</span>
+## <div style="display:flex;"><img src="images/bugfix.png" alt="bugfix" style="width:30px;height:fit-content;"/><div style="display:flex;margin-left:7px;">[Allow ingest of serverless deployments without specifying an inject-container-ports annotation](https://github.com/telepresenceio/telepresence/issues/3741)</div></div>
+<div style="margin-left: 15px">
+
+The ability to intercept a workload without a service is built around the `telepresence.getambassador.io/inject-container-ports` annotation, and it was also required in order to ingest such a workload. This was counterintuitive and the requirement was removed. An ingest doesn't use a port.
+</div>
+
+## <div style="display:flex;"><img src="images/bugfix.png" alt="bugfix" style="width:30px;height:fit-content;"/><div style="display:flex;margin-left:7px;">Upgrade module dependencies to get rid of critical vulnerability.</div></div>
+<div style="margin-left: 15px">
+
+Upgrade module dependencies to latest available stable. This includes upgrading golang.org/x/crypto, which had critical issues, from 0.30.0 to 0.31.0 where those issues are resolved.
+</div>
+
 ## Version 2.21.0 <span style="font-size: 16px;">(December 13)</span>
 ## <div style="display:flex;"><img src="images/feature.png" alt="feature" style="width:30px;height:fit-content;"/><div style="display:flex;margin-left:7px;">[Automatic VPN conflict avoidance](reference/vpn)</div></div>
 <div style="margin-left: 15px">

versioned_docs/version-2.21/release-notes.mdx

@@ -7,6 +7,15 @@ import { Note, Title, Body } from '@site/src/components/ReleaseNotes'
 [comment]: # (Code generated by relnotesgen. DO NOT EDIT.)
 
 # Telepresence Release Notes
+## Version 2.21.1 <span style={{fontSize:'16px'}}>(December 17)</span>
+<Note>
+	<Title type="bugfix" docs="https://github.com/telepresenceio/telepresence/issues/3741">Allow ingest of serverless deployments without specifying an inject-container-ports annotation</Title>
+	<Body>The ability to intercept a workload without a service is built around the `telepresence.getambassador.io/inject-container-ports` annotation, and it was also required in order to ingest such a workload. This was counterintuitive and the requirement was removed. An ingest doesn't use a port.</Body>
+</Note>
+<Note>
+	<Title type="bugfix">Upgrade module dependencies to get rid of critical vulnerability.</Title>
+	<Body>Upgrade module dependencies to latest available stable. This includes upgrading golang.org/x/crypto, which had critical issues, from 0.30.0 to 0.31.0 where those issues are resolved.</Body>
+</Note>
 ## Version 2.21.0 <span style={{fontSize:'16px'}}>(December 13)</span>
 <Note>
 	<Title type="feature" docs="reference/vpn">Automatic VPN conflict avoidance</Title>

versioned_docs/version-2.21/troubleshooting.md

@@ -43,7 +43,27 @@ After you've installed `sshfs`, if mounts still aren't working:
 2. Add your user to the "fuse" group with: `sudo usermod -a -G fuse <your username>`
 3. Restart your computer after uncommenting `user_allow_other` 
 
-### No Sidecar Injected in GKE private clusters
+## DNS is broken on macOS
+
+Commands like `dig` cannot find cluster resources even though Telepresence is connected to the cluster, but it works
+with `curl`.
+
+This is because `dig`, and some other utilities on macOS have their own built-in DNS client which bypasses the macOS
+native DNS system and use the libc resolver directly. Here's an excerpt from the `dig` command's man-page:
+> Mac OS X NOTICE
+> 
+> The nslookup command does not use the host name and address resolution or the DNS query routing
+> mechanisms used by other processes running on Mac OS X.  The results of name or address queries
+> printed by nslookup may differ from those found by other processes that use the Mac OS X native
+> name and address resolution mechanisms.  The results of DNS queries may also differ from queries
+> that use the Mac OS X DNS routing library.
+
+A command that should always work is:
+```console
+$ dscacheutil -q host -a name <name to resolve>
+```
+
+## No Sidecar Injected in GKE private clusters
 
 An attempt to `telepresence intercept` results in a timeout, and upon examination of the pods (`kubectl get pods`) it's discovered that the intercept command did not inject a sidecar into the workload's pods: