0.15.0

New features

• To be compliant with the [Kubernetes Multicluster Services specification][MCS KEP], Service Discovery now distributes a single aggregated
  ServiceImport to each cluster in the exported service's namespace. Previously, each cluster distributed its own ServiceImport copy that
  was placed in the submariner-operator namespace.
• Submariner can now be installed on IPv4/IPv6 dual-stack Kubernetes clusters. Currently, only IPv4 addresses are supported.
• Added a subctl recover-broker-info command to recover lost a broker-info.subm file.
• Extended the ability to customize the default TCP MSS clamping value set by Submariner to non-Globalnet deployments.
• The subctl gather command now gathers iptables logs for Calico and kindnet CNIs.
• The subctl gather command now collects the ipset information from all cluster nodes.
• The subctl diagnose command now validates that the Calico IPPool configuration matches Submariner's requirements.
• The subctl verify E2E tests now support setting the packet size used in TCP connectivity tests to troubleshoot MTU issues.
• The subctl verify command now runs FIPS verification tests.
• Allow overriding the image name of the metrics proxy component.
• Added endpoints to access profiling information for the gateway and Globalnet binaries.
• The following deprecated commands and variants have been removed:
  • subctl benchmark’s --kubecontexts option (use --context and --tocontext instead)
  • subctl benchmark’s --intra-cluster option (specify a single context to run intra-cluster benchmarks)
  • subctl benchmark with two kubeconfigs as command-line arguments
  • subctl cloud’s --metrics-ports option
  • subctl deploy-broker’s --broker-namespace option (use --namespace instead)
  • subctl diagnose firewall metrics (this is checked during deployment)
  • subctl diagnose firewall intra-cluster with two kubeconfigs as command-line arguments
  • subctl diagnose firewall inter-cluster with two kubeconfigs as command-line arguments
  • subctl gather’s --kubecontexts option (use --contexts instead)
• Deprecated the subctl cloud prepare ... --dedicated-gateway flag, as it's not actually used.
• Deprecated the subctl cloud prepare generic command, as it's not actually used.

Other changes

• Service Discovery-only deployments now work properly without the connectivity component deployed.
• Names of EndpointSlice objects now include their namespace to avoid conflicts between services with the same name in multiple namespaces.
• Changes in Azure cloud prepare:
  • Machine set names are now based on region + UUID and limited to 20 characters to prevent issues with long cluster names.
  • Machine set creation and deletion logic was updated to prevent creation of multiple gateway nodes.
  • Image names are now retrieved from existing machine sets.
• Fixed stale iptables rules and a global IP leak which can sometimes happen when a GlobalEgressIP is created and immediately deleted as
  part of stress testing.
• Label gateway nodes as infrastructure with node-role.kubernetes.io/infra="" to prevent them from counting against OpenShift subscriptions.
• Submariner now handles out-of-order remote endpoint notifications properly in various handlers associated with the Route Agent component.
• Submariner now ensures that reverse path filtering setting is properly applied on the vx-submariner and vxlan-tunnel interfaces after
  they are created. This fix was necessary for RHEL 9 nodes where the setting was sometimes getting overwritten.
• Fixed intermittent failure where gateway connections sometimes don't get established.
• Fixed an issue whereby the flags for subctl unexport service were not recognized.
• The subctl diagnose cni command no longer fails for the Calico CNI when the natOutgoing IPPool status is missing.
• Fixed CVE-2023-28840, CVE-2023-28841, and CVE-2023-28842, which don't effect Submariner but were flagged in deliverables.

0.15.0-rc1

Advancing 0.15.0-rc1 release to status: released

Signed-off-by: Daniel Farrell <dfarrell@redhat.com>

0.15.0-rc0

Advancing 0.15.0-rc0 release to status: released

Advancing 0.15.0-rc0 release to status: released

Signed-off-by: Vishal Thapar <5137689+vthapar@users.noreply.github.com>

0.14.3

This is a bugfix release:

• Fixed issue with Service addresses being resolved before the service is ready.
• Various fixes for the --image-overrides flag when used with the subctl diagnose command.
• Fixed overriding the metrics proxy component in subctl join.

0.15.0-m4

Advancing 0.15.0-m4 release to status: released

Signed-off-by: Maayan Friedman <maafried@redhat.com>

0.13.4

This is a bugfix release:

• Changes in Azure cloud prepare:
  • Machine set names are now based on region + UUID and limited to 20 characters to prevent issues with long cluster names.
  • Machine set creation and deletion logic was updated to prevent creation of multiple gateway nodes.
  • Image names are now retrieved from existing machine sets.
• The namespace is now included in EndpointSlice names to avoid conflicts between services with the same name in multiple namespaces.
• The subctl gather command now gathers iptables logs for Calico and kindnet CNIs.
• The subctl cloud prepare command no longer causes errors if the list of ports is empty.
• Cloud cleanup for OpenStack now identifies and deletes failed MachineSets.
• Bumped k8s.io/client-go to 0.20.15 to fix CVE-2020-8565.
• Bumped golang.org/x/crypto to 0.6.0 to fix CVE-2022-27191.
• Bumped golang.org/x/net to 0.7.0 to fix a number of security issues.

0.14.2

This is a bugfix release:

• Fix issues in Azure cloud prepare:
  • Machine set names are now based on region + uuid and limited to 20 characters to prevent issues with long cluster names.
  • Machine set creation and deletion logic was updated to prevent creation of multiple gateway nodes.
  • Image names are now retrieved from existing machine sets.
• Fix a socket permission denied error in external network end-to-end tests.
• The subctl gather command will now gather iptables logs for Calico and kindnet CNIs.
• The subctl cloud prepare command no longer causes errors if the list of ports is empty.
• subctl cloud commands now always return the appropriate status.
• subctl operations which deploy images now allow those images to be overridden. The overrides are specified using --image-override:
  • subctl benchmark.
  • subctl verify.
  • subctl diagnose sub-commands.
• Fix issues in Service Discovery:
  • Namespace is now included in EndpointSlice name.
  • EndpointSlice service lookup is now done using labels.
• Bump go-restful to 2.16.0 to address CVE-2022-1996.

0.15.0-m3

Advancing 0.15.0-m3 release to status: released

Signed-off-by: Mike Kolesnik <mkolesni@redhat.com>

0.15.0-m2

Advancing 0.15.0-m2 release to status: released

Signed-off-by: Mike Kolesnik <mkolesni@redhat.com>

0.15.0-m1

Advancing 0.15.0-m1 release to status: released

Signed-off-by: Maayan Friedman <maafried@redhat.com>