Releases: submariner-io/releases
Releases · submariner-io/releases
0.13.3
This is a bugfix release:
- The
subctl diagnose kube-proxy-modecommand now works with different versions of iproute packages. - The following changes were made to pods running
subctl diagnosecommands in order to allow them to run commands liketcpdump:- Make the
diagnosepod privileged. - Run the
diagnosepod with user ID 0.
- Make the
0.15.0-m0
Advancing 0.15.0-m0 release to status: released Signed-off-by: Maayan Friedman <maafried@redhat.com>
0.12.3
This is a bugfix release:
- Image version hashes are now 12 character long, avoiding possible collisions between images.
- Stop using cluster-owned tag for AWS cloud prepare, fixing problems with Submariner security groups left over after uninstallation.
- Support overriding the MTU value used in TCP MSS clamping, allowing fine tuning of MTU when necessary.
- CNI interface annotations created by Submariner are now removed during uninstallation.
- Bump x/text to address CVE-2021-38561 and CVE-2022-32149.
- Diagnose now validates if the
OVNKubernetesCNI is supported by the deployed Submariner. - Set
DNSPolicytoClusterFirstWithHostNetfor pods that run with host networking. - Service Discovery now writes the DNS message response body when it is not a
ServerFailureto avoid unnecessary client retries.
0.14.1
This is a bugfix release:
- Stop using cluster-owned tag for AWS Security Group lookup.
- Running the
subctl diagnose firewallcommand with individual kubeconfigs will now deploy diagnose pods in thesubmariner-operatornamespace to avoid pod security errors. - The periodic public IP watcher is enhanced to use random external servers to resolve the public IP associated with Gateway nodes.
- The
subctl diagnose kube-proxy-modecommand now works with different versions of iproute packages. - The following changes were made to pods running
subctl diagnosecommands in order to allow them to run commands liketcpdump:- Make the
diagnosepod privileged. - Run the
diagnosepod with user ID 0.
- Make the
0.13.2
- Added support for OpenShift 4.12.
- Service Discovery now returns a DNS error message in the response body when no matching records are found when queried about
clusterset.local. This prevents unnecessary retries. - Stop using cluster-owned tag for AWS Security Group lookup.
- Avoid using api.ipify.org as the first resolver for public IPs.
- It is now possible to customize the default TCP MSS clamping value set by Submariner also for non-Globalnet deployments.
0.14.0
New features
- Users no longer need to open ports 8080 and 8081 on the host for querying metrics. A new
submariner-metrics-proxyDaemonSet
runs pods on gateway nodes and forwards HTTP requests for metrics services to gateway and Globalnet pods running on the nodes.
Gateway and Globalnet pods now listen on ports 32780 and 32781 instead of well-known ports 8080 and 8081 to avoid conflict with
any other services that might be using those ports. Users will continue to query existingsubmariner-gateway-metricsand
submariner-globalnet-metricsservices to query the metrics. - Added
subctl diagnose service-discoveryverifications for Service Discovery objects. - The
subctl joincommand now supports an--air-gappedoption that instructs Submariner not to access any external servers for
public-ipresolution.- Support for simulated "air-gapped" environments has been added to kind clusters.
To use, deploy withUSING=air-gaporAIR_GAPPED=true.
- Support for simulated "air-gapped" environments has been added to kind clusters.
- Support was added in the Shipyard project to easily deploy Submariner with a LoadBalancer type Service in front.
To use, simply specify the target (e.g.deploy) withUSING=load-balancerorLOAD_BALANCER=true.
For kind-based deployments, MetalLB is deployed to provide the capability.
The MetalLB version can be specified usingMETALLB_VERSION=x.y.z. - Support was added to force running
subctl verifywhen testing end-to-end, ignoring any local tests.
To use this feature, runmake e2e using=subctl-verify.
Verifications can be now specified using theSUBCTL_VERIFICATIONSflag, instead of relying on the default behavior.
e.g.:make e2e using=subctl-verify SUBCTL_VERIFICATIONS=connectivity,service-discovery. - kubeconfig handling has been revamped to be consistent across all
subctlcommands and to matchkubectl’s behaviour.- The single-context commands,
cloud-prepare,deploy-broker,export,
join,unexportanduninstall, now all support a--contextargument
to specify the kubeconfig context to use. kubeconfig files can be
specified using either theKUBECONFIGenvironment variable or the
--kubeconfigargument;kubectldefaults will be applied if
configured. If no context is specified, the kubeconfig default context
will be used. - Multiple-context commands which operate on all contexts by default,
showandgather, support a--contextsargument which can be used
to select one or more contexts; they also support the--contextargument
to select a single context. - Multiple-context commands which operate on specific contexts,
benchmarkandverify, support a--contextargument to specify the
originating context, and a--tocontextargument to specify the target
context. diagnoseoperates on all accessible contexts by default, except
diagnose firewall inter-clusteranddiagnose firewall nat-traversal
which rely on an originating context specified by--contextand a
remote context specified by--remotecontext.- Namespace-based commands such as
exportwill use the namespace given
using--namespace(-n), if any, or the current namespace in the
selected context, if there is one, rather than thedefault
namespace. - These commands also support all connection options supported by
kubectl, so connections can be configured using command arguments
instead of kubeconfigs. - Existing options (
--kubecontextetc.) are preserved for backwards
compatibility, but are deprecated and will be removed in the next
release.
- The single-context commands,
Other changes
- The Flannel CNI is now properly identified during join.
- A new ServiceExport status condition type named Synced was added that indicates whether or not the ServiceImport
was successfully synced to the broker. - Service Discovery now handles updates to an exported service and updates/deletes the corresponding ServiceImport accordingly.
- Service Discovery now returns a DNS error message in the response body when no matching records are found for the query to
clusterset.local. This prevents unnecessary retries. - Cloud cleanup for OpenStack now identifies and deletes failed MachineSets.
- Privileges of the Route Agent and Gateway pods were reduced as they don’t need to access PersistentVolumeClaims and Secrets.
- The privileged SCC permission for Submariner components in OCP is set now by creating separate
ClusterRoleandClusterRoleBinding
resources instead of manipulating the system privileged SCC resource. - It is now possible to customize the default TCP MSS clamping value set by Submariner also for non-Globalnet deployments.
- The
subctl showcommand now correctly reports component image versions when image overrides were specified onjoin. - Updates to the
subctl gathercommand:- The
subctl gathercommand now creates one subdirectory per cluster instead of embedding the cluster name in each file name. - If it’s not given a custom directory,
subctl gatherstores all its output in a directory
namedsubmariner-followed by the current date and time (in UTC) in "YYYYMMDDHHmmss" format. - The
subctl gathercommand now includes the output fromovn-sbctl showwhich has thechassis-idtohostnamemapping that can
be used to verify ifsubmariner_routeris pinned to the proper Gateway node.
- The
0.14.0-rc4
Advancing 0.14.0-rc4 release to status: released Signed-off-by: Aswin Suryanarayanan <aswinsuryan@gmail.com>
0.14.0-rc3
Advancing 0.14.0-rc3 release to status: released Signed-off-by: Aswin Suryanarayanan <aswinsuryan@gmail.com>
0.14.0-rc2
Advancing 0.14.0-rc2 release to status: released Signed-off-by: Sridhar Gaddam <sgaddam@redhat.com>
0.14.0-rc1
Advancing 0.14.0-rc1 release to status: released Signed-off-by: Aswin Suryanarayanan <aswinsuryan@gmail.com>