0.15.1

This is a bugfix release:

• Fixed issue which caused the IPsec pluto process to crash when the remote endpoint was unstable.
• Fixed issue where a Gateway pod restart due to SIGINT or SIGTERM signals caused data path disruption.
• Service Discovery now publishes DNS records for pods that are not ready for headless services based on the setting of
  the publishNotReadyAddresses flag on the Service.

0.14.5

This is a bugfix release:

• The subctl gather command now collects iptables information for OVN-Kubernetes CNI.
• Fixed issue while running subctl gather command for OVN-Kubernetes CNI.
• Fixed issue where a Gateway pod restart due to SIGINT or SIGTERM signals caused data path disruption.
• Fixed issue which caused the IPsec pluto process to crash when the remote endpoint was unstable.

0.16.0-m0

Advancing 0.16.0-m0 release to status: released

Signed-off-by: Maayan Friedman <[email protected]>

0.12.4

There are no user-facing changes in this release.

0.13.5

This is a bugfix release:

• Submariner now ensures that reverse path filtering setting is properly applied on the vx-submariner and vxlan-tunnel interfaces after
  they are created. This fix was necessary for RHEL 9 nodes where the setting was sometimes getting overwritten.
• Fixed intermittent failure where gateway connections sometimes don't get established.
• Submariner now handles out-of-order remote endpoint notifications properly in various handlers associated with the Route Agent component.
• Fixed stale iptables rules and a global IP leak which can sometimes happen when a GlobalEgressIP is created and immediately deleted as
  part of stress testing.
• Fixed issues while spawning Gateway nodes during cloud prepare for clusters deployed on OpenStack environment running OVN-Kubernetes CNI.
• Fixed issue with Service addresses being resolved before the service is ready.
• The subctl gather command now collects the ipset information from all cluster nodes.

0.14.4

This is a bugfix release:

• Fixed stale IPtable rules along with global IP leak which can sometimes happen as part of stress testing.
• Handle out-of-order remote endpoint notifications properly in various Route Agent handlers.
• Ensure that reverse path filtering setting is properly applied on the vx-submariner and vxlan-tunnel interfaces after they are created.
  This fix was necessary for RHEL 9 nodes where the setting was sometimes getting overwritten.
• Fixed issues while spawning Gateway nodes during cloud prepare for clusters deployed on OpenStack environment running OVN-Kubernetes CNI.
• The subctl gather command now collects the ipset information from all cluster nodes.

0.15.0

New features

• To be compliant with the [Kubernetes Multicluster Services specification][MCS KEP], Service Discovery now distributes a single aggregated
  ServiceImport to each cluster in the exported service's namespace. Previously, each cluster distributed its own ServiceImport copy that
  was placed in the submariner-operator namespace.
• Submariner can now be installed on IPv4/IPv6 dual-stack Kubernetes clusters. Currently, only IPv4 addresses are supported.
• Added a subctl recover-broker-info command to recover lost a broker-info.subm file.
• Extended the ability to customize the default TCP MSS clamping value set by Submariner to non-Globalnet deployments.
• The subctl gather command now gathers iptables logs for Calico and kindnet CNIs.
• The subctl gather command now collects the ipset information from all cluster nodes.
• The subctl diagnose command now validates that the Calico IPPool configuration matches Submariner's requirements.
• The subctl verify E2E tests now support setting the packet size used in TCP connectivity tests to troubleshoot MTU issues.
• The subctl verify command now runs FIPS verification tests.
• Allow overriding the image name of the metrics proxy component.
• Added endpoints to access profiling information for the gateway and Globalnet binaries.
• The following deprecated commands and variants have been removed:
  • subctl benchmark’s --kubecontexts option (use --context and --tocontext instead)
  • subctl benchmark’s --intra-cluster option (specify a single context to run intra-cluster benchmarks)
  • subctl benchmark with two kubeconfigs as command-line arguments
  • subctl cloud’s --metrics-ports option
  • subctl deploy-broker’s --broker-namespace option (use --namespace instead)
  • subctl diagnose firewall metrics (this is checked during deployment)
  • subctl diagnose firewall intra-cluster with two kubeconfigs as command-line arguments
  • subctl diagnose firewall inter-cluster with two kubeconfigs as command-line arguments
  • subctl gather’s --kubecontexts option (use --contexts instead)
• Deprecated the subctl cloud prepare ... --dedicated-gateway flag, as it's not actually used.
• Deprecated the subctl cloud prepare generic command, as it's not actually used.

Other changes

• Service Discovery-only deployments now work properly without the connectivity component deployed.
• Names of EndpointSlice objects now include their namespace to avoid conflicts between services with the same name in multiple namespaces.
• Changes in Azure cloud prepare:
  • Machine set names are now based on region + UUID and limited to 20 characters to prevent issues with long cluster names.
  • Machine set creation and deletion logic was updated to prevent creation of multiple gateway nodes.
  • Image names are now retrieved from existing machine sets.
• Fixed stale iptables rules and a global IP leak which can sometimes happen when a GlobalEgressIP is created and immediately deleted as
  part of stress testing.
• Label gateway nodes as infrastructure with node-role.kubernetes.io/infra="" to prevent them from counting against OpenShift subscriptions.
• Submariner now handles out-of-order remote endpoint notifications properly in various handlers associated with the Route Agent component.
• Submariner now ensures that reverse path filtering setting is properly applied on the vx-submariner and vxlan-tunnel interfaces after
  they are created. This fix was necessary for RHEL 9 nodes where the setting was sometimes getting overwritten.
• Fixed intermittent failure where gateway connections sometimes don't get established.
• Fixed an issue whereby the flags for subctl unexport service were not recognized.
• The subctl diagnose cni command no longer fails for the Calico CNI when the natOutgoing IPPool status is missing.
• Fixed CVE-2023-28840, CVE-2023-28841, and CVE-2023-28842, which don't effect Submariner but were flagged in deliverables.

0.15.0-rc1

Advancing 0.15.0-rc1 release to status: released

Signed-off-by: Daniel Farrell <[email protected]>

0.15.0-rc0

Advancing 0.15.0-rc0 release to status: released

Advancing 0.15.0-rc0 release to status: released

Signed-off-by: Vishal Thapar <[email protected]>

0.14.3

This is a bugfix release:

• Fixed issue with Service addresses being resolved before the service is ready.
• Various fixes for the --image-overrides flag when used with the subctl diagnose command.
• Fixed overriding the metrics proxy component in subctl join.