0.13.2

• Added support for OpenShift 4.12.
• Service Discovery now returns a DNS error message in the response body when no matching records are found when queried about
  clusterset.local. This prevents unnecessary retries.
• Stop using cluster-owned tag for AWS Security Group lookup.
• Avoid using api.ipify.org as the first resolver for public IPs.
• It is now possible to customize the default TCP MSS clamping value set by Submariner also for non-Globalnet deployments.

0.14.0

New features

• Users no longer need to open ports 8080 and 8081 on the host for querying metrics. A new submariner-metrics-proxy DaemonSet
  runs pods on gateway nodes and forwards HTTP requests for metrics services to gateway and Globalnet pods running on the nodes.
  Gateway and Globalnet pods now listen on ports 32780 and 32781 instead of well-known ports 8080 and 8081 to avoid conflict with
  any other services that might be using those ports. Users will continue to query existing submariner-gateway-metrics and
  submariner-globalnet-metrics services to query the metrics.
• Added subctl diagnose service-discovery verifications for Service Discovery objects.
• The subctl join command now supports an --air-gapped option that instructs Submariner not to access any external servers for
  public-ip resolution.
  • Support for simulated "air-gapped" environments has been added to kind clusters.
    To use, deploy with USING=air-gap or AIR_GAPPED=true.
• Support was added in the Shipyard project to easily deploy Submariner with a LoadBalancer type Service in front.
  To use, simply specify the target (e.g. deploy) with USING=load-balancer or LOAD_BALANCER=true.
  For kind-based deployments, MetalLB is deployed to provide the capability.
  The MetalLB version can be specified using METALLB_VERSION=x.y.z.
• Support was added to force running subctl verify when testing end-to-end, ignoring any local tests.
  To use this feature, run make e2e using=subctl-verify.
  Verifications can be now specified using the SUBCTL_VERIFICATIONS flag, instead of relying on the default behavior.
  e.g.: make e2e using=subctl-verify SUBCTL_VERIFICATIONS=connectivity,service-discovery.
• kubeconfig handling has been revamped to be consistent across all
  subctl commands and to match kubectl’s behaviour.
  • The single-context commands, cloud-prepare, deploy-broker, export,
    join, unexport and uninstall, now all support a --context argument
    to specify the kubeconfig context to use. kubeconfig files can be
    specified using either the KUBECONFIG environment variable or the
    --kubeconfig argument; kubectl defaults will be applied if
    configured. If no context is specified, the kubeconfig default context
    will be used.
  • Multiple-context commands which operate on all contexts by default,
    show and gather, support a --contexts argument which can be used
    to select one or more contexts; they also support the --context argument
    to select a single context.
  • Multiple-context commands which operate on specific contexts,
    benchmark and verify, support a --context argument to specify the
    originating context, and a --tocontext argument to specify the target
    context.
  • diagnose operates on all accessible contexts by default, except
    diagnose firewall inter-cluster and diagnose firewall nat-traversal
    which rely on an originating context specified by --context and a
    remote context specified by --remotecontext.
  • Namespace-based commands such as export will use the namespace given
    using --namespace (-n), if any, or the current namespace in the
    selected context, if there is one, rather than the default
    namespace.
  • These commands also support all connection options supported by
    kubectl, so connections can be configured using command arguments
    instead of kubeconfigs.
  • Existing options (--kubecontext etc.) are preserved for backwards
    compatibility, but are deprecated and will be removed in the next
    release.

Other changes

• The Flannel CNI is now properly identified during join.
• A new ServiceExport status condition type named Synced was added that indicates whether or not the ServiceImport
  was successfully synced to the broker.
• Service Discovery now handles updates to an exported service and updates/deletes the corresponding ServiceImport accordingly.
• Service Discovery now returns a DNS error message in the response body when no matching records are found for the query to
  clusterset.local. This prevents unnecessary retries.
• Cloud cleanup for OpenStack now identifies and deletes failed MachineSets.
• Privileges of the Route Agent and Gateway pods were reduced as they don’t need to access PersistentVolumeClaims and Secrets.
• The privileged SCC permission for Submariner components in OCP is set now by creating separate ClusterRole and ClusterRoleBinding
  resources instead of manipulating the system privileged SCC resource.
• It is now possible to customize the default TCP MSS clamping value set by Submariner also for non-Globalnet deployments.
• The subctl show command now correctly reports component image versions when image overrides were specified on join.
• Updates to the subctl gather command:
  • The subctl gather command now creates one subdirectory per cluster instead of embedding the cluster name in each file name.
  • If it’s not given a custom directory, subctl gather stores all its output in a directory
    named submariner- followed by the current date and time (in UTC) in "YYYYMMDDHHmmss" format.
  • The subctl gather command now includes the output from ovn-sbctl show which has the chassis-id to hostname mapping that can
    be used to verify if submariner_router is pinned to the proper Gateway node.

0.14.0-rc4

Advancing 0.14.0-rc4 release to status: released

Signed-off-by: Aswin Suryanarayanan <[email protected]>

0.14.0-rc3

Advancing 0.14.0-rc3 release to status: released

Signed-off-by: Aswin Suryanarayanan <[email protected]>

0.14.0-rc2

Advancing 0.14.0-rc2 release to status: released

Signed-off-by: Sridhar Gaddam <[email protected]>

0.14.0-rc1

Advancing 0.14.0-rc1 release to status: released

Signed-off-by: Aswin Suryanarayanan <[email protected]>

0.14.0-m2

Advancing 0.14.0-m2 release to status: released

Signed-off-by: Tom Pantelis <[email protected]>

0.13.1

This is a bugfix release:

• Allow broker certificate checks to be disabled for insecure connections, using subctl join --check-broker-certificate=false.
• Return local cluster IP for headless services.
• Display proper output message from subctl show brokers when broker is not installed on the cluster.
• Allow passing DEFAULT_REPO while building subctl.
• Clean up the host routes programmed by OVN RA plugin during uninstall.
• Support overriding image names per-component to better support downstream builds.
• Limit Azure machine name lengths to 40 characters.
• Document the default cable driver in the subctl join help message.
• Set DNSPolicy to ClusterFirstWithHostNet for pods that run with HostNetworking: true.
• Remove hardcoded workerNodeList while querying image for GCP and RHOS cloud preparation steps.
• Collect the output of ovn-sbctl show in subctl gather.
• Bump x/text to address CVE-2021-38561.
• Set ReadHeaderTimeout (new in Go 1.18) to mitigate potential Slowloris attacks.

0.14.0-m1

Advancing 0.14.0-m1 release to status: released

Signed-off-by: Daniel Farrell <[email protected]>

0.14.0-m0

Advancing 0.14.0-m0 release to status: released

Signed-off-by: Maayan Friedman <[email protected]>