Submariner 0.16.0 Release

[Daniel Farrell]

Hello,

Submariner 0.16.0 is released!

New features

• The `subctl cloud prepare azure` command has a new flag, `air-gapped`, to indicate the cluster is in an air-gapped environment which may forbid certain configurations in a disconnected Azure installation.
• `subctl` is now built for ARM Macs (Darwin arm64).
• `subctl show versions` now shows the version of the metrics proxy component.
• The `subctl gather` command now collects metrics proxy pod logs in Globalnet deployments.
• For headless services, Service Discovery now derives its `EndpointSlices` from the Kubernetes `EndpointSlices` so for each Kubernetes `EndpointSlice` there will be a corresponding Service Discovery `EndpointSlice`.  Service Discovery `EndpointSlices` follow the same naming convention in that the names are auto-generated by Kubernetes prefixed by the service name. Endpoints for all conditions are now included - prior releases only published ready endpoints.
• Service Discovery will now publish DNS records for pods that are not ready based on the setting of the `publishNotReadyAddresses` flag on the service.
• Service Discovery now propagates labels from an exported `Service` to its generated `EndpointSlices`.
• The new `subctl upgrade` command can upgrade `subctl` itself in-place, and upgrade Submariner deployments on brokers and joined clusters to the corresponding version of Submariner.
• The `subctl diagnose` command has been enhanced to check for potential firewall issues that may be blocking ESP traffic and will provide an appropriate error message.
• Submariner now explicitly enables forwarding on the interfaces that it creates to support forwarding even when global forwarding on the node is turned off.

Other changes

• Reduced data path downtime with Libreswan cable driver when gateway pod restarts.
• Fixed an issue with OVNKubernetes CNI where routes could be accidentally deleted during cluster restart, or upgrade scenarios.
• Submariner gateway pods now skip invoking cable engine cleanup during termination, as this is handled by the route agent during gateway migration.
• The status condition type "Allocated" for Globalnet resources now adheres to the intended design of status conditions in Kubernetes by reflecting only the latest observed status.
• Fixed issue which caused the IPsec pluto process to crash when the remote endpoint was unstable.
• Submariner now explicitly configures dpddelay when initiating IPsec connections to prevent excessively frequent liveness probes.
• Submariner now uses case-insensitive comparison while parsing CNI names.
• Enhanced Calico CNI detection now includes searching for calico-node CNI pods when the calico-config map is not detected.
• Submariner now automatically creates the necessary Calico IPPools for remote cluster connectivity when the Calico API Server is installed in the cluster.
• Fixed an issue with Service Discovery with Globalnet enabled where a service was inaccessible after recreating it.
• Fixed an issue with Service Discovery where a remote cluster's service was inaccessible after recreating its local namespace.
• Service Discovery with Globalnet enabled now correctly handles headless services without a selector.
• The pod CIDR detection logic now ensures that the node's `podCIDR` is exclusively used for single-node deployments.
• `subctl verify` no longer requires the KUBECONFIG environment variable to be set.
• The `submariner_service_export` metric is now properly exposed after being inadvertently removed.
• The Globalnet component now handles out-of-order remote endpoint notifications properly.
• The Submariner gateway now retries reading local node information on startup to reduce pod restarts if the Kubernetes API server is temporarily unavailable.
• Submariner now ensures that the IPsec control socket is created before initiating connection requests, and also automatically retries connections in response to errors reported by the 'whack' command.
• The CNI detection method in Submariner Operator is now improved to detect the Flannel CNI, even when the Flannel configMap is missing from the cluster.

Known issues

• Upgrades involving OVN can fail because one of the OVN sockets is replaced by a directory. To bring affected nodes up successfully, all invalid sockets on each node must be removed: `find /run -type d -name '*.sock' -delete`. v0.16.0 includes a partial fix for this: route agents wait for node readiness before starting, which allows OVN to finish initializing. In some scenarios however, an invalid directory is created before OVN is upgraded, which prevents OVN from starting up correctly. This will be fixed fully in v0.16.1.

https://submariner.io/community/releases/#v0160-october-2-2023

Thank you everyone who contributed!