Submariner 0.14.0 Release

[Daniel Farrell]

Hello,

Submariner 0.14.0 is released!

New features

• Users no longer need to open ports 8080 and 8081 on the host for querying metrics. A new `submariner-metrics-proxy` DaemonSet runs pods on gateway nodes and forwards HTTP requests for metrics services to gateway and Globalnet pods running on the nodes. Gateway and Globalnet pods now listen on ports 32780 and 32781 instead of well-known ports 8080 and 8081 to avoid conflict with any other services that might be using those ports. Users will continue to query existing `submariner-gateway-metrics` and `submariner-globalnet-metrics` services to query the metrics.
• Added `subctl diagnose service-discovery` verifications for Service Discovery objects.
• The `subctl join` command now supports an `--air-gapped` option that instructs Submariner not to access any external servers for `public-ip` resolution.
• Support for simulated "air-gapped" environments has been added to kind clusters. To use, deploy with `USING=air-gap` or `AIR_GAPPED=true`.
• Support was added in the Shipyard project to easily deploy Submariner with a LoadBalancer type Service in front. To use, simply specify the target (e.g. `deploy`) with `USING=load-balancer` or `LOAD_BALANCER=true`. For kind-based deployments, MetalLB is deployed to provide the capability. The MetalLB version can be specified using `METALLB_VERSION=x.y.z`.
• Support was added to force running `subctl verify` when testing end-to-end, ignoring any local tests. To use this feature, run `make e2e using=subctl-verify`. Verifications can be now specified using the `SUBCTL_VERIFICATIONS` flag, instead of relying on the default behavior. e.g.: `make e2e using=subctl-verify SUBCTL_VERIFICATIONS=connectivity,service-discovery`.
• kubeconfig handling has been revamped to be consistent across all `subctl` commands and to match `kubectl`’s behaviour.
• The single-context commands, `cloud-prepare`, `deploy-broker`, `export`, `join`, `unexport` and `uninstall`, now all support a `--context` argument to specify the kubeconfig context to use. kubeconfig files can be specified using either the `KUBECONFIG` environment variable or the `--kubeconfig` argument; `kubectl` defaults will be applied if configured. If no context is specified, the kubeconfig default context will be used.
• Multiple-context commands which operate on all contexts by default, `show` and `gather`, support a `--contexts` argument which can be used to select one or more contexts; they also support the `--context` argument to select a single context.
• Multiple-context commands which operate on specific contexts, `benchmark` and `verify`, support a `--context` argument to specify the originating context, and a `--tocontext` argument to specify the target context.
• `diagnose` operates on all accessible contexts by default, except `diagnose firewall inter-cluster` and `diagnose firewall nat-traversal` which rely on an originating context specified by `--context` and a remote context specified by `--remotecontext`.
• Namespace-based commands such as `export` will use the namespace given using `--namespace` (`-n`), if any, or the current namespace in the selected context, if there is one, rather than the `default` namespace.
• These commands also support all connection options supported by `kubectl`, so connections can be configured using command arguments instead of kubeconfigs.
• Existing options (`--kubecontext` etc.) are preserved for backwards compatibility, but are deprecated and will be removed in the next release.

Other changes

• The Flannel CNI is now properly identified during join.
• A new ServiceExport status condition type named Synced was added that indicates whether or not the ServiceImport was successfully synced to the broker.
• Service Discovery now handles updates to an exported service and updates/deletes the corresponding ServiceImport accordingly.
• Service Discovery now returns a DNS error message in the response body when no matching records are found for the query to `clusterset.local`. This prevents unnecessary retries.
• Cloud cleanup for OpenStack now identifies and deletes failed MachineSets.
• Privileges of the Route Agent and Gateway pods were reduced as they don’t need to access PersistentVolumeClaims and Secrets.
• The privileged SCC permission for Submariner components in OCP is set now by creating separate `ClusterRole` and `ClusterRoleBinding` resources instead of manipulating the system privileged SCC resource.
• It is now possible to customize the default TCP MSS clamping value set by Submariner also for non-Globalnet deployments.
• The `subctl show` command now correctly reports component image versions when image overrides were specified on `join`.
• Updates to the `subctl gather` command:
• The `subctl gather` command now creates one subdirectory per cluster instead of embedding the cluster name in each file name.
• If it’s not given a custom directory, `subctl gather` stores all its output in a directory named `submariner-` followed by the current date and time (in UTC) in "YYYYMMDDHHmmss" format.
• The `subctl gather` command now includes the output from `ovn-sbctl show` which has the `chassis-id` to `hostname` mapping that can be used to verify if `submariner_router` is pinned to the proper Gateway node.

https://submariner.io/community/releases/#v0140

Thank you everyone who contributed!