(RHSA-2023:0631) Moderate: RHSA: Submariner 0.14 - bug fix and security updates

Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.

For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.

This advisory contains bug fixes and enhancements to the Submariner container images.

Security fixes:

• CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
• CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
• CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
• CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

Bugs addressed:

• subctl diagnose firewall metrics does not work on merged kubeconfig (BZ# 2013711)
• [Submariner] - Fails to increase gateway amount after deployment (BZ# 2097381)
• Submariner gateway node does not get deleted with subctl cloud cleanup command (BZ# 2108634)
• submariner GW pods are unable to resolve the DNS of the Broker K8s API URL (BZ# 2119362)
• Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack (BZ# 2124219)
• unable to run subctl benchmark latency, pods fail with ImagePullBackOff (BZ# 2130326)
• [IBM Z] - Submariner addon unistallation doesnt work from ACM console (BZ# 2136442)
• Tags on AWS security group for gateway node break cloud-controller LoadBalancer (BZ# 2139477)
• RHACM - Submariner: UI support for OpenStack #19297 (ACM-1242)
• Submariner OVN support (ACM-1358)
• Submariner Azure Console support (ACM-1388)
• ManagedClusterSet consumers migrate to v1beta2 (ACM-1614)
• Submariner on disconnected ACM #22000 (ACM-1678)
• Submariner gateway: Error creating AWS security group if already exists (ACM-2055)
• Submariner gateway security group in AWS not deleted when uninstalling submariner (ACM-2057)
• The submariner-metrics-proxy pod pulls an image with wrong naming convention (ACM-2058)
• The submariner-metrics-proxy pod is not part of the Agent readiness check (ACM-2067)
• Subctl 0.14.0 prints version “vsubctl” (ACM-2132)
• managedclusters “local-cluster” not found and missing Submariner Broker CRD (ACM-2145)
• Add support of ARO to Submariner deployment (ACM-2150)
• The e2e tests execution fails for “Basic TCP connectivity” tests (ACM-2204)
• Gateway error shown “diagnose all” tests (ACM-2206)
• Submariner does not support cluster “kube-proxy ipvs mode”(ACM-2211)
• Vsphere cluster shows Pod Security admission controller warnings (ACM-2256)
• Cannot use submariner with OSP and self signed certs (ACM-2274)
• Subctl diagnose tests spawn nettest image with wrong tag nameing convention (ACM-2387)
• Subctl 0.14.1 prints version “devel” (ACM-2482)