Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.
For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.
This advisory contains bug fixes and enhancements to the Submariner container images.
Security fixes:
- CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
- CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
- CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
- CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests
Bugs addressed:
- subctl diagnose firewall metrics does not work on merged kubeconfig (BZ# 2013711)
- [Submariner] - Fails to increase gateway amount after deployment (BZ# 2097381)
- Submariner gateway node does not get deleted with subctl cloud cleanup command (BZ# 2108634)
- submariner GW pods are unable to resolve the DNS of the Broker K8s API URL (BZ# 2119362)
- Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack (BZ# 2124219)
- unable to run subctl benchmark latency, pods fail with ImagePullBackOff (BZ# 2130326)
- [IBM Z] - Submariner addon unistallation doesnt work from ACM console (BZ# 2136442)
- Tags on AWS security group for gateway node break cloud-controller LoadBalancer (BZ# 2139477)
- RHACM - Submariner: UI support for OpenStack #19297 (ACM-1242)
- Submariner OVN support (ACM-1358)
- Submariner Azure Console support (ACM-1388)
- ManagedClusterSet consumers migrate to v1beta2 (ACM-1614)
- Submariner on disconnected ACM #22000 (ACM-1678)
- Submariner gateway: Error creating AWS security group if already exists (ACM-2055)
- Submariner gateway security group in AWS not deleted when uninstalling submariner (ACM-2057)
- The submariner-metrics-proxy pod pulls an image with wrong naming convention (ACM-2058)
- The submariner-metrics-proxy pod is not part of the Agent readiness check (ACM-2067)
- Subctl 0.14.0 prints version “vsubctl” (ACM-2132)
- managedclusters “local-cluster” not found and missing Submariner Broker CRD (ACM-2145)
- Add support of ARO to Submariner deployment (ACM-2150)
- The e2e tests execution fails for “Basic TCP connectivity” tests (ACM-2204)
- Gateway error shown “diagnose all” tests (ACM-2206)
- Submariner does not support cluster “kube-proxy ipvs mode”(ACM-2211)
- Vsphere cluster shows Pod Security admission controller warnings (ACM-2256)
- Cannot use submariner with OSP and self signed certs (ACM-2274)
- Subctl diagnose tests spawn nettest image with wrong tag nameing convention (ACM-2387)
- Subctl 0.14.1 prints version “devel” (ACM-2482)