Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.
For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.
This advisory contains bug fixes and enhancements to the Submariner container images.
Security fixes:
* CVE-2022-27664 golang: net/https: handle server errors after sending GOAWAY
* CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
* CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
* CVE-2022-41717 golang: net/https: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests
Bugs addressed:
* subctl diagnose firewall metrics does not work on merged kubeconfig (BZ# 2013711)
* [Submariner] – Fails to increase gateway amount after deployment (BZ# 2097381)
* Submariner gateway node does not get deleted with subctl cloud cleanup command (BZ# 2108634)
* submariner GW pods are unable to resolve the DNS of the Broker K8s API URL (BZ# 2119362)
* Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack (BZ# 2124219)
* unable to run subctl benchmark latency, pods fail with ImagePullBackOff (BZ# 2130326)
* [IBM Z] – Submariner addon unistallation doesnt work from ACM console (BZ# 2136442)
* Tags on AWS security group for gateway node break cloud-controller LoadBalancer (BZ# 2139477)
* RHACM – Submariner: UI support for OpenStack #19297 (ACM-1242)
* Submariner OVN support (ACM-1358)
* Submariner Azure Console support (ACM-1388)
* ManagedClusterSet consumers migrate to v1beta2 (ACM-1614)
* Submariner on disconnected ACM #22000 (ACM-1678)
* Submariner gateway: Error creating AWS security group if already exists (ACM-2055)
* Submariner gateway security group in AWS not deleted when uninstalling submariner (ACM-2057)
* The submariner-metrics-proxy pod pulls an image with wrong naming convention (ACM-2058)
* The submariner-metrics-proxy pod is not part of the Agent readiness check (ACM-2067)
* Subctl 0.14.0 prints version “vsubctl” (ACM-2132)
* managedclusters “local-cluster” not found and missing Submariner Broker CRD (ACM-2145)
* Add support of ARO to Submariner deployment (ACM-2150)
* The e2e tests execution fails for “Basic TCP connectivity” tests (ACM-2204)
* Gateway error shown “diagnose all” tests (ACM-2206)
* Submariner does not support cluster “kube-proxy ipvs mode”(ACM-2211)
* Vsphere cluster shows Pod Security admission controller warnings (ACM-2256)
* Cannot use submariner with OSP and self signed certs (ACM-2274)
* Subctl diagnose tests spawn nettest image with wrong tag nameing convention (ACM-2387)
* Subctl 0.14.1 prints version “devel” (ACM-2482)Read More