- Minimum supported Kubernetes version is 1.17.
- Submariner only supports kube-proxy in iptables mode. IPVS is not supported at this time.
- CoreDNS is supported out of the box for
*.clusterset.local service discovery. KubeDNS needs manual configuration. Please refer to the
GKE Quickstart Guide for more information.
- Clusters deployed with the Calico network plug-in require further configuration to be compatible with Submariner. Please refer to the
Calico-specific deployment instructions.
- The Gateway load balancer support is still experimental and needs more testing.
- Submariner Gateway metrics
submariner_gateway_tx_bytes will not be collected when using the
VXLAN cable driver.
- Submariner currently only supports IPv4. IPv6 and dual-stack are not supported at this time.
- Currently, Globalnet is not supported with the OVN network plug-in.
subctl benchmark latency command is not compatible with Globalnet deployments at this time.
- Submariner uses TCP port 8081 to export metrics on the Globalnet controller. While other metrics will show up on OpenShift with no
additional action from the user, this is not the case for Globalnet metrics at this time. User needs to ensure that firewall
configuration allows ingress 8081/TCP on the Gateway nodes so that other nodes in the cluster can access it. Also, no other workload on
those nodes should be listening on TCP port 8081.
Deploying with Helm on OpenShift
When deploying Submariner using Helm on OpenShift, Submariner needs to be granted the appropriate security context for its service accounts:
oc adm policy add-scc-to-user privileged system:serviceaccount:submariner:submariner-routeagent
oc adm policy add-scc-to-user privileged system:serviceaccount:submariner:submariner-gateway
oc adm policy add-scc-to-user privileged system:serviceaccount:submariner:submariner-globalnet
This is handled automatically in
subctl and the Submariner addon.