Skip to main content

Submariner

Submariner is an open-source multi-cluster networking project that provides secure network connectivity and service discovery across Kubernetes clusters (multi-cluster networking).

  • Cross-cluster connectivity for Kubernetes clusters over existing networks or VPNs (multi-cluster networking).
  • Encrypted inter-cluster traffic using IPsec or other supported tunnels (network security / Virtual Private Network (VPN)).
  • Export and discovery of services across clusters without application changes (service discovery).
  • Support for various deployment topologies, including overlapping and non-overlapping CIDRs (network architecture).
  • Integration with Kubernetes-native tooling and other CNCF ecosystem projects for multi-cluster setups (cloud-native infrastructure).

More About Submariner

Submariner addresses the problem of connecting multiple Kubernetes clusters so that pods and services in different clusters can communicate using secure, routable networking (multi-cluster networking). It is hosted by the Cloud Native Computing Foundation (CNCF) and targets environments where workloads are distributed across clusters in multiple regions, clouds, or on-premises (on-prem) sites. Submariner focuses on providing IP connectivity and service discovery across clusters without requiring applications to become multi-cluster aware.

At its core, Submariner establishes secure tunnels between clusters, typically using IPsec-based connections or other supported tunnel mechanisms (network security / VPN). These tunnels enable direct pod-to-pod and pod-to-service communication across clusters with minimal changes to existing networking configurations. Submariner works with Kubernetes ClusterIP services so that services exported from one cluster can be consumed from another as if they were local, which reduces the need for application-level federation logic.

The project operates at the network and service discovery layers (networking / service mesh adjacency). It includes components that run in each participating cluster, manage tunnel endpoints, and configure routing so that cluster CIDRs are reachable across the connected sites. Submariner supports deployment in topologies with non-overlapping and, in certain configurations, overlapping CIDR ranges (network architecture). It is designed to work with different Container Network Interface (CNI) plugins by programming routing and IP tables so that cross-cluster traffic is handled transparently for Kubernetes workloads.

In enterprise and institutional environments, Submariner is used to build multi-cluster Kubernetes environments across public clouds, private data centers, and edge locations (hybrid and multi-cloud networking). Typical use cases include high-availability deployments across regions, Disaster Recovery (DR) clusters, data locality strategies, and collaboration between organizational units that manage separate clusters. By providing IP-level connectivity, Submariner allows existing Kubernetes patterns such as DNS-based service access, service accounts, and standard ingress mechanisms to operate across clusters without specialized gateways embedded in each application.

Submariner interoperates with Kubernetes-native tooling, and it is positioned in the CNCF ecosystem as a project that complements cluster lifecycle and multi-cluster management tools rather than replacing them (cloud-native infrastructure). It focuses specifically on the data plane for cross-cluster traffic and on exporting and discovering services across clusters. For technical stakeholders, Submariner provides a way to standardize multi-cluster network connectivity and service reachability using Kubernetes constructs, enabling consistent policies, observability, and operations across distributed clusters.