Kube-OVN integrates the OVN-based Network Virtualization with Kubernetes. It offers an advanced Container Network Fabric for Enterprises.
- Namespaced Subnets: Each Namespace can have a unique Subnet (backed by a Logical Switch). Pods within the Namespace will have IP addresses allocated from the Subnet. It's also possible for multiple Namespaces to share a Subnet.
- Subnet Isolation: Can configure a Subnet to deny any traffic from source IP addresses not within the same Subnet. Can whitelist specific IP addresses and IP ranges.
- Static IP Addresses for Workloads: Allocate random or static IP addresses to workloads.
- Dynamic QoS: Configure Pod Ingress/Egress traffic rate limits on the fly.
- Embedded Load Balancers: Replace kube-proxy with the OVN embedded distributed L2 Load Balancer.
- Distributed Gateways: Every Node can act as a Gateway to provide external network connectivity.
- Namespaced Gateways: Every Namespace can have a dedicated Gateway for Egress traffic.
Planned Future Work
- Hardware Offloading and DPDK Support
- Direct External Connectivity
- ACL-based Network Policy
- Policy-based QoS
- More Metrics and Traffic Graph
- More Diagnosis and Tracing Tools
The Switch, Router, Firewall showed in the diagram below are all distributed on all Nodes. There is no single point of failure for in cluster network.
Kube-OVN is easy to install with all necessary components/dependencies included. Please refer to the Installation Guide.
Kube-OVN is still at an early stage and undergoing rapid development. Please DO NOT use it in production.