Gateways

A Gateway is used to enable external network connectivity for Pods within the OVN Virtual Network.

Kube-OVN supports two kinds of Gateways: the distributed Gateway and the centralized Gateway. Also user can expose pod ip directly to external network.

For a distributed Gateway, outgoing traffic from Pods within the OVN network to external destinations will go through the Node where the Pod is hosted.

For a centralized gateway, outgoing traffic from Pods within the OVN network to external destinations will go through Gateway Node for the Namespace.

Use the following annotations in namespace to configure gateway:

  • ovn.kubernetes.io/gateway_type: distributed or centralized, default is distributed.
  • ovn.kubernetes.io/gateway_node: when ovn.kubernetes.io/gateway_type is centralized used this annotation to specify which node act as the namespace gateway.
  • ovn.kubernetes.io/gateway_nat: true or false, whether pod ip need to be masqueraded when go through gateway. When false, pod ip will be exposed to external network directly, default true.

Example

Add the following annotations when creating the Namespace:

  1. apiVersion: v1
  2. kind: Namespace
  3. metadata:
  4.   name: testns
  5.   annotations:
  6.     ovn.kubernetes.io/gateway_type: centralized
  7.     ovn.kubernetes.io/gateway_node: node1
  8.     ovn.kubernetes.io/gateway_nat: "true"

Create some Pods:

  1. apiVersion: apps/v1
  2. kind: DaemonSet
  3. metadata:
  4.   name: app1
  5.   namespace: testns
  6.   labels:
  7.     app: app1
  8. spec:
  9.   selector:
  10.     matchLabels:
  11.       name: app1
  12.   template:
  13.     metadata:
  14.       labels:
  15.         name: app1
  16.     spec:
  17.       containers:
  18.       - name: toolbox
  19.         image: halfcrazy/toolbox

Open two terminals, one on the master:

kubectl -n testns exec -it app1-xxxx ping 114.114.114.114

And one on node1:

tcpdump -n -i eth0 icmp and host 114.114.114.114