Kube-OVN, a CNCF Sandbox Project, integrates OVN-based Network Virtualization with Kubernetes. It provides enhanced support for KubeVirt and unique Multi-Tenancy capabilities.
- VPC Support: Multi-tenant network with independent address spaces, where each tenant has its own network infrastructure such as eips, nat gateways, security groups and loadbalancers.
- Namespaced Subnets: Each Namespace can have a unique Subnet (backed by a Logical Switch). Pods within the Namespace will have IP addresses allocated from the Subnet. It's also possible for multiple Namespaces to share a Subnet.
- Vlan/Underlay Support: In addition to overlay network, Kube-OVN also supports underlay and vlan mode network for better performance and direct connectivity with physical network.
- Static IP Addresses for Workloads: Allocate random or static IP addresses to workloads.
- Seamless VM LiveMigration: Live migrate KubeVirt vm without network interruption.
- Multi-Cluster Network: Connect different Kubernetes/Openstack clusters into one L3 network.
- TroubleShooting Tools: Handy tools to diagnose, trace, monitor and dump container network traffic to help troubleshoot complicate network issues.
- Prometheus & Grafana Integration: Exposing network quality metrics like pod/node/service/dns connectivity/latency in Prometheus format.
- ARM Support: Kube-OVN can run on x86_64 and arm64 platforms.
- Subnet Isolation: Can configure a Subnet to deny any traffic from source IP addresses not within the same Subnet. Can whitelist specific IP addresses and IP ranges.
- Network Policy: Implementing networking.k8s.io/NetworkPolicy API by high performance ovn ACL.
- DualStack IP Support: Pod can run in IPv4-Only/IPv6-Only/DualStack mode.
- Pod NAT and EIP: Manage the pod external traffic and external ip like tradition VM.
- IPAM for Multi NIC: A cluster-wide IPAM for CNI plugins other than Kube-OVN, such as macvlan/vlan/host-device to take advantage of subnet and static ip allocation functions in Kube-OVN.
- Dynamic QoS: Configure Pod/Gateway Ingress/Egress traffic rate/priority/loss/latency on the fly.
- Embedded Load Balancers: Replace kube-proxy with the OVN embedded high performance distributed L2 Load Balancer.
- Distributed Gateways: Every Node can act as a Gateway to provide external network connectivity.
- Namespaced Gateways: Every Namespace can have a dedicated Gateway for Egress traffic.
- Direct External Connectivity: Pod IP can be exposed to external network directly.
- BGP Support: Pod/Subnet IP can be exposed to external by BGP router protocol.
- Traffic Mirror: Duplicated container network traffic for monitoring, diagnosing and replay.
- Hardware Offload: Boost network performance and save CPU resource by offloading OVS flow table to hardware.
Kube-OVN is easy to install, please refer to the Installation Guide.
- CNI Selection Recommendations
- Getting Start
- KubeVirt Usage
- VPC Network
- User Guide
- Operations
- Advanced Usage
- Reference
We are looking forward to your PR!
The Kube-OVN community is waiting for your participation!
A list of adopters and use cases can be found in USERS.md