Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Kube-OVN Overview

Kube-OVN integrates the OVN-based (OVN is short for open virtual network) network virtualization with Kubernetes. It offers an advanced container network fabric for enterprises with the most functions and the easiest operation. The software is open-sourced based on Apache 2.0. Kube-OVN 1.2.0 officially supports the ARM64 architecture and can natively run on Kunpeng servers.

Kube-OVN supports the following functions:

  • Binding subnets to namespaces: Each namespace can have a unique subnet (backed by an independent logical switch). Pods within a namespace will have IP addresses allocated from the current subnet. Multiple namespaces can share a subnet.
  • Subnet isolation: Kube-OVN allows you to configure a subnet to deny any traffic from source IP addresses not within the same subnet. You can also filter traffic based on the IP address or IP address segment trustlist.
  • Network policies: Kube-OVN supports Kubernetes network policies in high-performance OVN access control list (ACL) mode.
  • Static IP addresses for workloads: Random or static IP addresses are allocated to workloads.
  • Static IP addresses for pods: Static IP addresses and MAC addresses are allocated to pods.
  • IP address reuse supported by StatefulSets: Within the lifecycle of a StatefulSet, pods reuse IP addresses by name. (The IP addresses can be randomly allocated for the first time and are fixed within the lifecycle.)
  • Multi-NIC IP address management (IPAM): The IPAM container network interface (CNI) plugin within the cluster is supported. In addition to Kube-OVN, MACvlan, VLAN, and host-device can be deployed to make full use of the advantages of subnets and static IP address allocation.
  • Dynamic and bidirectional QoS: Bidirectional bandwidth QoS management is supported, and the ingress/egress bandwidths of pods can be dynamically changed.
  • Embedded load balancers: The high-performance distributed L2 load balancer embedded in the OVN is used to replace kube-proxy.
  • Distributed gateways: Each node can function as a gateway to provide external network connections.
  • Namespaced gateways: Each namespace can function as a gateway to provide external network connections.
  • Direct connection to the external network: The IP addresses of pods are directly exposed to the external network. You can add a static route to an external router to divert the traffic of the container network segments to any host in the cluster.
  • BGP support: The IP addresses of pods can be exposed to the external Border Gateway Protocol (BGP).
  • Traffic mirror: Traffic between containers can be duplicated to facilitate monitoring, auditing, and fault diagnosis.
  • VLAN support: The underlay virtual local area network (VLAN) mode is supported to obtain better performance and throughput.
  • DPDK support: The Open vSwitch with the Data Plane Development Kit (OvS-DPDK) can run in pods.
  • IPv6 support: Pods can be deployed in IPv6-only mode.
  • Problem locating tool: Tools are provided to locate, monitor, and dump network problems.
Parent topic: Introduction