Configuration of Gateways to the External Network
Pods in the Kube-OVN network access the network outside the cluster through gateways. Currently, two types of gateways are supported. You can adjust the gateway type in the subnet.
- Distributed gateway
Distributed gateways are the default gateway type of subnets. Each node functions as the gateway for the pods on the current node to access the external network. Data packets are routed to the host network stack through the ovn0 NIC of the local host, and then to the external network based on the routing rules of the host. If natOutgoing is set to true, a pod uses the IP address of the current host machine to access the external network.
The following is an example of configuration on a subnet.
vim distributed.yaml
1 2 3 4 5 6 7 8 9 10 11 12
apiVersion: kubeovn.io/v1 kind: Subnet metadata: name: distributed spec: cidrBlock: 10.166.0.0/16 default: false excludeIps: - 10.166.0.1 gateway: 10.166.0.1 gatewayType: distributed natOutgoing: true
kubectl create -f distributed.yaml
- Centralized gateway
If you want to use a static IP address to access the external network from a subnet for security operations such as auditing and trustlisting, you can configure a centralized gateway in the subnet. In centralized gateway mode, data packets of a pod are first routed to the ovn0 NIC of a specified node and then to the external network based on the routing rules of the host. If natOutgoing is set to true, a pod uses the IP address of a specified host machine to access the external network.
The following is an example of configuration on a subnet.
vim centralized.yaml
apiVersion: kubeovn.io/v1 kind: Subnet metadata: name: centralized spec: cidrBlock: 10.166.0.0/16 default: false excludeIps: - 10.166.0.1 gateway: 10.166.0.1 gatewayType: centralized gatewayNode: "node1,node2" natOutgoing: true
kubectl create -f centralized.yaml