gateway.md

Gateways

A Gateway is used to enable external network connectivity for Pods within the OVN Virtual Network.

Kube-OVN supports two kinds of Gateways: the distributed Gateway and the centralized Gateway. Also user can expose pod ip directly to external network.

For a distributed Gateway, outgoing traffic from Pods within the OVN network to external destinations will go through the Node where the Pod is hosted.

For a centralized gateway, outgoing traffic from Pods within the OVN network to external destinations will go through Gateway Node for the Namespace.

Use the following annotations in namespace to configure gateway:

• ovn.kubernetes.io/gateway_type: distributed or centralized, default is distributed.
• ovn.kubernetes.io/gateway_node: when ovn.kubernetes.io/gateway_type is centralized used this annotation to specify which node act as the namespace gateway.
• ovn.kubernetes.io/gateway_nat: true or false, whether pod ip need to be masqueraded when go through gateway. When false, pod ip will be exposed to external network directly, default true.

Example

Add the following annotations when creating the Namespace:

apiVersion: v1
kind: Namespace
metadata:
  name: testns
  annotations:
    ovn.kubernetes.io/gateway_type: centralized
    ovn.kubernetes.io/gateway_node: node1
    ovn.kubernetes.io/gateway_nat: "true"

Create some Pods:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: app1
  namespace: testns
  labels:
    app: app1
spec:
  selector:
    matchLabels:
      name: app1
  template:
    metadata:
      labels:
        name: app1
    spec:
      containers:
      - name: toolbox
        image: halfcrazy/toolbox

Open two terminals, one on the master:

kubectl -n testns exec -it app1-xxxx ping 114.114.114.114

And one on node1:

tcpdump -n -i eth0 icmp and host 114.114.114.114