kubeovn / kube-ovn

Kube-OVN, a CNCF Sandbox Project, integrates OVN-based Network Virtualization with Kubernetes. It provides enhanced support for KubeVirt and unique Multi-Tenancy capabilities. Network Topology Features • **VPC Support**: Multi-tenant network with independent address spaces, where each tenant has its own network infrastructure such as eips, nat gateways, security groups and loadbalancers. • **Namespaced Subnets**: Each Namespace can have a unique Subnet (backed by a Logical Switch). Pods within the Namespace will have IP addresses allocated from the Subnet. It's also possible for multiple Namespaces to share a Subnet. • **Vlan/Underlay Support**: In addition to overlay network, Kube-OVN also supports underlay and vlan mode network for better performance and direct connectivity with physical network. • **Static IP Addresses for Workloads**: Allocate random or static IP addresses to workloads. • **Seamless VM LiveMigration**: Live migrate KubeVirt vm without network interruption. • **Non-Primary CNI Mode**: Kube-OVN can work as a secondary CNI alongside other primary CNIs (Cilium, Calico, etc.), providing additional network interfaces and advanced networking features via Network Attachment Definitions (NADs). • **Multi-Cluster Network**: Connect different Kubernetes/Openstack clusters into one L3 network. • **TroubleShooting Tools**: Handy tools to diagnose, trace, monitor and dump container network traffic to help troubleshoot complicate network issues. • **Prometheus & Grafana Integration**: Exposing network quality metrics like pod/node/service/dns connectivity/latency in Prometheus format. • **ARM Support**: Kube-OVN can run on x86_64 and arm64 platforms. • **Subnet Isolation**: Can configure a Subnet to deny any traffic from source IP addresses not within the same Subnet. Can whitelist specific IP addresses and IP ranges. • **Network Policy**: Implementing networking.k8s.io/NetworkPolicy API by high performance ovn ACL. • **DualStack IP Support**: Pod can run in IPv4-Only/IPv6-Only/DualStack mode. • **Pod NAT and EIP**: Manage the pod external traffic and external ip like tradition VM. • **IPAM for Multi NIC**: A cluster-wide IPAM for CNI plugins other than Kube-OVN, such as macvlan/vlan/host-device to take advantage of subnet and static ip allocation functions in Kube-OVN. • **Dynamic QoS**: Configure Pod/Gateway Ingress/Egress traffic rate/priority/loss/latency on the fly. • **Embedded Load Balancers**: Replace kube-proxy with the OVN embedded high performance distributed L2 Load Balancer. • **Distributed Gateways**: Every Node can act as a Gateway to provide external network connectivity. • **Namespaced Gateways**: Every Namespace can have a dedicated Gateway for Egress traffic. • **Direct External Connectivity**: Pod IP can be exposed to external network directly. • **BGP Support**: Pod/Subnet IP can be exposed to external by BGP router protocol. • **Traffic Mirror**: Duplicated container network traffic for monitoring, diagnosing and replay. • **Hardware Offload**: Boost network performance and save CPU resource by offloading OVS flow table to hardware. Quick Start Kube-OVN is easy to install, please refer to the Installation Guide. Documents • CNI Selection Recommendations • Getting Start • KubeVirt Usage • VPC Network • User Guide • Operations • Advanced Usage • Reference Contribution We are looking forward to your PR! • Development Guide • Architecture Guide Community The Kube-OVN community is waiting for your participation! • 🔗 Follow us on Linkedin • 💬 Chat with us on Slack Adopters A list of adopters and use cases can be found in USERS.md