Skip to content

支持更灵活的使用方式,也是为了保证所有 ovn eip 的底层基本逻辑代码都一致 #370

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
zbb88888 wants to merge 2 commits into
base: master
Choose a base branch
from
Open

支持更灵活的使用方式,也是为了保证所有 ovn eip 的底层基本逻辑代码都一致 #370

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d1de37d
支持更灵活的使用方式,也是为了保证所有 ovn eip 的底层基本逻辑代码都一致
zbb88888 Dec 15, 2025
29a120f
清晰描述使用场景
zbb88888 Dec 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 11 additions & 8 deletions docs/guide/eip-snat.en.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,15 @@ External services can access the Pod directly through the EIP, and the Pod will

![](../static/eip-snat.png)

## Advanced Configuration

> To support this feature, if you need to directly specify a default external subnet name, you may need to set the startup parameters of `kube-ovn-controller`.
Some args of `kube-ovn-controller` allow for advanced configuration of SNAT and EIP:

- `--external-gateway-config-ns`: The Namespace of Configmap `ovn-external-gw-config`, default is `kube-system`.
- `--external-gateway-net`: The name of the bridge to which the physical NIC is bridged, default is `external`.
- `--external-gateway-vlanid`: Physical network Vlan Tag number, default is 0, i.e. no Vlan is used.

## Preparation

- In order to use the OVN's L3 Gateway capability, a separate NIC must be bridged into the OVS bridge for overlay and underlay network communication.
Expand All @@ -38,6 +47,7 @@ metadata:
namespace: kube-system
data:
enable-external-gw: "true"
# external-gw-switch: "external"
external-gw-nodes: "kube-ovn-worker"
external-gw-nic: "eth1"
external-gw-addr: "172.56.0.1/16"
Expand All @@ -51,6 +61,7 @@ data:
- `external-gw-nic`: The name of the NIC that performs the role of a gateway on the node.
- `external-gw-addr`: The IP and mask of the physical network gateway.
- `nic-ip`,`nic-mac`: The IP and Mac assigned to the logical gateway port needs to be an unoccupied IP and Mac for the physical subnet.
- `external-gw-switch`: Reuse the existing underlay subnet logical switch name. If you are using the non-CRD mode `--external-gateway-net` specified external, then you do not need to configure it. But if you want to reuse the existing underlay subnet CR, then you can just configure external-gw-switch: "your-subnet-name", and the others can be left unconfigured, because the network has been maintained through the underlay subnet.

## Confirm the Configuration Take Effect

Expand Down Expand Up @@ -127,11 +138,3 @@ kubectl annotate pod pod-gw ovn.kubernetes.io/routed-
```

When the EIP or SNAT takes into effect, the `ovn.kubernetes.io/routed` annotation will be added back.

## Advanced Configuration

Some args of `kube-ovn-controller` allow for advanced configuration of SNAT and EIP:

- `--external-gateway-config-ns`: The Namespace of Configmap `ovn-external-gw-config`, default is `kube-system`.
- `--external-gateway-net`: The name of the bridge to which the physical NIC is bridged, default is `external`.
- `--external-gateway-vlanid`: Physical network Vlan Tag number, default is 0, i.e. no Vlan is used.
22 changes: 14 additions & 8 deletions docs/guide/eip-snat.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,18 @@ Kube-OVN 支持利用 OVN 中的 L3 Gateway 功能来实现 Pod 级别的 SNAT

![](../static/eip-snat.png)

## 高级配置

> 为了支持该功能,如果你需要直接指定定一个默认的 external subnet 名,你可能需要设置 `kube-ovn-controller` 的启动参数。
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

文档中存在一个拼写错误,指定定一个 应为 指定一个。建议修正以提高文档的可读性。

Suggested change
> 为了支持该功能,如果你需要直接指定定一个默认的 external subnet 名,你可能需要设置 `kube-ovn-controller` 的启动参数。
> 为了支持该功能,如果你需要直接指定一个默认的 external subnet 名,你可能需要设置 `kube-ovn-controller` 的启动参数。


`kube-ovn-controller` 的部分启动参数可对 SNAT 和 EIP 功能进行高阶配置:

- `--external-gateway-config-ns`: Configmap `ovn-external-gw-config` 所属 Namespace,默认为 `kube-system`。
- `--external-gateway-net`: 物理网卡所桥接的网桥名,默认为 `external`。
- `--external-gateway-vlanid`: 物理网络 Vlan Tag 号,默认为 0,即不使用 Vlan。

以上这些固定参数,只能维护一个默认的 external subnet,而且不是基于 subnet CRD 的形式,如果你需要以 CRD 的形式维护多个 external subnet,请参考[VPC OVN NAT 网关](../vpc/ovn-eip-fip-snat.md)。

## 准备工作

- 为了使用 OVN 的 L3 Gateway 能力,必须将一个单独的网卡接入 OVS 网桥中进行 Overlay 和 Underlay 网络的打通,
Expand All @@ -38,6 +50,7 @@ metadata:
namespace: kube-system
data:
enable-external-gw: "true"
# external-gw-switch: "external"
external-gw-nodes: "kube-ovn-worker"
external-gw-nic: "eth1"
external-gw-addr: "172.56.0.1/16"
Expand All @@ -51,6 +64,7 @@ data:
- `external-gw-nic`: 节点上承担网关作用的网卡名。
- `external-gw-addr`: 物理网络网关的 IP 和掩码。
- `nic-ip`,`nic-mac`: 分配给逻辑网关端口的 IP 和 Mac,需为物理段未被占用的 IP 和 Mac。
- `external-gw-switch`: 复用已有的 underlay subnet 逻辑交换机名称,如果使用的是非 CRD 模式的`--external-gateway-net`指定的 external,那么不需要配置。但如果你想复用已有的 underlay subnet CR, 那么你可以只配置 external-gw-switch: "your-subnet-name",其他的都可以不用配置,因为网络已经通过 underlay subnet 维护好了。

## 观察 OVN 和 OVS 状态确认配置生效

Expand Down Expand Up @@ -127,11 +141,3 @@ kubectl annotate pod pod-gw ovn.kubernetes.io/routed-
```

当 EIP 或 SNAT 规则生效后,`ovn.kubernetes.io/routed` annotation 会被重新添加。

## 高级配置

`kube-ovn-controller` 的部分启动参数可对 SNAT 和 EIP 功能进行高阶配置:

- `--external-gateway-config-ns`: Configmap `ovn-external-gw-config` 所属 Namespace,默认为 `kube-system`。
- `--external-gateway-net`: 物理网卡所桥接的网桥名,默认为 `external`。
- `--external-gateway-vlanid`: 物理网络 Vlan Tag 号,默认为 0,即不使用 Vlan。
Loading