README


Kube-OVN, a CNCF Sandbox Project, integrates OVN-based Network Virtualization with Kubernetes. It provides enhanced support for KubeVirt and unique Multi-Tenancy capabilities.
Network Topology

Features
- VPC Support: Multi-tenant network with independent address spaces, where each tenant has its own network infrastructure such as eips, nat gateways, security groups and loadbalancers.
- Namespaced Subnets: Each Namespace can have a unique Subnet (backed by a Logical Switch). Pods within the Namespace will have IP addresses allocated from the Subnet. It's also possible for multiple Namespaces to share a Subnet.
- Vlan/Underlay Support: In addition to overlay network, Kube-OVN also supports underlay and vlan mode network for better performance and direct connectivity with physical network.
- Static IP Addresses for Workloads: Allocate random or static IP addresses to workloads.
- Seamless VM LiveMigration: Live migrate KubeVirt vm without network interruption.
- Non-Primary CNI Mode: Kube-OVN can work as a secondary CNI alongside other primary CNIs (Cilium, Calico, etc.), providing additional network interfaces and advanced networking features via Network Attachment Definitions (NADs).
- Multi-Cluster Network: Connect different Kubernetes/Openstack clusters into one L3 network.
- TroubleShooting Tools: Handy tools to diagnose, trace, monitor and dump container network traffic to help troubleshoot complicate network issues.
- Prometheus & Grafana Integration: Exposing network quality metrics like pod/node/service/dns connectivity/latency in Prometheus format.
- ARM Support: Kube-OVN can run on x86_64 and arm64 platforms.
- Subnet Isolation: Can configure a Subnet to deny any traffic from source IP addresses not within the same Subnet. Can whitelist specific IP addresses and IP ranges.
- Network Policy: Implementing networking.k8s.io/NetworkPolicy API by high performance ovn ACL.
- DualStack IP Support: Pod can run in IPv4-Only/IPv6-Only/DualStack mode.
- Pod NAT and EIP: Manage the pod external traffic and external ip like tradition VM.
- IPAM for Multi NIC: A cluster-wide IPAM for CNI plugins other than Kube-OVN, such as macvlan/vlan/host-device to take advantage of subnet and static ip allocation functions in Kube-OVN.
- Dynamic QoS: Configure Pod/Gateway Ingress/Egress traffic rate/priority/loss/latency on the fly.
- Embedded Load Balancers: Replace kube-proxy with the OVN embedded high performance distributed L2 Load Balancer.
- Distributed Gateways: Every Node can act as a Gateway to provide external network connectivity.
- Namespaced Gateways: Every Namespace can have a dedicated Gateway for Egress traffic.
- Direct External Connectivity: Pod IP can be exposed to external network directly.
- BGP Support: Pod/Subnet IP can be exposed to external by BGP router protocol.
- Traffic Mirror: Duplicated container network traffic for monitoring, diagnosing and replay.
- Hardware Offload: Boost network performance and save CPU resource by offloading OVS flow table to hardware.
Quick Start
Kube-OVN is easy to install, please refer to the Installation Guide.
Documents
Contribution
We are looking forward to your PR!
Community
The Kube-OVN community is waiting for your participation!
Adopters
A list of adopters and use cases can be found in USERS.md
Extension points exported contracts — how you extend this code
GenericInformer (Interface)
GenericInformer is type of SharedIndexInformer which will locate and delegate to other sharedInformers based on type [25 …
pkg/client/informers/externalversions/generic.go
Common (Interface)
(no doc) [8 implementers]
pkg/ovs/interface.go
KubeVirtInformerFactory (Interface)
(no doc) [1 implementers]
pkg/informer/kubevirt.go
ExecFunc (FuncType)
(no doc)
test/e2e/framework/iproute/iproute.go
IPPoolInformer (Interface)
IPPoolInformer provides access to a shared informer and lister for IPPools. [25 implementers]
pkg/client/informers/externalversions/kubeovn/v1/ippool.go
NBGlobal (Interface)
(no doc) [5 implementers]
pkg/ovs/interface.go
SharedInformerOption (FuncType)
(no doc)
pkg/informer/kubevirt.go
QoSPolicyInformer (Interface)
QoSPolicyInformer provides access to a shared informer and lister for QoSPolicies. [25 implementers]
pkg/client/informers/externalversions/kubeovn/v1/qospolicy.go
Core symbols most depended-on inside this repo
Equal
called by 1457
pkg/ipam/ip.go
Error
called by 1162
pkg/ovs/ovn-nb-acl.go
String
called by 974
pkg/ovs/util.go
Run
called by 872
pkg/ovn_ic_controller/controller.go
Error
called by 796
pkg/controller/node.go
Contains
called by 645
pkg/ipam/ip_range.go
ExpectNoError
called by 617
test/e2e/framework/expect.go
Get
called by 409
pkg/client/listers/kubeovn/v1/ip.go
Shape
Method
4,338
Function
1,693
Struct
511
Interface
182
TypeAlias
24
FuncType
6
Modules by API surface
mocks/pkg/ovs/interface.go884 symbols
pkg/ovs/ovn-nb-suite_test.go311 symbols
pkg/apis/kubeovn/v1/zz_generated.deepcopy.go288 symbols
pkg/ovs/interface.go221 symbols
pkg/controller/subnet.go77 symbols
pkg/controller/pod.go59 symbols
pkg/controller/vpc_nat_gw_nat.go53 symbols
pkg/client/informers/externalversions/kubeovn/v1/interface.go51 symbols
pkg/util/net_test.go47 symbols
pkg/util/net.go47 symbols
pkg/daemon/ovs_linux.go44 symbols
pkg/daemon/controller.go44 symbols
Dependencies from manifests, versioned
cyphar.com/go-pathrsv0.2.2 · 1×
github.com/Azure/go-ansitermv0.0.0-2025010203350 · 1×
github.com/JeffAshton/win_pdhv0.0.0-2016110914355 · 1×
github.com/MakeNowJust/heredocv1.0.0 · 1×
github.com/Masterminds/semver/v3v3.4.0 · 1×
github.com/Microsoft/go-winiov0.6.2 · 1×
github.com/Microsoft/hcsshimv0.14.1 · 1×
github.com/Microsoft/hnslibv0.1.2 · 1×
github.com/NYTimes/gziphandlerv1.1.1 · 1×
github.com/antlr4-go/antlr/v4v4.13.1 · 1×
github.com/armon/circbufv0.0.0-2019021419053 · 1×