Configuring External Egress Gateways in Kube-OVN

Kube-OVN brings mature OpenStack networking capabilities to Kubernetes, enabling advanced network functions such as centralized egress control. In scenarios where all container outbound traffic must pass through a single external gateway for management and auditing, Kube-OVN can forward traffic by configuring appropriate routes in a Subnet resource.

Usage

kind: Subnet
apiVersion: kubeovn.io/v1
metadata:
  name: external
spec:
  cidrBlock: 172.31.0.0/16
  gatewayType: centralized
  natOutgoing: false
  externalEgressGateway: 192.168.0.1
  policyRoutingTableID: 1000
  policyRoutingPriority: 1500

natOutgoing

: Must be set to false to disable NAT for egress traffic. externalEgressGateway: The IP address of the external gateway; it must reside in the same Layer‑2 domain as the gateway node. policyRoutingTableID: A unique Table ID for the local policy routing table; each Subnet requires a distinct ID to avoid conflicts. policyRoutingPriority: The routing priority; assign any value unless you need to coordinate with other custom routes.

Kube-OVN is an enterprise‑grade CNI developed by Lingque Cloud, porting proven OpenStack networking features to Kubernetes to enhance security, operability, and performance. It became the first CNCF‑hosted open‑source CNI project from China in early 2021.