How Kube-OVN 0.5 Boosts Kubernetes NetworkPolicy and Custom Networking

Kubernetes NetworkPolicy Support

From version 0.5.0, Kube-OVN implements full Kubernetes NetworkPolicy using OpenFlow flow‑table rules instead of iptables. It uses OVN PortGroup and AddressSet objects to group ports and addresses, which reduces the number of flow entries and minimizes performance impact.

Custom Container Interface and MTU

Starting with 0.5.0, the --iface flag can be passed to the Kube-OVN controller to select the host network interface used for inter‑node pod traffic. The MTU for the pod veth pair is automatically derived from the selected host interface; it can be overridden with the --mtu flag for fine‑grained tuning.

Automatic System Parameter Configuration

Kube-OVN now checks and sets essential Linux kernel parameters on startup, including net.ipv4.ip_forward=1, net.bridge.bridge-nf-call-iptables=1, and net.ipv4.conf.all.rp_filter=0. This eliminates common networking issues caused by mismatched host settings.

Default Gateway Calculation

The logical switch for the default network and the node switch automatically compute their gateway IP addresses, removing the need for manual configuration.

Additional CLI Options

Several previously hidden command‑line flags are now exposed (e.g., --default-logical-switch, --node-switch, --mtu, --iface). The complete list is documented in the Kube-OVN installation guide:

https://github.com/alauda/kube-ovn/blob/master/docs/install.md#more-configuration

Brief Overview of Kube-OVN

Kube-OVN is an open‑source CNI that brings OVN‑based networking to Kubernetes. It provides namespace‑to‑subnet binding, inter‑subnet firewall, static IP allocation, dynamic QoS, distributed/centralized gateways, and an embedded load balancer. The solution runs on Linux, Windows, and various hypervisors (KVM, XEN, Hyper‑V, DPDK).