How to Enable BGP‑Based External Pod IP Exposure with Kube‑OVN

Install kube-ovn-speaker

Deploy the kube-ovn-speaker component on selected nodes so that GoBGP can announce routes for Pods or Subnets.

kubectl label nodes speaker-node-1 ovn.kubernetes.io/bgp=true
kubectl label nodes speaker-node-2 ovn.kubernetes.io/bgp=true

Download the speaker manifest and edit the BGP arguments.

wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.10/yamls/speaker.yaml

Update the following arguments in the yaml file: --neighbor-address=10.32.32.1: BGP peer address, typically the router gateway. --neighbor-as=65030: AS number of the BGP peer. --cluster-as=65000: AS number for the container network. kubectl apply -f speaker.yaml When multiple kube-ovn-speaker instances run, the upstream router must support ECMP (multi‑path).

Publish Pod/Subnet Routes

Set the Subnet field natOutgoing to false so that Pod IPs can be reached directly from the external network.

Add BGP annotations to expose routes:

kubectl annotate pod sample ovn.kubernetes.io/bgp=true
kubectl annotate subnet ovn-default ovn.kubernetes.io/bgp=true

Remove the annotations to stop publishing:

kubectl annotate pod perf-ovn-xzvd4 ovn.kubernetes.io/bgp-
kubectl annotate subnet ovn-default ovn.kubernetes.io/bgp-

BGP Advanced Options

announce-cluster-ip

: Whether to announce Service routes (default false). auth-password: Password for BGP peer authentication. holdtime: Heartbeat detection interval; peers missing for longer than this are removed (default 90 seconds). graceful-restart: Enable BGP graceful restart. graceful-restart-time: Restart time as defined in RFC 4724 §3. graceful-restart-deferral-time: Deferral time as defined in RFC 4724 §4.1.