Kube-OVN v1.10.0 Release Highlights: Windows Support, Custom Subnet ACLs, Kubevirt Enhancements, Submariner Integration, and Performance Improvements

Kube-OVN v1.10.0 is now generally available, bringing major enhancements to functionality, performance, stability, and usability. New capabilities include Windows node support (Overlay VXLAN on Windows Server 2019 with Hyper‑V), user‑defined subnet ACLs allowing flexible L2‑L4 traffic matching, and Kubevirt networking improvements such as static VM IP allocation, DPDK acceleration, and built‑in DHCP support.

The release also integrates Submariner for multi‑cluster connectivity, offering encrypted traffic, Service and DNS inter‑cluster communication, and compatibility with other CNI plugins. Control‑plane performance has been dramatically improved through large‑scale testing (15K Pods), with optimizations like IPAM initialization time reduction (527 s → 29 s), O(n) to O(1) complexity reductions for port‑group and QoS checks, EIP/SNAT toggle for faster creation, router‑policy replacement for static routes, and upgraded OVN/OVS components.

Additional features include CRD splitting for EIP/SNAT/DNAT, zero‑downtime upgrades, namespace‑to‑multiple‑subnet binding, VPC peering, and webhook enhancements.

Example of a custom subnet ACL configuration:

spec:
  acls:
  - action: reject
    direction: to-lport
    match: ip4.src==10.16.0.12 && ip4.dst==2.2.0.3
    priority: 2022
  - action: allow
    direction: from-lport
    match: ip4.src==10.16.0.12 && ip4.dst==2.2.0.2
    priority: 2222
  ...

The community encourages feedback, contributions, and adoption, providing links to issue boards, adopter lists, documentation, and communication channels.