What’s New in Kube-OVN v1.16.0? Key Features and Improvements Explained

VPC Egress Gateway with BGP and EVPN (L3VPN)

In v1.16.0 the VPC egress gateway pod embeds FRR, providing BGP dynamic route advertisement to upstream networks and EVPN L3VPN support for multi‑tenant VPCs to extend across clusters and data‑centers. The gateway also exposes custom resource definitions and bandwidth limits for capacity planning.

SecurityGroup Enhancements

SecurityGroup now includes a Tier hierarchy, expands priority range to 1‑16384, and adds match fields localAddress and port for finer‑grained rule definition.

Multi‑Network Pod NetworkPolicy

Pods with multiple network interfaces can now be targeted by NetworkPolicy using the annotation ovn.kubernetes.io/policy-for, which specifies the provider network the policy applies to.

Pod‑Level DHCP Control

DHCP can be enabled or disabled per NIC via pod annotations, overriding the default Subnet setting, enabling selective DHCP for workloads such as KubeVirt.

KubeVirt Hot Migration for All NICs

The multi‑chassis live migration option now applies to all network interfaces of a VM, improving migration continuity for multi‑NIC virtual machines.

Static IP/MAC per Interface in Same Subnet

v1.16.0 allows assigning fixed IP and MAC addresses to multiple interfaces within a single logical switch, facilitating gateway or NFV workloads that require stable identities.

Additional Notable Updates

MetalLB Underlay : IPv6 and dual‑stack support.

VPC NAT Gateway : SNAT from EIP to FIP, shared external subnet gateway, customizable pod annotations.

Hairpin Traffic : SNAT extended to support FIP, any CIDR within VPC, and LoadBalancer.

Reliability : OpenFlow auto‑sync mechanism; OVN DB header backup before Raft re‑join.

Performance : Removal of managedFields cache reduces memory usage and API server load.

Security : Explicit RBAC verb lists; containers now have ephemeral storage limits.

Helm Chart Enhancements : New values extraEnv, affinity, nodeSelector, ServiceMonitor, etc.

CRD Field Descriptions : Full field completion available via kubectl explain.

Full change log is available at https://github.com/kubeovn/kube-ovn/releases/tag/v1.16.0. The release can be installed via Helm chart or raw YAML.