Skip to main content

OVN-Kubernetes

OVN-Kubernetes is an open-source Kubernetes network plugin that uses Open Virtual Network (OVN) to provide virtual networking, routing, and network security for Kubernetes clusters (container networking).

  • Implements a Kubernetes Container Network Interface (CNI) plugin using OVN for pod networking and services (container networking).
  • Provides logical networking constructs such as logical switches, logical routers, and load-balancing for Kubernetes resources (software-defined networking).
  • Supports Network Policy Enforcement (NPE) using OVN’s distributed ACLs mapped from Kubernetes NetworkPolicy objects (network security).
  • Handles multi-node cluster networking with encapsulation and routing between nodes while preserving Kubernetes abstractions (cluster networking).
  • Integrates with standard Kubernetes APIs and control plane components for declarative configuration and lifecycle management of networking resources (infrastructure orchestration).

More About Ovn-Kubernetes

OVN-Kubernetes addresses the problem of providing a programmable, overlay-based virtual network for Kubernetes clusters (container networking) by building on the OVN system from the Open Virtual Switch (vSwitch) ecosystem. It implements a Kubernetes CNI plugin that configures pod networking, Services, and NetworkPolicies using OVN’s logical networking primitives rather than node-local iptables or similar mechanisms. This makes it part of the broader category of Software Defined Networking (SDN) solutions for Kubernetes.

The project configures OVN logical switches, logical routers, and load balancers (software-defined networking) to represent Kubernetes pods, nodes, and Services. Each pod is attached to a logical switch, with logical routing rules providing connectivity across nodes and namespaces. OVN-Kubernetes programs distributed Access Control Lists (ACLs) to implement Kubernetes NetworkPolicy (network security), enabling control over ingress and egress traffic at the pod level. It also manages encapsulation and tunneling between cluster nodes when an overlay network is used, handling node-to-node transport while preserving Kubernetes IP addressing and service semantics (cluster networking).

In enterprise environments, OVN-Kubernetes is used to provide multi-tenant, policy-driven virtual networks for Kubernetes clusters running on bare metal or virtualized infrastructure (infrastructure orchestration). Operators deploy the OVN central components, along with node-level agents, to synchronize Kubernetes objects with OVN’s northbound and southbound databases (control plane integration). The plugin integrates with standard Kubernetes constructs such as Services, Endpoints, and NetworkPolicy, so platform and application teams define desired network behavior with standard Kubernetes YAML manifests.

From an architectural view, OVN-Kubernetes sits between the Kubernetes Application Programming Interface (API) server and the OVN control plane (cluster networking). A controller component watches Kubernetes resources and translates them into OVN northbound database configuration, which OVN then propagates to Open vSwitch instances running on each node. This architecture leverages OVN’s logical pipelines for routing, Network Address Translation (NAT), and ACLs, while Kubernetes remains the source of truth for object definitions (infrastructure automation). The project focuses on interoperability with the Kubernetes ecosystem by conforming to CNI requirements and Kubernetes network policy semantics.

For enterprises, OVN-Kubernetes provides a network stack that combines Kubernetes-native operations with OVN’s logical networking, useful where centralized network control, policy enforcement, and overlay connectivity are required across nodes and environments (network operations). It fits into directories and taxonomies under Kubernetes CNI plugins, SDN for containers, and NPE solutions.