Skip to content

Networking

BGP Route Advertisement with Kube-OVN on Harvester

In multi-tenant or hybrid environments, Kubernetes workloads (VMs, pods, and services) need to be reachable from the broader network. The traditional answer is static routes scattered across every upstream router, which breaks as soon as the cluster grows or moves. BGP solves this cleanly : the cluster advertises its own CIDRs dynamically, and every router learns them automatically.

This post documents a proof-of-concept lab that validates BGP route propagation between Kube-OVN's built-in speaker, two VyOS sagitta (1.4.x) routers, and a Harvester cluster, all running as Hyper-V VMs on a single Windows host.

The end-state we are aiming for is a successful ping from router-02 to a Kube-OVN pod IP, with every hop learned via BGP :

Terminal screenshot of router-02 successfully pinging a Kube-OVN pod IP, confirming end-to-end reachability over BGP-learned routes

Per-Namespace Egress IPs on Harvester with Kube-OVN VpcEgressGateway

This article is the result of one of my very first deep-dives into Harvester (aka SUSE Virtualization) not related to storage. It describes how to configure dedicated egress IPs per tenant (aka Namespace) on Harvester using Kube-OVN's VpcEgressGateway and we will go in unexplored territory here with release-candidates ๐Ÿ”–, experimental features ๐Ÿงช & hot fixes ๐Ÿ”ฅ on top of bugs ๐Ÿชณ that are yet to be reported ๐Ÿ“‘.

Network architecture overview showing Harvester node, ProviderNetwork, VpcEgressGateway, and tenant VM connectivity