support for vpc nat gateway without eip (#5605)

oilbeater · web-flow · commit 779d9e10e6ad · 2025-09-18T17:18:21.000+08:00
Signed-off-by: Mengxin Liu &lt;liumengxinfly@gmail.com&gt;
diff --git a/charts/kube-ovn-v2/crds/kube-ovn-crd.yaml b/charts/kube-ovn-v2/crds/kube-ovn-crd.yaml
@@ -506,6 +506,8 @@ spec:
                     type: string
                 qosPolicy:
                   type: string
+                noDefaultEIP:
+                  type: boolean
                 bgpSpeaker:
                   type: object
                   properties:
diff --git a/charts/kube-ovn/templates/kube-ovn-crd.yaml b/charts/kube-ovn/templates/kube-ovn-crd.yaml
@@ -506,6 +506,8 @@ spec:
                     type: string
                 qosPolicy:
                   type: string
+                noDefaultEIP:
+                  type: boolean
                 bgpSpeaker:
                   type: object
                   properties:
diff --git a/dist/images/install.sh b/dist/images/install.sh
@@ -751,6 +751,8 @@ spec:
                     type: string
                 qosPolicy:
                   type: string
+                noDefaultEIP:
+                  type: boolean
                 bgpSpeaker:
                   type: object
                   properties:
diff --git a/dist/images/vpcnatgateway/nat-gateway.sh b/dist/images/vpcnatgateway/nat-gateway.sh
@@ -137,7 +137,7 @@ function init() {
 
     # Send gratuitous ARP for all the IPs on the external network interface at initialization
     # This is especially useful to update the MAC of the nexthop we announce to the BGP speaker 
-    ip -4 addr show dev net1 | awk '/inet /{print $2}' | cut -d/ -f1 | xargs -n1 arping -I net1 -c 3 -U
+    ip -4 addr show dev $EXTERNAL_INTERFACE | awk '/inet /{print $2}' | cut -d/ -f1 | xargs -n1 arping -I $EXTERNAL_INTERFACE -c 3 -U
 }
 
 
@@ -195,6 +195,14 @@ function add_eip() {
         exec_cmd "ip addr replace $eip dev $EXTERNAL_INTERFACE"
         exec_cmd "arping -I $EXTERNAL_INTERFACE -c 3 -U $eip_without_prefix"
     done
+    
+    if [ -n "$GATEWAY_V4" ]; then
+        exec_cmd "ip route replace default via $GATEWAY_V4 dev $EXTERNAL_INTERFACE"
+    fi
+    
+    if [ -n "$GATEWAY_V6" ]; then
+        exec_cmd "ip -6 route replace default via $GATEWAY_V6 dev $EXTERNAL_INTERFACE"
+    fi 
 }
 
 function del_eip() {
diff --git a/pkg/apis/kubeovn/v1/vpc-nat-gateway.go b/pkg/apis/kubeovn/v1/vpc-nat-gateway.go
@@ -40,6 +40,7 @@ type VpcNatGatewaySpec struct {
 	QoSPolicy       string              `json:"qosPolicy"`
 	BgpSpeaker      VpcBgpSpeaker       `json:"bgpSpeaker"`
 	Routes          []Route             `json:"routes"`
+	NoDefaultEIP    bool                `json:"noDefaultEIP"`
 }
 
 type VpcBgpSpeaker struct {
diff --git a/pkg/controller/vpc_nat_gateway.go b/pkg/controller/vpc_nat_gateway.go
@@ -192,14 +192,13 @@ func (c *Controller) handleAddOrUpdateVpcNatGw(key string) error {
 	}
 
 	var natGwPodContainerRestartCount int32
-	pod, _err := c.getNatGwPod(key)
-	if _err == nil {
-		for _, psc := range pod.Status.ContainerStatuses {
-			if psc.Name != "vpc-nat-gw" {
-				continue
+	pod, err := c.getNatGwPod(key)
+	if err == nil {
+		for _, containerStatus := range pod.Status.ContainerStatuses {
+			if containerStatus.Name == "vpc-nat-gw" {
+				natGwPodContainerRestartCount = containerStatus.RestartCount
+				break
 			}
-			natGwPodContainerRestartCount = psc.RestartCount
-			break
 		}
 	}
 
@@ -972,10 +971,13 @@ func (c *Controller) genNatGwStatefulSet(gw *kubeovnv1.VpcNatGateway, oldSts *v1
 	if v6Gateway != "" {
 		routes = append(routes, request.Route{Destination: "::/0", Gateway: v6Gateway})
 	}
-
-	if err = setPodRoutesAnnotation(annotations, subnet.Spec.Provider, routes); err != nil {
-		klog.Error(err)
-		return nil, err
+	if !gw.Spec.NoDefaultEIP {
+		if err = setPodRoutesAnnotation(annotations, subnet.Spec.Provider, routes); err != nil {
+			klog.Error(err)
+			return nil, err
+		}
+	} else {
+		annotations[fmt.Sprintf(util.AllocatedAnnotationTemplate, subnet.Spec.Provider)] = "true"
 	}
 
 	selectors := util.GenNatGwSelectors(gw.Spec.Selector)
@@ -1006,6 +1008,16 @@ func (c *Controller) genNatGwStatefulSet(gw *kubeovnv1.VpcNatGateway, oldSts *v1
 							Image:           vpcNatImage,
 							Command:         []string{"sleep", "infinity"},
 							ImagePullPolicy: corev1.PullIfNotPresent,
+							Env: []corev1.EnvVar{
+								{
+									Name:  "GATEWAY_V4",
+									Value: v4Gateway,
+								},
+								{
+									Name:  "GATEWAY_V6",
+									Value: v6Gateway,
+								},
+							},
 							SecurityContext: &corev1.SecurityContext{
 								Privileged:               ptr.To(true),
 								AllowPrivilegeEscalation: ptr.To(true),

Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,7 @@ type VpcNatGatewaySpec struct {`
`40`	`40`	QoSPolicy string `json:"qosPolicy"`
`41`	`41`	BgpSpeaker VpcBgpSpeaker `json:"bgpSpeaker"`
`42`	`42`	Routes []Route `json:"routes"`
	`43`	+ NoDefaultEIP bool `json:"noDefaultEIP"`
`43`	`44`	`}`
`44`	`45`
`45`	`46`	`type VpcBgpSpeaker struct {`