#Create Subnet (Kube-OVN Overlay Network)

Create a subnet in the Kube-OVN Overlay Network to achieve more granular network isolation of resources in the cluster.

Note: The platform has a built-in join subnet for communication between nodes and container groups; please avoid conflicts in network segments between join and newly created subnets.

#IP Allocation Rules

Description: If a project or namespace is assigned multiple subnets, an IP address will be randomly selected from one of the subnets.

• Allocating Projects:

  • If the project is not bound to a subnet, Pods in all namespaces under that project can only use IP addresses from the default subnet. If there are not enough IP addresses in the default subnet, the Pods will not start.
  • If the project is bound to a subnet, Pods in all namespaces under that project can only use IP addresses from that subnet.

• Allocating Namespaces:

  • If the namespace is not bound to a subnet, Pods in that namespace can only use IP addresses from the default subnet. If there are not enough IP addresses in the default subnet, the Pods will not start.
  • If the namespace is bound to a subnet, Pods in that namespace can only use IP addresses from that subnet.

#Create Subnet and Allocate to Projects or Namespaces

1. Enter Platform Management.

2. In the left navigation bar, click on Network Management > Subnet.

3. Click on Create Subnet.

4. Refer to the following instructions to configure the related parameters.

   Parameter	Description
   Network Segment	After assigning the subnet to the project or namespace, IPs within this segment will be randomly allocated for use by container groups.
   Reserved IP	The set reserved IP will not be automatically allocated. For example, it can be used as the IP address for computing components' fixed IP.
   Gateway Type	Select the type of gateway for the subnet to control the outbound traffic. - Distributed: Each host in the cluster can act as an outbound node for container groups on the current host, enabling distributed egress. - Centralized: All container groups in the cluster use one or more specific hosts as outbound nodes, facilitating external auditing and firewall control. Setting multiple centralized gateway nodes can achieve high availability.
   ECMP (Alpha)	When choosing a Centralized gateway, the ECMP feature can be used. By default, the gateway operates in master-slave mode, with only the master gateway processing traffic. When enabling ECMP (Equal-Cost Multipath Routing), outbound traffic will be routed through multiple equal-cost paths to all available gateway nodes, thereby increasing the total throughput of the gateway. Note: Please enable ECMP-related features in advance.
   Gateway Nodes	When using a Centralized gateway, select one or more specific hosts as gateway nodes.
   Outbound Traffic NAT	Choose whether to enable outbound traffic NAT (Network Address Translation). By default, it is enabled. It is mainly used to set the access address exposed to the external network when the container groups in the subnet access the internet. When outbound traffic NAT is enabled, the host IP will be used as the access address for the container groups in the current subnet; when not enabled, the IPs of the container groups within the subnet will be directly exposed to the external network. In this case, using a centralized gateway is recommended.

5. Click Confirm.

6. On the subnet details page, select Actions > Allocate Project / Namespace.

7. Complete the configuration and click Allocate.