I'm currently experimenting with using KubeVirt and Kube-OVN to create virtual machines (VMs). Everything has been going pretty smoothly, and I can expose a VM through a public IP using MetalLB with standard Kubernetes services. However, this setup effectively puts the VM behind a NAT, which isn't ideal for my needs. I'm looking to see if it's possible to directly assign a public IP to a VM so that all the ingress and egress traffic goes through that specific public IP. It seems like it should be feasible, but I haven't found solid examples on this. Any insights?
3 Answers
You might want to check out using Multus for your setup. It can help manage multiple network interfaces which allows you to attach a public IP to your VM easily. You’d create an additional NIC that links to a bridge on the host NIC, bypassing Kube-OVN if needed. Just set it up as part of your VM configuration.
Another option is to use Harvester. I know it might add some overhead, but it can make things easier. Plus, you can achieve similar results with CozyStack if you're looking for more flexibility. Just an idea to consider!
I checked out Harvester briefly; I was worried it’d complicate my setup. I’ll reconsider, though. By the way, can I run the management network over a VPN, like using Tailscale IPs for my nodes?
Look into kube-ovn's underlay feature. What you need to do is create a provider network with VLAN and use the underlay subnet directly for your VMs. This method allows for direct public IP assignments without additional routing complications.
I did set up Multus already and created a mock virtual network for my VMs. But I’m wondering how that directly helps with assigning a public IP. Could you clarify that?