add vpc nat gateway docs

kubeovn · May 5, 2021 · ffc20a9 · ffc20a9
1 parent 9354cf9
commit ffc20a9
Showing 1 changed file with 60 additions and 4 deletions.
diff --git a/docs/vpc.md b/docs/vpc.md
@@ -4,8 +4,6 @@ From v1.6.0, users can create custom VPC. Each VPC has independent address space
 
 By default, all subnets without VPC options belong to the default VPC. All functions and usages remain unchanged for users who are not intended to use custom VPC.
 
-*To connect custom VPC network with the external network, custom gateway is needed. This part of work is still work in progress.*
-
 ## Steps
 1. Create a custom VPC
 ```
@@ -101,8 +99,66 @@ spec:
       policy: policySrc
 ```
 
+## VPC external gateway
+To connect custom VPC network with the external network, custom gateway is needed. 
+
+### Steps to use VPC external gateway
+First, you need to confirm that Multus-CNI and macvlan CNI have been installed. Then we start to config the VPC nat gateway.
+
+1. Config and enable the feature
+```
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: ovn-vpc-nat-gw-config
+  namespace: kube-system
+data:
+  image: 'kubeovn/vpc-nat-gateway:v1.7.0'  # Docker image for vpc nat gateway
+  enable-vpc-nat-gw: true                  # 'true' for enable, 'false' for disable 
+  nic: eth1                                # The nic that connect to underlay network, use as the 'master' for macvlan
+```
+Controller will check this configmap and create network attachment definition.
+
+2. Create VPC NAT gateway
+```
+kind: VpcNatGateway
+apiVersion: kubeovn.io/v1
+  name: ngw
+spec:
+  vpc: test-vpc-1                  # Specifies which VPC the gateway belongs to 
+  subnet: sn                       # Subnet in VPC  
+  lanIp: 10.0.1.254                # Internal IP for nat gateway pod, IP should be within the range of the subnet 
+  eips:                            # Underlay IPs assigned to the gateway
+    - eipCIDR: 192.168.0.111/24
+       gateway: 192.168.0.254
+    - eipCIDR: 192.168.0.112/24
+       gateway: 192.168.0.254
+  floatingIpRules: 
+    - eip: 192.168.0.111
+      internalIp: 10.0.1.5
+  dnatRules:
+    - eip: 192.168.0.112
+      externalPort: 8888
+      protocol: tcp
+      internalIp: 10.0.1.10
+      internalPort: 80
+  snatRules:
+    - eip: 192.168.0.112
+       internalCIDR: 10.0.1.0/24
+```
+3. Add static route to VPC
+```
+kind: Vpc
+apiVersion: kubeovn.io/v1
+metadata:
+  name: test-vpc-1
+spec:
+  staticRoutes:
+    - cidr: 0.0.0.0/0
+      nextHopIP: 10.0.1.254     # Should be the same as the 'lanIp' for vpc gateway
+      policy: policyDst
+```
 ## Custom VPC limitation
 
 - Custom VPC can not access host network
-- Not support DNS/Service/Loadbalancer
-- Not support EIP/SNAT
+- Not support DNS/Service/Loadbalancer