1. Proposed title of this feature request
Support of egress and Service ingress for secondary OVN Kubernetes networks

2. What is the nature and description of the request?
It is possible to request additional overlay networks from OVN Kubernetes by simply defining a NAD. However, these networks are not connected to the outside network. This RFE asks for two things:

  Egress: It should be possible to opt-in for egress on the NAD. When enabled, the secondary network should be NAT'ed into the outside world over the br-ex bridge.
  Ingress: It should be possible to opt-in for ingress on the NAD. When enabled, users should be able to define a Service exposing their Pod on this secondary network. When client queries this Service IP, their request would be forwarded into the secondary overlay network.

Although selecting a dedicated north-south bridge may become important later, it is not a requirement of this RFE - all north-south communication can be done over br-ex.

3. Why does the customer need this? (List the business requirements here)
  - Customers are using secondary OVN Kubernetes networks to be able to have tight control over their overlays on public cloud, or to easily manage high number of dedicated tenant networks.
  - Users of these networks want to access the internet from their otherwise isolated network.
  - Users of these networks want to expose their applications to the outside through LoadBalancer services.
  - Specifically in the case of VM workloads, users often cannot change their workloads to use one NIC (pod network) for north-south and another for their east-west.
  - With this feature supported, OpenShift Virtualization would be able to satisfy legacy virtualization customers who require "bridge-like" networking on public cloud.

4. List any affected packages or components.
OVN Kubernetes