There appears to be a netfilter nat bug in the CentOS7.7 kernel (3.10.0-1062.9.1.el7.x86_64) that prevents the nat rules from running for outbound qrouter DNAT (and presumably the inbound replies if they were to go out). It appears that the chains are correctly populated into the netns but they just never execute for the nat table. This smells similar to an earlier (but presumably fixed) RHEL/CentOS kernel bug that I found once I knew that this was the problem.
To reproduce: install a stock/updated CentOS7.7 x86 host with train k-a, provider network support, with the x86 host running the neutron containers. Instances spin up just fine and can ping internally but they have no outbound connectivity and cannot be pinged from floating IPs. The problem is that the floating IP is not getting routed correctly due to the above.
Is this reported upstream? To Red Hat or CentOS?