Kubernetes/ K3s Network Engineer (K3s Networking & CNI/Multus Specialist)

Overview

On Site
Depends on Experience
Contract - W2
Contract - 24 Month(s)

Skills

Kubernetes

Job Details

The K3s NetworkEngineer will focus on networking for K3s clusters deployed across hybrid architectures (x86, ARM, accelerators). The role involves designing, implementing, and maintaining cluster networking that integrates with external systems. This includes writing Kubernetes controllers, managing IP address allocation, configuring VLANs outside of K3s and exposing them inside, extending networking with Multus CNI, and ensuring clusters support advanced CNI (Cilium/Calico) and bare-metal load balancing. The engineer ensures application and infrastructure networking is reliable, scalable, and secure.

Responsibilities
Cluster Networking Architecture
Design and implement networking for K3s hybrid clusters with support for multi-interface and multi-network scenarios.
Configure, extend, and optimize CNI plugins, with a focus on Multus and Cilium/Calico.
Enable workloads to use VLAN-backed networks, SR-IOV, or multiple interfaces when required.
Deploy and manage bare-metal load balancers (e.g., MetalLB, BGP) for reliable service exposure.
Controller & Operator Development
Develop custom Kubernetes controllers/operators to manage networking resources declaratively (e.g., IP pools, VLAN assignments, DNS records).
Automate network provisioning and reconciliation logic across hybrid environments.
Ensure CRDs and controllers integrate cleanly with GitOps pipelines and declarative workflows.
IP & DNS Management
Integrate cluster networking with upstream DNS servers for service discovery and external resolution.
Manage IP address allocation across nodes, pods, and external interfaces.
Implement IPAM solutions that handle hybrid hardware and multi-tenant use cases.
Hybrid Network Integration
Bridge cluster networking with underlay/overlay networks (e.g., VLANs, BGP).
Ensure external VLANs can be safely consumed by workloads within K3s.
Work with hardware teams on NIC configuration and firmware support for consistent network naming.
Security & Observability
Implement network policies, encryption, and isolation across multiple CNIs.
Integrate monitoring and observability for networking (e.g., Cilium Hubble, Prometheus metrics, custom metrics from controllers).
Validate that network paths comply with security and compliance requirements.
Collaboration & Documentation
Work closely with DevOps, SRE, and Hardware teams to align networking design with PaaS requirements.
Document networking architecture, CRDs, controllers, and operational runbooks.
Provide knowledge transfer to internal teams on advanced networking with Multus, VLANs, and bare-metal load balancers.

Deliverables
Multus-enabled K3s networking stack supporting multiple interfaces and VLAN-backed workloads.
Functional deployment of Cilium/Calico with advanced policies and observability.
Reliable bare-metal load balancing with MetalLB or BGP-based solutions.
Custom controllers/operators for IP address management, DNS integration, and VLAN assignment.
Declarative manifests and CRDs for networking resources in GitOps workflows.
Documentation and runbooks for networking setup, troubleshooting, and operations.

Required Skills & Experience
Deep expertise with Kubernetes/K3s networking, including CNIs.
Hands-on experience with Multus CNI for multi-network attachment definitions.
Strong knowledge of Cilium or Calico for advanced networking, security, and observability.
Experience with bare-metal load balancers (MetalLB, BGP).
Proficiency in developing Kubernetes controllers/operators in Go (controller-runtime, Kubebuilder, or Operator SDK).
Experience with IP address management (IPAM) and DHCP/DNS integration.
VLAN configuration and bridging external networks into Kubernetes.
Proficiency in Linux networking (netlink, iproute2, eBPF tools).
Strong debugging skills for pod, node, and external system networking.
Security expertise in multi-network Kubernetes (RBAC, network policies, encryption).

Nice to Have
Experience with service mesh (Istio, Linkerd) integrated with multi-network setups.
Knowledge of SR-IOV, DPDK, or high-performance networking approaches.
Contributions to Kubernetes networking or CNI projects.
Familiarity with multi-cluster federation and cross-site service routing.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.