K3s Network Engineer

Job Description:

"K3s Networking & CNI/Multus Specialist

Context:

The K3s NetworkEngineer will focus on networking for K3s clusters deployed across hybrid architectures (x86, ARM, accelerators). The role involves designing, implementing, and maintaining cluster networking that integrates with external systems. This includes writing Kubernetes controllers, managing IP address allocation, configuring VLANs outside of K3s and exposing them inside, extending networking with Multus CNI, and ensuring clusters support advanced CNI (Cilium/Calico) and bare-metal load balancing. The engineer ensures application and infrastructure networking is reliable, scalable, and secure.

"





Key Responsibilities:

"Cluster Networking Architecture

Design and implement networking for K3s hybrid clusters with support for multi-interface and multi-network scenarios.

Configure, extend, and optimize CNI plugins, with a focus on Multus and Cilium/Calico.

Enable workloads to use VLAN-backed networks, SR-IOV, or multiple interfaces when required.

Deploy and manage bare-metal load balancers (e.g., MetalLB, BGP) for reliable service exposure.

Controller & Operator Development

Develop custom Kubernetes controllers/operators to manage networking resources declaratively (e.g., IP pools, VLAN assignments, DNS records).

Automate network provisioning and reconciliation logic across hybrid environments.

Ensure CRDs and controllers integrate cleanly with GitOps pipelines and declarative workflows.

IP & DNS Management

Integrate cluster networking with upstream DNS servers for service discovery and external resolution.

Manage IP address allocation across nodes, pods, and external interfaces.

Implement IPAM solutions that handle hybrid hardware and multi-tenant use cases.

Hybrid Network Integration

Bridge cluster networking with underlay/overlay networks (e.g., VLANs, BGP).

Ensure external VLANs can be safely consumed by workloads within K3s.

Work with hardware teams on NIC configuration and firmware support for consistent network naming.

Security & Observability

Implement network policies, encryption, and isolation across multiple CNIs.

Integrate monitoring and observability for networking (e.g., Cilium Hubble, Prometheus metrics, custom metrics from controllers).

Validate that network paths comply with security and compliance requirements.

Collaboration & Documentation

Work closely with DevOps, SRE, and Hardware teams to align networking design with PaaS requirements.

Document networking architecture, CRDs, controllers, and operational runbooks.

Provide knowledge transfer to internal teams on advanced networking with Multus, VLANs, and bare-metal load balancers.

"





What are the Mandatory skills and skill proficiencies required for this position?

" Deep expertise with Kubernetes/K3s networking, including CNIs.

Hands-on experience with Multus CNI for multi-network attachment definitions.

Strong knowledge of Cilium or Calico for advanced networking, security, and observability.

Experience with bare-metal load balancers (MetalLB, BGP).

Proficiency in developing Kubernetes controllers/operators in Go (controller-runtime, Kubebuilder, or Operator SDK).

Experience with IP address management (IPAM) and DHCP/DNS integration.

VLAN configuration and bridging external networks into Kubernetes.

Proficiency in Linux networking (netlink, iproute2, eBPF tools).

Strong debugging skills for pod, node, and external system networking.

Security expertise in multi-network Kubernetes (RBAC, network policies, encryption).

"





What are the Optional skills and skill proficiencies for this position?

"Experience with service mesh (Istio, Linkerd) integrated with multi-network setups.

Knowledge of SR-IOV, DPDK, or high-performance networking approaches.

Contributions to Kubernetes networking or CNI projects.

Familiarity with multi-cluster federation and cross-site service routing.



"