I need to add a second interface to some of the specific K8s pods on GKE that need to be accessible directly from public users on the Internet. So I used Multus and defined a Macvlan cni like this:
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: macvlan-conf
spec:
config: '{
"cniVersion": "0.3.1",
"type": "macvlan",
"master": "eth0",
"mode": "bridge",
"ipam": {
"type": "host-local",
"subnet": "10.162.0.0/20",
"rangeStart": "10.162.0.100",
"rangeEnd": "10.162.0.150",
"routes": [
{ "dst": "0.0.0.0/0" }
],
"gateway": "10.162.0.1"
}
}'
10.162.0.1 is the default gateway of my K8s nodes in GCP. So, I imagine that in this case, pods should have the access to the outside. But in pods, just there is one default gateway that routes the internal pods traffic. Also, I can't add any route because of the privileges issues.
Question:
My expectation is wrong? How I should use Macvlan to create a public interface for those pods?