CoreWeave
Search
K
Comment on page

Networking

Learn more about network options for Virtual Servers.
Networking for Virtual Servers can be as simplistic or as fine-grained as your use case dictates. If you'd like to attach a Public IP or LoadBalancer IP to your Virtual Server, this is the section to do it.
Additional Resources
To learn more about networking on CoreWeave cloud, see Networking.
Cloud UI
CLI
Terraform

Deployment method: CoreWeave Cloud UI

From the CoreWeave Cloud UI Virtual Server deployment menu, click the Network expandable.

Attaching IPs

More advanced networking options for Virtual Servers are configured by interacting directly with the YAML editor, but Public IP and LoadBalancer IP configuration options are also exposed via graphical toggles in this expandable. These toggles are switched on and off according to whether or not you want the Virtual Server to have either kind of IP address provisioned to it.
Attaching a Public IP to the Virtual Server will allow it to be accessible through the Internet via an assigned IPv4 address by a created Kubernetes service. When network.directAttachLoadBalancerIP is turned on (true) a new Service will be created, and its LoadBalancer IP will be directly attached to the Virtual Server.
The graphical toggles affect the network.directAttachLoadBalancerIP and .network.public options in the CRD manifest respectively, toggling their values between true and false. When both options are set to true, public networking is provided via an automatically-provisioned public IP address. When both are false, public networking is disabled, and no public IP will be provisioned.
Example in plain text:
network:
public: true
directAttachLoadBalancerIP: true
Note
When both network.directAttachLoadBalancerIP and network.public are set to false, the Virtual Server Operator (VSO) creates a "Headless Service," in order to resolve internal DNS using cluster DNS.
When network.directAttachLoadBalancerIP is set to true, custom UDP and TCP ports may not be set.

Additional networking options

All other networking options for Virtual Servers provisioned through the CoreWeave Cloud UI must be configured through the YAML manifest.

Custom MAC addresses

By default, a persistent MAC address, derived from the Virtual Server's name, is assigned to the Virtual Server. To override this, you may include MAC address configurations in the .network.macAddress field.
Custom MAC addresses for Virtual Servers are configured with dashes separating each octet:
macAddress: A2-1F-EE-09-06-5D

DNS policy

DNS policies for Virtual Servers refer to the Kubernetes Pod DNS policies. By default, Virtual Servers have a DNS policy of ClusterFirst.

TCP and UDP ports

The TCP and UDP ports to expose on the Virtual Server are configured using the tcp.ports and udp.ports lists in the YAML manifest respectively.
Note
When network.directAttachLoadBalancerIP is set to true, custom UDP and TCP ports may not be set.
Desired ports may be configured in their respective lists, as seen in this example:
Example in plain text:
network:
public: true
directAttachLoadBalancerIP: false
tcp:
ports:
- 22
- 443
- 3389
udp:
ports:
- 3389
- 4172

Floating IPs

Floating IPs allow stable IP addresses to be assigned from the load balancer IP of each Service. These allow for custom DNS configurations, and predictable addressing.
Floating IPs can be specified in the YAML manifest using a YAML list:
floatingIPs: [240.141.77.141, 82.110.59.244]
Additional Resources
Learn more about Floating Services.

Deployment method: Kubernetes CLI

To configure networking options for Virtual Servers deployed using the Kubernetes CLI, configure the options under the network stanza of the spec:
network:
public: true
tcp:
ports:
- 22
The table below describes all available configuration options for user accounts on Virtual Servers:
Field name
Field type
Description
network.floatingIPs
[]
A list of service references to be added as floating IPs. Learn more about Floating IPs.
network.floatingIPs[ ].serviceName
String
Name of the service
network.tcp
{}
Defines the TCP network configuration
network.tcp.ports
[]
List of TCP ports to expose
network.udp
{}
Defines the UDP network configuration
network.udp.ports
[]
List of UDP ports to expose
network.public
Boolean
Whether a public IP will be assigned
network.macAddress
String
Set MAC address for VS. If not provided, Virtual Server generates a unicast/local type MAC address
network.dnsConfig
Defines the DNS parameters of the VS. Defult value is DNSClusterFirst.
network.dnsPolicy
DNSPolicy
Set the DNS policy for VS. The default value is ClustrFirst

Floating IPs

Floating IPs allow the provisioning of stable IP addresses, assigned from the load balancer IP of each Service. These allow for custom DNS configurations and predictable addressing.
Floating IPs can be specified in the YAML manifest as an array:
network:
floatingIPs: [240.141.77.141, 82.110.59.244]
Additional Resources
Learn more about Floating IPs.

Deployment method: Terraform

The Virtual Server's networking options are configured as variables passed into the Virtual Server Terraform module.
The table below describes all available configuration options for user accounts on Virtual Servers.
Variable name
Variable type
Description
Default value
vs_public_networking
Boolean
Whether or not to allow the Virtual Server to be publicly accessible to the Internet.
true
vs_attach_loadbalancer
Boolean
Whether or not to attach a Service LoadBalancer IP directly to the Virtual Server.
vs_tcp_ports and vs_udp_ports must be empty.
false
vs_tcp_ports
List
Which TCP ports to expose on the Virtual Server.
[22, 443, 60443, 4172, 3389]
vs_udp_ports
List
Which UDP ports to expose on the Virtual Server.
[4172, 3389]
Terraform example:
variable "vs_public_networking" {
default = true
}
variable "vs_attach_loadbalancer" {
description = "Attach Service LoadBalancer IP directly to VS (vs_tcp_ports and vs_udp_ports must be empty)."
default = false
}
variable "vs_tcp_ports" {
type = list(any)
default = [22, 443, 60443, 4172, 3389]
}
variable "vs_udp_ports" {
type = list(any)
default = [4172, 3389]
}

Attaching a Layer 2 VPC

A Virtual Server may be attached to one or multiple VPCs, as well as to the regular CoreWeave Cloud Native Kubernetes (CCNN) network.
Each VPC will be represented as a separate Network Interface Card (NIC) inside the Virtual Server, in addition to the CoreWeave network (CCNN). The NICs inside a Virtual Server will be in the same order as the VPCs are specified - the order is deterministic to ensure that a NIC inside the Virtual Server always connects to the same VPC, even through reboots and migrations.
Additional Resources
Learn more about CoreWeave Layer 2 VPCs.
By default, CoreWeave Cloud Native Networking is enabled. To disable CoreWeave networking, set disableK8sNetworking to true.
Warning
CoreWeave Cloud Native Networking is designed with low latency and high isolation in mind. Even when a VPC is in use, it is recommended to leave the regular networking attached for Internet access while leveraging the VPC interface for things like on-premise connectivity.
Additionally, disabling CoreWeave Cloud Native Networking means loss of all regular Kubernetes networking functionality, such as Services, Load Balancers and internet access. The Pod will only be able to communicate on the specified VPCs. For internet access, a virtual firewall can be deployed bridging a VPC and a regular CCNN interface. For most Kubernetes use cases, it is not recommended to disable the standard network.
Also note that if disableK8sNetworking is set to true and a VPC is designated, no k8s (paravirtual) NIC will be attached - only the VPC will be attached.
CoreWeave support is available to help with any network design questions.
Layer 2 VPCs may be attached to Virtual Servers using the following methods:
Cloud UI
CLI

Deployment method: CoreWeave Cloud UI

VPCs that are deployed in the client namespace are associated with Virtual Servers by configuring their addresses within the YAML spec of the Virtual Server to be associated.
VPC names are configured inside the .network.vpcs stanza in the YAML manifest:
network:
vpcs: []
- name: vpc0
- name: vpc1
# If disableK8sNetworking is set to `true` and a VPC is defined, no k8s (paravirtual) NIC will be attatched
disableK8sNetworking: false

Deployment method: Kubernetes CLI

Using Kubernetes, Virtual Server Layer 2 VPC connections are configured inside the spec.network.vpcs stanza in the Virtual Server spec.
Example
apiVersion: virtualservers.coreweave.com/v1alpha1
kind: VirtualServer
metadata:
name: my-vs-in-a-vpc
namespace: tenant-coreweave-example
spec:
network:
disableK8sNetworking: false
vpcs:
- name: your-vpc-name
- name: optional-second-vc