Networking
Learn more about network options for Virtual Servers.
Networking for Virtual Servers can be as simplistic or as fine-grained as your use case dictates. If you'd like to attach a Public IP or LoadBalancer IP to your Virtual Server, this is the section to do it.
Additional Resources
Cloud UI
CLI
Terraform

More advanced networking options for Virtual Servers are configured by interacting directly with the YAML editor, but Public IP and LoadBalancer IP configuration options are also exposed via graphical toggles in this expandable. These toggles are switched on and off according to whether or not you want the Virtual Server to have either kind of IP address provisioned to it.
Attaching a Public IP to the Virtual Server will allow it to be accessible through the Internet via an assigned IPv4 address by a created Kubernetes service. When
network.directAttachLoadBalancerIP
is turned on (true
) a new Service will be created, and its LoadBalancer IP will be directly attached to the Virtual Server.The graphical toggles affect the
network.directAttachLoadBalancerIP
and .network.public
options in the CRD manifest respectively, toggling their values between true
and false
.
When both options are set to true
, public networking is provided via an automatically-provisioned public IP address. When both are false
, public networking is disabled, and no public IP will be provisioned.
Example in plain text:
network:
public: true
directAttachLoadBalancerIP: true
Note
When both
network.directAttachLoadBalancerIP
and network.public
are set to false
, the Virtual Server Operator (VSO) creates a "Headless Service," in order to resolve internal DNS using cluster DNS.When
network.directAttachLoadBalancerIP
is set to true
, custom UDP and TCP ports may not be set.All other networking options for Virtual Servers provisioned through the CoreWeave Cloud UI must be configured through the YAML manifest.
By default, a persistent MAC address, derived from the Virtual Server's name, is assigned to the Virtual Server. To override this, you may include MAC address configurations in the
.network.macAddress
field.Custom MAC addresses for Virtual Servers are configured with dashes separating each octet:
macAddress: A2-1F-EE-09-06-5D
DNS policies for Virtual Servers refer to the Kubernetes Pod DNS policies. By default, Virtual Servers have a DNS policy of
ClusterFirst
.The TCP and UDP ports to expose on the Virtual Server are configured using the
tcp.ports
and udp.ports
lists in the YAML manifest respectively.Note
When
network.directAttachLoadBalancerIP
is set to true
, custom UDP and TCP ports may not be set.Desired ports may be configured in their respective lists, as seen in this example:

Example in plain text:
network:
public: true
directAttachLoadBalancerIP: false
tcp:
ports:
- 22
- 443
- 3389
udp:
ports:
- 3389
- 4172
Floating IPs allow stable IP addresses to be assigned from the load balancer IP of each Service. These allow for custom DNS configurations, and predictable addressing.
Floating IPs can be specified in the YAML manifest using a YAML list:
floatingIPs: [240.141.77.141, 82.110.59.244]
Additional Resources
To configure networking options for Virtual Servers deployed using the Kubernetes CLI, configure the options under the
network
stanza of the spec
: network:
public: true
tcp:
ports:
- 22
The table below describes all available configuration options for user accounts on Virtual Servers:
Field name | Field type | Description |
---|---|---|
network.floatingIPs | [] | |
network.floatingIPs[ ].serviceName | String | Name of the service |
network.tcp | {} | Defines the TCP network configuration |
network.tcp.ports | [] | List of TCP ports to expose |
network.udp | {} | Defines the UDP network configuration |
network.udp.ports | [] | List of UDP ports to expose |
network.public | Boolean | Whether a public IP will be assigned |
network.macAddress | String | Set MAC address for VS. If not provided, Virtual Server generates a unicast/local type MAC address |
network.dnsConfig | ||
network.dnsPolicy | Set the DNS policy for VS. The default value is ClustrFirst |
Floating IPs allow the provisioning of stable IP addresses, assigned from the load balancer IP of each Service. These allow for custom DNS configurations and predictable addressing.
Floating IPs can be specified in the YAML manifest as an array:
network:
floatingIPs: [240.141.77.141, 82.110.59.244]
Additional Resources
The Virtual Server's networking options are configured as variables passed into the Virtual Server Terraform module.
The table below describes all available configuration options for user accounts on Virtual Servers.
Variable name | Variable type | Description | Default value |
---|---|---|---|
vs_public_networking | Boolean | Whether or not to allow the Virtual Server to be publicly accessible to the Internet. | true |
vs_attach_loadbalancer | Boolean | Whether or not to attach a Service LoadBalancer IP directly to the Virtual Server.
⚠ vs_tcp_ports and vs_udp_ports must be empty. | false |
vs_tcp_ports | List | Which TCP ports to expose on the Virtual Server. | [22, 443, 60443, 4172, 3389] |
vs_udp_ports | List | Which UDP ports to expose on the Virtual Server. | [4172, 3389] |
Terraform example:
variable "vs_public_networking" {
default = true
}
variable "vs_attach_loadbalancer" {
description = "Attach Service LoadBalancer IP directly to VS (vs_tcp_ports and vs_udp_ports must be empty)."
default = false
}
variable "vs_tcp_ports" {
type = list(any)
default = [22, 443, 60443, 4172, 3389]
}
variable "vs_udp_ports" {
type = list(any)
default = [4172, 3389]
}
A Virtual Server may be attached to one or multiple VPCs, as well as to the regular CoreWeave Cloud Native Kubernetes (CCNN) network.
Each VPC will be represented as a separate Network Interface Card (NIC) inside the Virtual Server, in addition to the CoreWeave network (CCNN). The NICs inside a Virtual Server will be in the same order as the VPCs are specified - the order is deterministic to ensure that a NIC inside the Virtual Server always connects to the same VPC, even through reboots and migrations.
Additional Resources
By default, CoreWeave Cloud Native Networking is enabled. To disable CoreWeave networking, set
disableK8sNetworking
to true
.Warning
CoreWeave Cloud Native Networking is designed with low latency and high isolation in mind. Even when a VPC is in use, it is recommended to leave the regular networking attached for Internet access while leveraging the VPC interface for things like on-premise connectivity.
Additionally, disabling CoreWeave Cloud Native Networking means loss of all regular Kubernetes networking functionality, such as Services, Load Balancers and internet access. The Pod will only be able to communicate on the specified VPCs. For internet access, a virtual firewall can be deployed bridging a VPC and a regular CCNN interface. For most Kubernetes use cases, it is not recommended to disable the standard network.
Also note that if disableK8sNetworking is set to
true
and a VPC is designated, no k8s (paravirtual) NIC will be attached - only the VPC will be attached.Cloud UI
CLI
VPCs that are deployed in the client namespace are associated with Virtual Servers by configuring their addresses within the YAML spec of the Virtual Server to be associated.
VPC names are configured inside the
.network.vpcs
stanza in the YAML manifest:network:
vpcs: []
- name: vpc0
- name: vpc1
# If disableK8sNetworking is set to `true` and a VPC is defined, no k8s (paravirtual) NIC will be attatched
disableK8sNetworking: false
Using Kubernetes, Virtual Server Layer 2 VPC connections are configured inside the
spec.network.vpcs
stanza in the Virtual Server spec.Example
apiVersion: virtualservers.coreweave.com/v1alpha1
kind: VirtualServer
metadata:
name: my-vs-in-a-vpc
namespace: tenant-coreweave-example
spec:
network:
disableK8sNetworking: false
vpcs:
- name: your-vpc-name
- name: optional-second-vc
Last modified 22d ago