Is it possible to set the mac address of a pod/container?

Hi folks,

I have an application that depends on a component in which its license is based on the mac address. I wonder if it is possible to create something like a pool of mac addresses to be used…

1 Like

It would be good to know if this is possible, and also good to know if this is not possible.?

We have legacy apps, that are licensed based on a mac address, so running a singleton instance of this would be awesome.

The answer depends ENTIRELY on your network setup and which drivers you are using.

What drivers should I be using?

My setup is on AKS, with CNI networking, so thinking about it, it may be difficult or just impossible, but if you have a network driver that can accept changes to the MAC address it would be worth the try.

We also have this question. In our large facility, we have containerized services such as License Servers which are usually pinned to a MAC address. These worked fine with Rancher 1, which is similar to Docker Swarm & Docker Compose.

How can we tell if a CNI driver supports the MAC addresses?

yes, you can do it by creating a virtual interface in the cotainer with your desired MAC address. It is just that you need to have NET_ADMIN capabilities added to the container. If you are using kubernetes it is easy as updating your deployment YAML file like this.

apiVersion: apps/v1
kind: Deployment
metadata:
name: anyuid-netadmin
namespace: cap-test
spec:
replicas: 1
selector:
matchLabels:
name: anyuid-netadmin
template:
metadata:
labels:
name: anyuid-netadmin
spec:
serviceAccountName: anyuid-netadmin-sa
containers:
- name: anyuid-netadmin
image: nicolaka/netshoot
command: [“sleep”]
args: [“infinity”]
imagePullPolicy: Always
securityContext:
capabilities:
add: [“NET_ADMIN”]

and the command to create virtual MAC interface is
ip link add link eth0 address 00:50:56:99:01:34 eth0.1 type macvlan

NOTE: If you are using Openshift then you need to have an SCC for the user or service acount being used for the deployment.
SCC example

allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
allowedCapabilities:

  • NET_ADMIN
    apiVersion: security.openshift.io/v1
    defaultAddCapabilities: null
    fsGroup:
    type: RunAsAny
    groups:
  • GROUP_TO_GIVE_ACCESS_TO
    users:
  • USERS_TO_GIVE_ACCESS_TO
    kind: SecurityContextConstraints
    metadata:
    annotations:
    kubernetes.io/description: anyuid provides all features of the restricted SCC but allows users to run with any UID and any GID.
    generation: 1
    name: anyuid-netadmin-scc
    priority: 10
    readOnlyRootFilesystem: false

Please read more about SCC Linux Capabilities in OpenShift

I would generally avoid granting NET_ADMIN, it works but it’s essentially giving root control of the host’s network stack to the pod.


If you can use multus you can configure a static mac address, but it does require a good amount of configuration - they have an example of how to do with with macvlan.

I don’t have access to my old hardware, but I was able to successfully assign a mac but it was also for use with SRIOV and infiniband.

1 Like

This is one of those times where I ask myself if this is something you should put in k8s. Just because you can, does not mean you should.

Yeah…its definitely not ideal. The problem is often some license servers are bound to a given mac address :frowning: Before we’d use a VM and just use that for some high availability. I really wish companies would move away from that style of enforcement mechanism.