docker - Multicast traffic to Kubernetes

Question

I want my pods to receive multicast network traffic flowing from outside of my kubernetes cluster to specific ports in my nodes.

I'm considering two solutions:

1. Adding hostNetwork: true flag to their yaml file along with hostPort configuration in order to receive the traffic directly to the pod.
2. Forwarding the traffic locally on the nodes from eth0 interface to docker0 interface using iptables command.

Method 1 is an official feature in Kubernetes, but it feels like breaking a security wall that docker originally imposed, and might cause port collisions with host's processes, etc.

Method 2 on the other hand transparently forwards the multicast network traffic to the pods.
Despite the fact I can use an automation tool to spread this configuration (ansible/salt etc), anything configured 'out of the scope' of Kubernetes feels a little hacky to me.

Would like to hear your pros and cons, comments, and maybe other solutions to the problem of multicasting to a kubernetes cluster.

Answer 1

A cleaner way to support multicast is to add an additional interface to your PODs through multus-cni. Then, you could associate this new multus interface to your host network interface that will receive multicast traffic on the host. Summarizing, you will have two interface on your POD i.e:

1. net1 (default) for pod-to-pod communication and other unicast traffic.
2. eth0 (multus) for multicast traffic. Then you will need to "join" it with a NIC in your host machine, either by using bridge or macvlan

See more details here: https://github.com/intel/multus-cni/blob/master/docs/quickstart.md