Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




You have already seen how labels in Kubernetes are used for identifying, selecting, and organizing objects. But labels are just one way to attach metadata to Kubernetes objects.

Another way is annotations, which is a key/value map that attaches non-identifying metadata to objects. Annotation has a lot of use cases, such as attaching:

  • pointers for logging and analytics

  • phone numbers, directory entries, and web sites

  • timestamps, image hashes, and registry addresses

  • network, namespaces

  • and, types of ingress controller

Here’s an example for annotations:

Annotations can be used to assign network information to pods, and in Chapter 9, you’ll see how a Kubernetes annotation can instruct Juniper Contrail to attach an interface to a certain network. Cool.

Before seeing annotations in action, let’s first create a network with a minimum configuration based on the de facto Kubernetes network custom resource definition. NetworkAttachmentDefinition is used here to indicate the CNI as well as the parameters of the network to which we will attach to the interface pod:

The type, awesome-plugin, is the name of the CNI which could be Flannel, Calico, Contrail-K8s-cni, etc.

Create a pod and use annotations to attach its interface to a network called net-a:


According to the official Kubernetes network custom resource definition, the annotation is used to represent NetworkAttachmentDefinition and has two formats:


To maintain compatibility with existing Kubernetes deployments, all pods must attached to the cluster-wide default network, which means even if you have attached one pod interface to a specific network, this pod would have two interfaces: one attached to the cluster-wide default network, and the other attached to the network specified in the annotation argument (net-a in this case).