podman-static icon indicating copy to clipboard operation
podman-static copied to clipboard

Published 20 hours ago verified publisher icon mgoltzsche

Warning message before everytime podman run

Open wangjia184 opened this issue 2 years ago • 2 comments 

time="2022-01-07T00:05:51Z" level=warning msg="Error validating CNI config file /etc/cni/net.d/87-podman.conflist: [failed to find plugin \"bridge\" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin] failed to find plugin \"portmap\" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin] failed to find plugin \"firewall\" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin] failed to find plugin \"tuning\" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin]]"

this is an amazing project. It works well in K8S, I can run container in pod. but can we get rid of the above warning message? I am using the latest minimal docker image,

wangjia184 avatar Jan 07 '22 00:01 wangjia184

Hi @wangjia184, thanks for reporting the issue! Which image and version are you using? Also please send the podman command that you're calling.

I guess you're using the mgoltzsche/podman:3.4.2-minimal image. This image does not contain CNI plugins. This is to have a smaller image with low isolation and no network namespaces for child containers (instead they're using the parent container's network namespace).

If you need a dedicated network namespace per container, please consider using the mgoltzsche/podman:3.4.2 image which comes with CNI plugins.

mgoltzsche avatar Jan 07 '22 21:01 mgoltzsche

I verified that the CNI configuration file does not exist within the minimal podman image. However podman creates the file (/etc/cni/net.d/87-podman.conflist when run as root or /podman/.config/cni/net.d/87-podman.conflist when run as podman user) if it does not exist which results in the warning you mentioned. Unfortunately I cannot prevent podman from trying to load CNI plugins because an empty plugin list within that file is not allowed. Adding the CNI plugins to the minimal image does not make sense because within the minimal image podman/crun is configured to not create network namespaces that could be configured with CNI. Therefore I think it would be best to create a corresponding issue within the upstream podman repository to prevent podman from generating that file when network namespaces are disabled.

mgoltzsche avatar Jan 07 '22 21:01 mgoltzsche