podman-static
podman-static copied to clipboard
Warning message before everytime podman run
time="2022-01-07T00:05:51Z" level=warning msg="Error validating CNI config file /etc/cni/net.d/87-podman.conflist: [failed to find plugin \"bridge\" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin] failed to find plugin \"portmap\" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin] failed to find plugin \"firewall\" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin] failed to find plugin \"tuning\" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin]]"
this is an amazing project. It works well in K8S, I can run container in pod. but can we get rid of the above warning message? I am using the latest minimal docker image,
Hi @wangjia184, thanks for reporting the issue! Which image and version are you using? Also please send the podman command that you're calling.
I guess you're using the mgoltzsche/podman:3.4.2-minimal
image. This image does not contain CNI plugins. This is to have a smaller image with low isolation and no network namespaces for child containers (instead they're using the parent container's network namespace).
If you need a dedicated network namespace per container, please consider using the mgoltzsche/podman:3.4.2
image which comes with CNI plugins.
I verified that the CNI configuration file does not exist within the minimal podman image.
However podman creates the file (/etc/cni/net.d/87-podman.conflist
when run as root or /podman/.config/cni/net.d/87-podman.conflist
when run as podman
user) if it does not exist which results in the warning you mentioned. Unfortunately I cannot prevent podman from trying to load CNI plugins because an empty plugin list within that file is not allowed.
Adding the CNI plugins to the minimal image does not make sense because within the minimal image podman/crun is configured to not create network namespaces that could be configured with CNI.
Therefore I think it would be best to create a corresponding issue within the upstream podman repository to prevent podman from generating that file when network namespaces are disabled.