If there is any plan for support podman/crio
deshui123 opened this issue · comments
When using podman/crio instead of docker, this way cann't work well for pure IPv6
There is no docker0 interface and not DOCKER related ip6table chains
When run this container, get following issue:
2020/01/14 06:21:10 running [/sbin/iptables -t nat -C OUTPUT -m addrtype --dst-type LOCAL -j DOCKER --wait]: exit status 2: iptables v1.8.3 (legacy): Couldn't load target `DOCKER':No such file or directory
Platform: CentOS8
[root@henry-1921-cs-01 ~]# ip a s cni0
4: cni0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 96:1c:1d:bc:a7:60 brd ff:ff:ff:ff:ff:ff
inet6 fd00:4::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::941c:1dff:febc:a760/64 scope link
valid_lft forever preferred_lft forever
[root@henry-1921-cs-01 ~]# podman info
host:
BuildahVersion: 1.6-dev
Conmon:
package: Unknown
path: /usr/libexec/crio/conmon
version: 'conmon version 2.0.1, commit: HEAD'
Distribution:
distribution: '"centos"'
version: "8"
MemFree: 6477934592
MemTotal: 8191897600
OCIRuntime:
package: containerd.io-1.2.10-3.2.el7.x86_64
path: /usr/bin/runc
version: |-
runc version 1.0.0-rc8+dev
commit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
spec: 1.0.1-dev
SwapFree: 0
SwapTotal: 0
arch: amd64
cpus: 4
hostname: henry-1921-cs-01
kernel: 4.18.0-80.11.2.el8_0.x86_64
os: linux
rootless: false
uptime: 7h 7m 26.76s (Approximately 0.29 days)
insecure registries:
registries: []
registries:
registries:
- registry.redhat.io
- quay.io
- docker.io
store:
ConfigFile: /etc/containers/storage.conf
ContainerStore:
number: 0
GraphDriverName: overlay
GraphOptions: null
GraphRoot: /data0/storage
GraphStatus:
Backing Filesystem: extfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
ImageStore:
number: 2
RunRoot: /var/run/containers/storage
[root@henry-1921-cs-01 ~]# ip6tables -nvL
.....
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 CNI-FORWARD all * * ::/0 ::/0 /* CNI firewall plugin rules */
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain CNI-FORWARD (1 references)
pkts bytes target prot opt in out source destination
0 0 CNI-ADMIN all * * ::/0 ::/0 /* CNI firewall plugin rules */
Chain CNI-ADMIN (1 references)
pkts bytes target prot opt in out source destination
Currently, there are no plans to support podman / crio. The scope of the project is to mirror Docker IPv4 NAT behavior. I'm not very familiar with podman / crio, but if it's doing its networking in a different way than Docker does, it won't be feasible to support it in this tool.