Using podman run with container runtime crio

[kameshsampath]

OS: macOS Catalina

podman version:

Client:
Version:            1.6.3-dev
RemoteAPI Version:  1
Go Version:         go1.12.10
Git Commit:         6c6e78374f5be949d11a8608080c96e2d22ca872
Built:              Wed Oct 30 00:38:11 2019
OS/Arch:            darwin/amd64

Service:
Version:            1.8.2
RemoteAPI Version:  1
Go Version:         go1.11.13
Git Commit:         028e3317eb1494b9b2acba4a0a295df80fae66cc
Built:              Fri Mar 27 00:14:28 2020
OS/Arch:            linux/amd64
``
minikube version: 

miniikube version: v1.9.2
commit: 93af9c1

**Steps to reproduce the issue:** 

1. 

./minikube start -p podman-node
--container-runtime=cri-o
--network-plugin=cni
--enable-default-cni

2.  `minikube -p podman-node podman-env `
3.  `podman run -it --rm busybox /bin/sh `

The command fails with error 

Trying to pull docker.io/library/busybox...
Getting image source signatures
Copying blob sha256:e2334dd9fee4b77e48a8f2d793904118a3acf26f1f2e72a3d79c6cae993e07f0
Copying config sha256:be5888e67be651f1fbb59006f0fd791b44ed3fceaa6323ab4e37d5928874345a
Writing manifest to image destination
Storing signatures
time="2020-04-16T06:10:09Z" level=error msg="error configuring network namespace for container 7fddc83c2a0dd031fab5c084235ed63b73322eb269706ee2ca9c66e726fe1840: Missing CNI default network"

**Full output of `minikube start` command used, if not already included:**

./minikube start -p podman-node
--container-runtime=cri-o
--network-plugin=cni
--enable-default-cni
😄 [podman-node] minikube v1.9.2 on Darwin 10.15.4
▪ MINIKUBE_HOME=/Users/kameshs/MyLabs/minikube/podman/
✨ Automatically selected the hyperkit driver
💾 Downloading driver docker-machine-driver-hyperkit:
> docker-machine-driver-hyperkit.sha256: 65 B / 65 B [---] 100.00% ? p/s 0s
> docker-machine-driver-hyperkit: 10.90 MiB / 10.90 MiB 100.00% 3.03 MiB p
🔑 The 'hyperkit' driver requires elevated permissions. The following commands will be executed:

$ sudo chown root:wheel /Users/kameshs/MyLabs/minikube/podman/.minikube/bin/docker-machine-driver-hyperkit
$ sudo chmod u+s /Users/kameshs/MyLabs/minikube/podman/.minikube/bin/docker-machine-driver-hyperkit

Password:
💿 Downloading VM boot image ...
> minikube-v1.9.0.iso.sha256: 65 B / 65 B [--------------] 100.00% ? p/s 0s
> minikube-v1.9.0.iso: 174.93 MiB / 174.93 MiB [] 100.00% 13.09 MiB p/s 14s
👍 Starting control plane node m01 in cluster podman-node
🔥 Creating hyperkit VM (CPUs=2, Memory=6000MB, Disk=20000MB) ...
🎁 Preparing Kubernetes v1.18.0 on CRI-O 1.17.1 ...
> kubectl.sha256: 65 B / 65 B [--------------------------] 100.00% ? p/s 0s
> kubelet.sha256: 65 B / 65 B [--------------------------] 100.00% ? p/s 0s
> kubeadm.sha256: 65 B / 65 B [--------------------------] 100.00% ? p/s 0s
> kubeadm: 37.96 MiB / 37.96 MiB [---------------] 100.00% 12.88 MiB p/s 3s
> kubectl: 41.98 MiB / 41.98 MiB [----------------] 100.00% 8.90 MiB p/s 5s
> kubelet: 108.01 MiB / 108.01 MiB [-------------] 100.00% 13.39 MiB p/s 9s
🌟 Enabling addons: default-storageclass, storage-provisioner
🏄 Done! kubectl is now configured to use "podman-node"

https://gist.github.com/kameshsampath/4d8d54f520697735ee31c3a0f986c6e2

[medyagh]

I personally have not tried podman driver with a remote Podman but I belive u needs to set ENV

[kameshsampath]

Set ENV? I did the minikube -p mykube podman-env Get Outlook for iOS<https://aka.ms/o0ukef>

…

________________________________ From: Medya Ghazizadeh <notifications@github.com> Sent: Thursday, April 16, 2020 1:40:08 PM To: kubernetes/minikube <minikube@noreply.github.com> Cc: Kamesh Sampath <kamesh.sampath@hotmail.com>; Author <author@noreply.github.com> Subject: Re: [kubernetes/minikube] Using podman run with container runtime crio (#7709) I personally have not tried podman driver with a remote Podman but I belive u needs to set ENV — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fkubernetes%2Fminikube%2Fissues%2F7709%23issuecomment-614487068&data=02%7C01%7C%7C34ee0ffd8958427e941c08d7e1dd94c5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637226214107957575&sdata=QJTNuU1Sd0AThujSFQ9uZihedWvUKHq3PGshQgiykpw%3D&reserved=0>, or unsubscribe<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAHHMILG4HSZ7CBAMP2TW53RM24OBANCNFSM4MJJ62BA&data=02%7C01%7C%7C34ee0ffd8958427e941c08d7e1dd94c5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637226214107967574&sdata=44qPElNPcq8RlGewIQil4cQt3zNke2Gn0GFGRxByfdM%3D&reserved=0>.

[rhatdan]

@mheon PTAL
This looks like something is setup incorrectly on the server for CNI configuration?

[mheon]

I suspect that libpod.conf has podman set as the default network name, but there is no CNI network by the name of podman available.

[afbjorklund]

This is a known shortcoming with the current minikube.iso, we didn't include a podman bridge config because there were some conflicts with the CNI version at the time and we would rather have a working cri-o... We're only using podman to load images, so there was not really any use for podman run. So the feature was omitted from the release 1.8.0, and later not added for 1.9.0 partly because we forgot about it and partly because there are not many using it. Thank you for the reminder, that it might be useful.

We need to install /etc/cni/net.d/87-podman-bridge.conflist with the podman package.

Upgraded CNI in: #6664

Similar earlier issue: #4406

We have upgraded CNI now, so a future version could bring back support for networking.
As a workaround you could run it with --network none or --network host meanwhile ?

Basically the "supported" commands are sudo podman load and sudo podman build.
Most other things would rather use kubectl (or sudo crictl) instead. Including running...

See also #6664 (comment)

What will you be using it for, besides busybox ?

[afbjorklund]

We could document this better, in the meantime:

$ podman-remote run -it --rm busybox /bin/sh
time="2020-04-17T18:53:41Z" level=error msg="error configuring network namespace for container a5d30bd00be357c19970432e39587db33795ea307b629b67b474a3aa79c59561: Missing CNI default network"
$ podman-remote run -it --rm --network host busybox /bin/sh
/ # exit
exit

It could also use the minikube default CNI network:

$ podman-remote run --rm --network rkt.kubernetes.io busybox ifconfig eth0
eth0      Link encap:Ethernet  HWaddr DA:EA:8C:B2:13:A2  
          inet addr:10.1.0.10  Bcast:10.1.255.255  Mask:255.255.0.0
          inet6 addr: fe80::d8ea:8cff:feb2:13a2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1460  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:222 (222.0 B)

[kameshsampath]

thanks @afbjorklund

What will you be using it for, besides busybox ?

I just started with busybox to test, but few thigns that I plan to try are

• podman build from host and use the image in kubectl deployments
• ideally using minikube podman-machine instead of docker for mac/windows

[kameshsampath]

I just tried uninstalling Docker for Mac and aliased docker=podman and it runs super cool. If we happen the default network on in next version it will be super nice as user does not need add the network option.

[afbjorklund]

• ideally using minikube podman-machine instead of docker for mac/windows

OK, so basically cut down on the number of VMs used. That is a supported use case indeed.

Minikube normally does provide the docker daemon for this (instead of using containerd), so we could provide a podman alternative (when running with crio) for the users without a local possibility.

The other option would be to run one minikube with crio and one podman-machine, but that has the same downside as minikube with containerd and one docker-machine... More virtual machines.

Another thing is Docker Desktop and reusing an existing VM, but there is no Podman Desktop.

If we happen the default network on in next version it will be super nice as user does not need add the network option.

I have added the PR to add the missing file to the minikube.iso image for the VM

If you could confirm that adding /etc/cni/net.d/87-podman-bridge.conflist fixes it, it would be great!

https://github.com/containers/libpod/blob/v1.8.2/cni/87-podman-bridge.conflist

It should be enough to copy this file to the running machine, since there is no daemon to restart...

[kameshsampath]

• ideally using minikube podman-machine instead of docker for mac/windows

OK, so basically cut down on the number of VMs used. That is a supported use case indeed.
Right and wish you have one enviroment for seamless working between Kubernetes and simple container builds/runs. I also personally like the concept of pod in podman

Minikube normally does provide the docker daemon for this (instead of using containerd), so we could provide a podman alternative (when running with crio) for the users without a local possibility.

what I have observed atleast in mac is that crio seem to consume less cpu/memory compared to Docker, this will also help me to use tools like Buildah and Kaniko more naturally.

The other option would be to run one minikube with crio and one podman-machine, but that has the same downside as minikube with containerd and one docker-machine... More virtual machines.

Yes that is what I tried earlier and as you observed two vm' so dropped that paln

Another thing is Docker Desktop and reusing an existing VM, but there is no Podman Desktop.

If we happen the default network on in next version it will be super nice as user does not need add the network option.

I have added the PR to add the missing file to the minikube.iso image for the VM

If you could confirm that adding /etc/cni/net.d/87-podman-bridge.conflist fixes it, it would be great!

https://github.com/containers/libpod/blob/v1.8.2/cni/87-podman-bridge.conflist

It should be enough to copy this file to the running machine, since there is no daemon to restart...

@afbjorklund that works ! I added the 87-podman-bridge.conflist to the /etc/cni/net.d and running the same podman run -it --rm busybox /bin/sh works now without adding the --net=host option

[priyawadhwa]

@kameshsampath would you say your issue has been resolved? If so, it seems like the only thing left to do is document this.

[kameshsampath]

Yes as Anders suggestions worked Get Outlook for iOS<https://aka.ms/o0ukef>

…

________________________________ From: priyawadhwa <notifications@github.com> Sent: Monday, April 20, 2020 11:24:22 PM To: kubernetes/minikube <minikube@noreply.github.com> Cc: Kamesh Sampath <kamesh.sampath@hotmail.com>; Mention <mention@noreply.github.com> Subject: Re: [kubernetes/minikube] Using podman run with container runtime crio (#7709) @kameshsampath<https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fkameshsampath&data=02%7C01%7C%7C906c66ed6a234e7a630108d7e553dda2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637230020666897079&sdata=dqkdfy9FfcD2koehY9rANEIGQ40y380appeRAdlArpI%3D&reserved=0> would you say your issue has been resolved? If so, it seems like the only thing left to do is document this. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fkubernetes%2Fminikube%2Fissues%2F7709%23issuecomment-616714970&data=02%7C01%7C%7C906c66ed6a234e7a630108d7e553dda2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637230020666897079&sdata=ov6bN03NJgVGj%2BqXSuU1dCiiJvwO%2FNQI1EFYZ1H5DD8%3D&reserved=0>, or unsubscribe<https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAHHMIMXSZT533MTX5MWLA3RNSD45ANCNFSM4MJJ62BA&data=02%7C01%7C%7C906c66ed6a234e7a630108d7e553dda2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637230020666907083&sdata=V2paMNdMDNSlIsHVXudypSWzencr7gioW7OFTHteeWw%3D&reserved=0>.

[afbjorklund]

Should be in the v1.10.0-beta.0 already.

[afbjorklund]

Available in v1.10.0