local registry script with rootless podman Error: "slirp4netns" is not supported: invalid network mode

[mondo192]

What happened:
slirp4netns networking error

What you expected to happen:
no error

How to reproduce it (as minimally and precisely as possible):

1. Install kind with go
2. KIND_EXPERIMENTAL_PROVIDER=podman kind create cluster
3. Copy the script from https://kind.sigs.k8s.io/docs/user/local-registry/ and replace docker commands with podman
4. bash kind-with-registry.sh

Anything else we need to know?:
Using rootless podman

Environment:

• kind version: (use kind version): kind v0.12.0 go1.18 linux/amd64
• Kubernetes version: (use kubectl version):

Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.5", GitCommit:"c285e781331a3785a7f436042c65c5641ce8a9e9", GitTreeState:"clean", BuildDate:"2022-03-16T15:58:47Z", GoVersion:"go1.17.8", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.4", GitCommit:"e6c093d87ea4cbb530a7b2ae91e54c0842d8308a", GitTreeState:"clean", BuildDate:"2022-03-06T21:32:53Z", GoVersion:"go1.17.7", Compiler:"gc", Platform:"linux/amd64"}

• Docker version: (use docker info):

host:
  arch: amd64
  buildahVersion: 1.23.1
  cgroupControllers:
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.0-2.fc35.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.0, commit: '
  cpus: 12
  distribution:
    distribution: fedora
    variant: workstation
    version: "35"
  eventLogger: journald
  hostname: fedora
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.16.16-200.fc35.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 5251850240
  memTotal: 16438108160
  ociRuntime:
    name: crun
    package: crun-1.4.3-1.fc35.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.4.3
      commit: 61c9600d1335127eba65632731e2d72bc3f0b9e8
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.12-2.fc35.x86_64
    version: |-
      slirp4netns version 1.1.12
      commit: 7a104a101aa3278a2152351a082a6df71f57c9a3
      libslirp: 4.6.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.3
  swapFree: 8589930496
  swapTotal: 8589930496
  uptime: 30m 15.32s
plugins:
  log:
  - k8s-file
  - none
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  localhost:5000:
    Blocked: false
    Insecure: true
    Location: localhost:5000
    MirrorByDigestOnly: false
    Mirrors: null
    Prefix: localhost:5000
  registry.kube:
    Blocked: false
    Insecure: true
    Location: registry.kube
    MirrorByDigestOnly: false
    Mirrors: null
    Prefix: registry.kube
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /home/eamonn/.config/containers/storage.conf
  containerStore:
    number: 2
    paused: 0
    running: 2
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/eamonn/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 3
  runRoot: /run/user/1000/containers
  volumePath: /home/eamonn/.local/share/containers/storage/volumes
version:
  APIVersion: 3.4.4
  Built: 1638999907
  BuiltTime: Wed Dec  8 21:45:07 2021
  GitCommit: ""
  GoVersion: go1.16.8
  OsArch: linux/amd64
  Version: 3.4.4

• OS (e.g. from /etc/os-release):

NAME="Fedora Linux"
VERSION="35 (Workstation Edition)"
ID=fedora
VERSION_ID=35
VERSION_CODENAME=""
PLATFORM_ID="platform:f35"
PRETTY_NAME="Fedora Linux 35 (Workstation Edition)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:35"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f35/system-administrators-guide/"
SUPPORT_URL="https://ask.fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=35
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=35
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Workstation Edition"
VARIANT_ID=workstation

[aojea]

It seems that script does not work with podman rootless

[BenTheElder]

podman + rootless is doubly experimental. This script is only tested on docker but it does not do anything complex on the docker side, it should work. This feels like a podman bug.

[AkihiroSuda]

Not a "bug", simply podman network connect is unimplemented for slirp4netns mode.

[aojea]

Not a "bug", simply podman network connect is unimplemented for slirp4netns mode.

/close

[k8s-ci-robot]

@aojea: Closing this issue.

In response to this:

Not a "bug", simply podman network connect is unimplemented for slirp4netns mode.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[BenTheElder]

You can create a local registry by setting --net=kind on the docker run call and not doing the network connect bit, I can't remember the context on the current approach, we'd have to dig into the git history / PRs.

[davidkhala]

Not a "bug", simply podman network connect is unimplemented for slirp4netns mode.

But how can we make good use of rootless podman with rootless podman network support? This combination is easy to come up in user thought but "unimplemented"? Or any workaround to let a podman container join "slirp4netns" network?

[AkihiroSuda]

FYI: rootless docker has docker network connect

[grantcurell]

Are there plans to implement this in podman? Just ran into this trying to connect a container that was running

[stmcginnis]

Are there plans to implement this in podman? Just ran into this trying to connect a container that was running

This isn't really the best place to ask that.

https://github.com/containers/podman

[kuwv]

Seems like slirp4netns is default for podman here: https://docs.podman.io/en/stable/markdown/podman-network.1.html#slirp4netns

Rootless containers references it also: https://rootlesscontaine.rs/getting-started/podman/#changing-the-port-forwarder

[BenTheElder]

This script works with podman, docker, rootless docker AFAIK.
The Kubernetes project uses docker.

If anyone wants to look into contributing a fix for rootless podman and podman itself cannot be fixed:
https://kind.sigs.k8s.io/docs/contributing/getting-started/