From dc8ec320f67ea9ce13863039d169f9141a9b1f67 Mon Sep 17 00:00:00 2001
From: Max Goltzsche <max.goltzsche@gmail.com>
Date: Fri, 25 Sep 2020 00:53:28 +0200
Subject: [PATCH] Remove tuning and firewall CNI plugins

---
 Dockerfile                          |  4 ++--
 cni/net.d/87-podman-bridge.conflist | 31 +++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)
 create mode 100644 cni/net.d/87-podman-bridge.conflist

diff --git a/Dockerfile b/Dockerfile
index 6cd3994..7dfe59e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -52,7 +52,7 @@ ARG CNI_PLUGIN_VERSION=v0.8.5
 RUN git clone --branch=${CNI_PLUGIN_VERSION} https://github.com/containernetworking/plugins /go/src/github.com/containernetworking/plugins
 WORKDIR /go/src/github.com/containernetworking/plugins
 RUN set -ex; \
-	for PLUGINDIR in plugins/ipam/host-local plugins/main/loopback plugins/main/bridge plugins/meta/portmap plugins/meta/firewall plugins/meta/tuning; do \
+	for PLUGINDIR in plugins/ipam/host-local plugins/main/loopback plugins/main/bridge plugins/meta/portmap; do \
 		PLUGINBIN=/usr/libexec/cni/$(basename $PLUGINDIR); \
 		CGO_ENABLED=0 go build -o $PLUGINBIN -ldflags "-s -w -extldflags '-static'" ./$PLUGINDIR; \
 		[ "$(ldd $PLUGINBIN | grep -Ev '^\s+ldd \(0x[0-9a-f]+\)$' | wc -l)" -eq 0 ] || (ldd $PLUGINBIN; false); \
@@ -131,10 +131,10 @@ COPY --from=cniplugins /usr/libexec/cni /usr/libexec/cni
 COPY --from=fuse-overlayfs /usr/bin/fuse-overlayfs /usr/local/bin/fuse-overlayfs
 COPY --from=fuse-overlayfs /usr/bin/fusermount3 /usr/local/bin/fusermount3
 COPY --from=slirp4netns /slirp4netns/slirp4netns /usr/local/bin/slirp4netns
-COPY --from=podman /go/src/github.com/containers/podman/cni/87-podman-bridge.conflist /etc/cni/net.d/
 COPY --from=podman /usr/local/bin/podman /usr/local/bin/podman
 COPY --from=downloads /usr/local/bin/gosu /usr/local/bin/gosu
 COPY --from=runc   /usr/local/bin/runc   /usr/local/bin/runc
+COPY cni /etc/cni
 COPY containers.conf storage.conf /etc/containers/
 RUN set -eux; \
 	adduser -D podman -h /podman -u 100000; \
diff --git a/cni/net.d/87-podman-bridge.conflist b/cni/net.d/87-podman-bridge.conflist
new file mode 100644
index 0000000..8ee747e
--- /dev/null
+++ b/cni/net.d/87-podman-bridge.conflist
@@ -0,0 +1,31 @@
+{
+  "cniVersion": "0.4.0",
+  "name": "podman",
+  "plugins": [
+    {
+      "type": "bridge",
+      "bridge": "cni-podman0",
+      "isGateway": true,
+      "ipMasq": true,
+      "hairpinMode": true,
+      "ipam": {
+        "type": "host-local",
+        "routes": [{ "dst": "0.0.0.0/0" }],
+        "ranges": [
+          [
+            {
+              "subnet": "10.88.0.0/16",
+              "gateway": "10.88.0.1"
+            }
+          ]
+        ]
+      }
+    },
+    {
+      "type": "portmap",
+      "capabilities": {
+        "portMappings": true
+      }
+    }
+  ]
+}