Не могу запустить контейнер podman и не могу добавить контейнер в pod на CentOS8.
Я пробовал обычные действия, например:
Убедился, что запускаю с чистого состояния:
sudo podman system reset
, который удалил все образы, контейнеры и т.д. sudo podman run -dt --rm nginx
- образ успешно подтягивается, но podman выдает следующую ошибку: Error while adding pod to CNI network "podman": failed to add the address 10.88.0.122/32 to trusted zone: COMMAND_FAILED: 'python-nftables' failed:
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING_ZONES_SOURCE", "expr": [{"match": {"left": {"payload": {"protocol": "ip", "field": "saddr"}}, "op": "==", "right": {"prefix": {"addr": "10.88.0.122", "len": 32}}}}, {"goto": {"target": "raw_PRE_trusted"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES_SOURCE", "expr": [{"match": {"left": {"payload": {"protocol": "ip", "field": "saddr"}}, "op": "==", "right": {"prefix": {"addr": "10.88.0.122", "len": 32}}}}, {"goto": {"target": "mangle_PRE_trusted"}}]}}}, {"insert": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES_SOURCE", "expr": [{"match": {"left": {"payload": {"protocol": "ip", "field": "saddr"}}, "op": "==", "right": {"prefix": {"addr": "10.88.0.122", "len": 32}}}}, {"goto": {"target": "nat_PRE_trusted"}}]}}}, {"insert": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES_SOURCE", "expr": [{"match": {"left": {"payload": {"protocol": "ip", "field": "daddr"}}, "op": "==", "right": {"prefix": {"addr": "10.88.0.122", "len": 32}}}}, {"goto": {"target": "nat_POST_trusted"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES_SOURCE", "expr": [{"match": {"left": {"payload": {"protocol": "ip", "field": "saddr"}}, "op": "==", "right": {"prefix": {"addr": "10.88.0.122", "len": 32}}}}, {"goto": {"target": "filter_IN_trusted"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_IN_ZONES_SOURCE", "expr": [{"match": {"left": {"payload": {"protocol": "ip", "field": "saddr"}}, "op": "==", "right": {"prefix": {"addr": "10.88.0.122", "len": 32}}}}, {"goto": {"target": "filter_FWDI_trusted"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZONES_SOURCE", "expr": [{"match": {"left": {"payload": {"protocol": "ip", "field": "daddr"}}, "op": "==", "right": {"prefix": {"addr": "10.88.0.122", "len": 32}}}}, {"goto": {"target": "filter_FWDO_trusted"}}]}}}]}
Что мешает podman добавить pod в сеть podman
?
Вы используете сетевой плагин nftables? Читайте здесь: https://github.com/greenpau/cni-plugins