无法启动 podman 容器,也无法将容器添加到 CentOS8 上的 pod。
我已经尝试过通常的操作,例如:
确保我从干净的状态开始:
sudo podman system reset它已删除所有图像、容器等。sudo podman run -dt --rm nginx-- 图像被成功拉取,但是 podman 抛出了以下错误:
Error while adding pod to CNI network "podman": failed to add the address 10.88.0.122/32 to trusted zone: COMMAND_FAILED: 'python-nftables' failed:
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING_ZONES_SOURCE", "expr": [{"match": {"left": {"payload": {"protocol": "ip", "field": "saddr"}}, "op": "==", "right": {"prefix": {"addr": "10.88.0.122", "len": 32}}}}, {"goto": {"target": "raw_PRE_trusted"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES_SOURCE", "expr": [{"match": {"left": {"payload": {"protocol": "ip", "field": "saddr"}}, "op": "==", "right": {"prefix": {"addr": "10.88.0.122", "len": 32}}}}, {"goto": {"target": "mangle_PRE_trusted"}}]}}}, {"insert": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES_SOURCE", "expr": [{"match": {"left": {"payload": {"protocol": "ip", "field": "saddr"}}, "op": "==", "right": {"prefix": {"addr": "10.88.0.122", "len": 32}}}}, {"goto": {"target": "nat_PRE_trusted"}}]}}}, {"insert": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES_SOURCE", "expr": [{"match": {"left": {"payload": {"protocol": "ip", "field": "daddr"}}, "op": "==", "right": {"prefix": {"addr": "10.88.0.122", "len": 32}}}}, {"goto": {"target": "nat_POST_trusted"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES_SOURCE", "expr": [{"match": {"left": {"payload": {"protocol": "ip", "field": "saddr"}}, "op": "==", "right": {"prefix": {"addr": "10.88.0.122", "len": 32}}}}, {"goto": {"target": "filter_IN_trusted"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_IN_ZONES_SOURCE", "expr": [{"match": {"left": {"payload": {"protocol": "ip", "field": "saddr"}}, "op": "==", "right": {"prefix": {"addr": "10.88.0.122", "len": 32}}}}, {"goto": {"target": "filter_FWDI_trusted"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZONES_SOURCE", "expr": [{"match": {"left": {"payload": {"protocol": "ip", "field": "daddr"}}, "op": "==", "right": {"prefix": {"addr": "10.88.0.122", "len": 32}}}}, {"goto": {"target": "filter_FWDO_trusted"}}]}}}]}
什么原因阻止 podman 将 pod 添加到podman网络?
答案1
你在使用 nftables 网络插件吗?请阅读此处: https://github.com/greenpau/cni-plugins