, ,

Podman begins CNI plugins deprecation

Happy New Year from the Podman team! This year will begin with a change. Since the inception of Podman, it has used the Container Networking Interface (CNI) plugins as its core networking stack. Our users began to push us to expand our network stack capabilities to implement more advanced networking and domain name serving. Those capabilities were not in line with upstream CNI and in fact diverged from some of their future considerations. This prompted us to design and release our own network stack based on in-house projects netavark and aardvark-dns.

Both portions of the new stack are more than a year old and have been supported since Janurary 2022. We have been pleased with user feedback and have been working hard to eliminate any functional gaps between CNI and netavark. The only scenario that remains incomplete is MACVLAN with DHCP support. You can track its progress on its github project page. In the near future, a deprecation announcement will be added to Podman.

We will allow a lengthy time between when the deprecation announcement is made and when we deprecate it. Deprecate, in this case, means the actual removal of code (or use of a build tag to not compile it). As such, Linux distributions have final say on when the actual deprecation begins in their cases. For example, Fedora requires us to not do the actual removal in the middle of active release; so the deprecation will occur alongside a new Fedora release. The same is true for RHEL.

How do I know if I am using CNI or Netavark?

If you are using Podman 3.X, you are using CNI as support for Netavark was added to Podman 4. If you are on Podman 4, you can run podman info to check.

$ sudo podman info
host:
  arch: amd64
  buildahVersion: 1.29.0-dev
  ...
  memFree: 16088698880
  memTotal: 33380950016
  networkBackend: netavark
  ociRuntime:
    name: crun
    package: crun-1.7.2-3.fc37.x86_64
    ...

How can I switch to Netavark?

If you discover you are still using the CNI stack, switching it relatively easy though destructive to both containers, images, and networks; all of which will be removed. The first step in switching is to ensure you have netavark and aardvark-dns installed. Distribution support of these two packages does vary. To switch from CNI to netavark, you can use the podman system reset command.

podman system reset

The command podman system reset is a destructive command. It resets all containers, container images, and networks. Before running this command, make sure you can tolerate the loss of those things.

Once complete, Podman will automatically begin to use netavark.

5 responses to “Podman begins CNI plugins deprecation”

  1. Jeff Avatar

    I have podman version 4.2.
    Installed netavark and aardvark-dns
    ran podman system reset
    It’s still using CNI network backend.

    1. Jeff Avatar

      Just for more information:

      podman system info | grep Version
      buildahVersion: 1.27.3
      cgroupVersion: v1
      APIVersion: 4.2.0
      GoVersion: go1.18.4
      Version: 4.2.0

      podman system info | grep networkBackend
      networkBackend: cni

    2. Brent Baude Avatar

      I am unable to help you with the information provided. If you would like to file an issue at https://github.com/containers/podman/issues following the template provided we can more likely help you.

  2. Alexander Avatar

    Can one switch without wiping everything? I don’t like to recreate all stuff that I have.

    1. Brent Baude Avatar

      No you cannot unfortunately. But, you can happily use CNI until it is *actually* deprecated. Again, this is just an announcement of intention right now.

Leave a Reply

Subscribe

Sign up with your email address to receive updates by email from this website.


Categories


Search