nerdctl system prune --all doesn't work without "firewall" plugin

[nakamorichi]

Description

Not exactly sure if this is a bug, but I tried running nerdctl system prune --all in k3s, and got following error:

FATA[0000] needs CNI plugin "firewall" to be installed in CNI_PATH ("/var/lib/rancher/k3s/data/current/bin"), see https://github.com/containernetworking/plugins/releases: exec: "/var/lib/rancher/k3s/data/current/bin/firewall": stat /var/lib/rancher/k3s/data/current/bin/firewall: no such file or directory

nerdctl version output:

WARN[0000] unable to determine buildctl version: exec: "buildctl": executable file not found in $PATH
WARN[0000] unable to determine runc version: exec: "runc": executable file not found in $PATH
Client:
 Version:	v0.22.2
 OS/Arch:	linux/amd64
 Git commit:	2899222cb0715f1e5ffe356d10c3439ee8ee3ba4
 builctl:
  Version:

Server:
 containerd:
  Version:	v1.6.6-k3s1
  GitCommit:
 runc:
  Version:

Steps to reproduce the issue

run nerdctl system prune --all in k3s setup.

Describe the results you received and expected

nerdctl system prune --all should complete without errors.

What version of nerdctl are you using?

v0.22.2

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

No response

Host information

Client:
Namespace: k8s.io
Debug Mode: false

Server:
Server Version: v1.6.6-k3s1
Storage Driver: stargz
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Log: fluentd journald json-file
Storage: stargz
Security Options:
apparmor
seccomp
Profile: default
cgroupns
Kernel Version: 5.8.0-33-generic
Operating System: Ubuntu 20.04 LTS
OSType: linux
Architecture: x86_64
CPUs: 16
Total Memory: 31.26GiB
Name: my-cluster
ID: b7ee670e-fe5e-442d-aeeb-3906bc4c1016

[junnplus]

It looks like missing the default network, CNIEnv will recreate it and the bridge network need a firewall plugin.

[fahedouch]

missing default network should not block deleting network

[yardenshoham]

Does #1304 fix this?

[nakamorichi]

Still not working with nerdctl 0.23.0:

nerdctl version
WARN[0000] unable to determine buildctl version: exec: "buildctl": executable file not found in $PATH
WARN[0000] unable to determine runc version: exec: "runc": executable file not found in $PATH
Client:
 Version:	v0.23.0
 OS/Arch:	linux/amd64
 Git commit:	660680b7ddfde1d38a66ec1c7f08f8d89ab92c68
 builctl:
  Version:

Server:
 containerd:
  Version:	v1.6.8-k3s1
  GitCommit:
 runc:
  Version:

nerdctl system prune --all
WARNING! This will remove:
  - all stopped containers
  - all networks not used by at least one container
  - all images without at least one container associated to them

Are you sure you want to continue? [y/N] y
Deleted Containers:
c97bf906a123857b0aec0e772b15fb591780dc56b14a05935e30115785b0cfb3
d2d9074b2e88e1315bc24fc3fef4620f6b6c1534ceb04b2a0224382e96b695f1

FATA[0014] needs CNI plugin "firewall" to be installed in CNI_PATH ("/var/lib/rancher/k3s/data/current/bin"), see https://github.com/containernetworking/plugins/releases: exec: "/var/lib/rancher/k3s/data/current/bin/firewall": stat /var/lib/rancher/k3s/data/current/bin/firewall: no such file or directory

[dioguerra]

I just updated nerdctl to version v1.0.0 and i'm getting an error:

sudo nerdctl system prune --all
WARNING! This will remove:
  - all stopped containers
  - all networks not used by at least one container
  - all images without at least one container associated to them

Are you sure you want to continue? [y/N] y
FATA[0002] subnet 10.4.0.0/24 overlaps with other one on this address space

Now my env is broken, any pointers?

[apostasie]

Hey @nakamorichi

Just tested right now (on main), without the firewall plugin, and it seems to work.
Could you confirm on your side this is fixed?

Thanks a lot!

@dioguerra hard to tell without more details

[apostasie]

@AkihiroSuda WFM on main. OP unresponsive.

Suggesting we close.