From 5a45672e04420e09cf068869b6694d0bcd03ce08 Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Tue, 2 Jun 2026 16:39:53 +0200 Subject: [PATCH] build: document built-in CNI bridge networking for BuildKit The CNI networking section claimed CNI was "not yet" available in the default BuildKit image. A built-in bridge network provider with bundled CNI plugins has shipped since BuildKit v0.13.0 (moby/buildkit#4352), so the claim is outdated. Document the bridge mode (--oci-worker-net=bridge) that needs no custom image, and keep the custom-image path under a "Custom CNI configuration" subheading. Follow-up to moby/buildkit#6817. Co-Authored-By: Claude Opus 4.8 (1M context) --- content/manuals/build/buildkit/configure.md | 26 ++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/content/manuals/build/buildkit/configure.md b/content/manuals/build/buildkit/configure.md index c05b2b2dbd0c..367a62fe1d9b 100644 --- a/content/manuals/build/buildkit/configure.md +++ b/content/manuals/build/buildkit/configure.md @@ -136,9 +136,29 @@ $ docker buildx build --push --tag myregistry.com/myimage:latest . ## CNI networking CNI networking for builders can be useful for dealing with network port -contention during concurrent builds. CNI is [not yet](https://github.com/moby/buildkit/issues/28) -available in the default BuildKit image. But you can create your own image that -includes CNI support. +contention during concurrent builds. + +### Bridge networking + +The BuildKit image ships with a built-in bridge network provider that uses a +minimal set of bundled CNI plugins, so you don't need to build a custom image +or supply your own CNI configuration. To use it, set the worker network mode to +`bridge` when you create the builder: + +```console +$ docker buildx create --use --bootstrap \ + --name mybuilder \ + --driver docker-container \ + --buildkitd-flags "--oci-worker-net=bridge" +``` + +BuildKit creates a `buildkit0` bridge with a default subnet of `10.10.0.0/16`, +and cleans up the bridge automatically when the daemon shuts down. + +### Custom CNI configuration + +For more control over networking, build a custom BuildKit image with your own +CNI configuration and plugins. The following Dockerfile example shows a custom BuildKit image with CNI support. It uses the [CNI config for integration tests](https://github.com/moby/buildkit/blob/master//hack/fixtures/cni.json)