Articles

Minikube CNI Plugin: Choose Network Interface Driver (2026)

April 18, 2026 8 min read

Minikube’s default CNI plugin, bridge, is often the culprit when you’re seeing network issues in your cluster because it binds directly to a specific network interface, and if that interface isn’t the one you expect, or if it’s unavailable, your pods won’t get IP addresses.

Common Causes and Fixes for Minikube CNI Plugin Network Interface Issues

This problem typically manifests as pods stuck in a ContainerCreating state, or failing to get an IP address, often accompanied by errors like ErrImagePull or ImagePullBackOff (because the node can’t pull images) or NoRouteToHost when trying to reach external services.

Here are the most common reasons and how to fix them:

  1. Minikube binding to the wrong host interface.

    • Diagnosis: Check which interface Minikube is configured to use.
      minikube ssh 'ip a'
      Look for an interface named docker0 (if using Docker driver) or similar, and see if it has an IP address that aligns with your expected network. More directly, check the Minikube configuration itself:
      minikube config get network
      If it’s not set, or set to an unexpected value, this is likely the issue.
    • Fix: Explicitly tell Minikube to use a specific network interface. This is done using the --network flag when starting Minikube, or by setting the network configuration option. For example, if you want Minikube to use your primary Wi-Fi interface (e.g., wlan0 on Linux, or Wi-Fi on macOS):
      minikube start --network wlan0 --driver=docker
# Or for macOS:
minikube start --network Wi-Fi --driver=docker
      If you want to set it permanently:
      minikube config set network wlan0
minikube start --driver=docker
      This forces Minikube’s internal network bridge to attach to the specified host interface, ensuring that traffic from your pods can route correctly through your host’s network connection.
    • Why it works: The bridge CNI plugin creates a virtual bridge on the host and attaches it to a physical network interface. By specifying the interface, you guarantee that the bridge is connected to the network you intend to use for your Minikube VM.

  2. NetworkManager or other host network managers interfering.

    • Diagnosis: On Linux systems using NetworkManager, it can sometimes reconfigure interfaces or prevent Minikube from properly binding its bridge. Check your /var/log/syslog or journalctl -f for messages related to NetworkManager and minikube or docker0.
    • Fix: Temporarily disable NetworkManager or configure it to ignore the interface Minikube needs. A more robust solution is often to use a different Minikube driver that doesn’t rely on the host’s default networking as heavily, or to ensure Minikube is started after your primary network is established and stable.
      # On Linux, to temporarily stop NetworkManager:
sudo systemctl stop NetworkManager
minikube start --driver=docker
sudo systemctl start NetworkManager # Restart it afterwards
      This allows Minikube to establish its network without interference.
    • Why it works: NetworkManager, by default, tries to manage all network interfaces. Stopping it briefly allows Minikube to set up its own isolated network environment without contention.

  3. Firewall rules blocking CNI traffic.

    • Diagnosis: Host firewalls (like ufw on Ubuntu, firewalld on CentOS/Fedora, or macOS’s built-in firewall) might be blocking the IP range used by Minikube’s pods or the bridge interface itself. Check your firewall status and logs.
      # For ufw:
sudo ufw status verbose
# For firewalld:
sudo firewall-cmd --list-all
      Look for rules that might be dropping traffic from 192.168.x.x or 10.244.x.x (common Minikube internal IPs).
    • Fix: Add specific rules to allow traffic for Minikube’s IP ranges and its bridge interface. For example, to allow traffic from the default Minikube subnet 192.168.49.0/24 on Ubuntu with ufw:
      sudo ufw allow from 192.168.49.0/24 to any
# If using a different driver/subnet, adjust accordingly.
# For Docker driver, it might be the docker0 bridge.
      If you’re unsure of the subnet, minikube ssh 'ip a' will show you the IP address of the docker0 or similar interface, and you can infer the subnet from that.
    • Why it works: Firewalls are designed to block traffic by default. Explicitly allowing traffic from Minikube’s internal network ensures that packets can flow between your pods, the Minikube VM, and the host.

  4. Outdated Minikube or Docker versions.

    • Diagnosis: Older versions of Minikube or its underlying driver (like Docker) can have known bugs or incompatibilities with newer kernel features or network configurations. Check your versions:
      minikube version
docker version
    • Fix: Update Minikube and your Docker client/daemon to their latest stable versions.
      # Example for updating Minikube (Linux/macOS):
curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
chmod +x minikube
sudo mv minikube /usr/local/bin/
      Then, restart Minikube.
    • Why it works: Updates often contain bug fixes for networking issues, ensuring compatibility with modern operating system network stacks and CNI plugins.

  5. IP address conflicts with the host network.

    • Diagnosis: If the subnet Minikube uses internally (e.g., 192.168.49.0/24) overlaps with your host’s local network (e.g., your home router also uses 192.168.49.x), routing will break. Check your host’s IP configuration:
      ip addr show # Linux
ifconfig # macOS
      Then, check Minikube’s internal IP range.
    • Fix: Configure Minikube to use a different IP range. This is done via the --subnet flag during minikube start.
      minikube start --subnet 192.168.50.0/24 --driver=docker
      Choose a subnet that you are certain is not in use on your local network.
    • Why it works: By selecting a unique subnet, you prevent any ambiguity in routing decisions between your host’s network and Minikube’s internal pod network.

  6. CNI plugin not being loaded correctly (less common with bridge).

    • Diagnosis: Sometimes, the CNI plugin itself might not be properly initialized or configured within the Kubernetes node. This is harder to diagnose directly without deep access to the node’s CNI configuration files. However, if pods are stuck in ContainerCreating and kubectl describe pod <pod-name> shows no obvious network errors but mentions CNI, this might be the case.
    • Fix: Delete and recreate the Minikube cluster. This forces a fresh setup of all Kubernetes components, including the CNI.
      minikube delete
minikube start --driver=docker
      If the issue persists, try a different CNI plugin or driver. For example, using the host-local CNI can sometimes be more stable if you’re having persistent issues with bridge and network interface binding.
      minikube start --network host-local --driver=docker
    • Why it works: Deleting and recreating the cluster ensures a clean slate, re-initializing all Kubernetes components, including the CNI, from scratch. host-local bypasses some of the bridge complexities by directly assigning IPs from a host-local pool, which can sometimes avoid interface-specific problems.

After resolving these, the next error you might encounter is related to DNS resolution within pods if kube-dns or CoreDNS isn’t starting correctly, often indicated by ImagePullBackOff for the DNS pods or connection timed out when trying to curl external hostnames.

Minikube Networking: The Hidden Power of --network host

Minikube’s networking is often treated as a black box, but the most counterintuitive way to achieve maximum compatibility and avoid CNI headaches is to tell Minikube to not create its own bridge network at all, but instead to share the host’s network namespace directly.

package main

import (
	"fmt"
	"net/http"
)

func handler(w http.ResponseWriter, r *http.Request) {
	fmt.Fprintf(w, "Hello from a pod on Minikube, using host networking!")
}

func main() {
	http.HandleFunc("/", handler)
	fmt.Println("Server starting on port 8080...")
	http.ListenAndServe(":8080", nil)
}

If you build this simple Go application into a Docker image (let’s call it host-net-app) and deploy it to a Minikube cluster started with --network host, you can kubectl port-forward to it and access it directly from your host machine without any complex bridge configurations.

When you start Minikube with minikube start --network host --driver=docker, the Minikube VM itself doesn’t get its own IP address on a separate bridge. Instead, the Kubernetes nodes inside the Minikube VM share the network interfaces of the host machine directly. This means pods running on the Minikube node will appear to have IP addresses from your host’s network range, and they can reach external services directly without NAT.

This mode is incredibly useful for testing network-sensitive applications or when you’re developing services that need to bind to specific host ports or interact directly with host network interfaces. You’re essentially running Kubernetes on your host’s network, rather than behind it.

The one thing most people don’t know is that when you use --network host, the CNI plugin is effectively bypassed for pod networking. Instead of assigning IPs from a CNI-managed subnet, pods are assigned IPs from the host’s network, and they inherit the host’s routing table and network interfaces. This means you can run services on 0.0.0.0:8080 within a pod, and they’ll be directly accessible on your host’s 0.0.0.0:8080, provided no other process on the host is using that port.

The next concept you’ll likely want to explore is how to manage multiple network interfaces on the host and direct Minikube traffic to specific ones when --network host is not an option, or how to configure more advanced CNI plugins like Cilium or Calico for production-like network policies.

Want structured learning?

Take the full Minikube course →