charmed-kubernetes / actions-operator

Apache License 2.0
7 stars 17 forks source link

strict microk8s fails when container-registry-url is set #67

Closed javierdelapuente closed 10 months ago

javierdelapuente commented 11 months ago

When using microk8s from the strict channel, if the container-registry-url is set, the action fails with the next error:

EACCES: permission denied, open '/var/snap/microk8s/current/args/certs.d/docker.io/hosts.toml'

The error in the log is:

...
Initialize microk8s
  /usr/bin/bash -c sudo usermod -a -G snap_microk8s $USER
  Error: EACCES: permission denied, open '/var/snap/microk8s/current/args/certs.d/docker.io/hosts.toml'
...

It looks like the problem happens when running the next line while configuring microk8s: https://github.com/charmed-kubernetes/actions-operator/blob/acc5880236e30b0ea55b70c67a1c9ea5d1c722df/src/bootstrap/index.ts#L96

This works correctly when the microk8s snap confinment is classic.

You can see examples of the execution failing here:

hemanthnakkina commented 10 months ago

Same issue in canonical/sunbeam-terraform repo https://github.com/canonical/sunbeam-terraform/actions/runs/7473125546

microk8s is from strict channel but container-registry-url is not explicitly set.

cbartz commented 10 months ago

Same issue in canonical/sunbeam-terraform repo https://github.com/canonical/sunbeam-terraform/actions/runs/7473125546

microk8s is from strict channel but container-registry-url is not explicitly set.

Yes, because you are using our self-hosted runners (https://github.com/canonical/sunbeam-terraform/actions/runs/7473125546/job/20336784983#step:1:2), which sets it by default via an environment variable.

weiiwang01 commented 10 months ago

I have opened this pull request to fix this issue https://github.com/charmed-kubernetes/actions-operator/pull/68