strict microk8s fails when container-registry-url is set

[javierdelapuente]

When using microk8s from the strict channel, if the container-registry-url is set, the action fails with the next error:

EACCES: permission denied, open '/var/snap/microk8s/current/args/certs.d/docker.io/hosts.toml'

The error in the log is:

...
Initialize microk8s
  /usr/bin/bash -c sudo usermod -a -G snap_microk8s $USER
  Error: EACCES: permission denied, open '/var/snap/microk8s/current/args/certs.d/docker.io/hosts.toml'
...

It looks like the problem happens when running the next line while configuring microk8s: https://github.com/charmed-kubernetes/actions-operator/blob/acc5880236e30b0ea55b70c67a1c9ea5d1c722df/src/bootstrap/index.ts#L96

This works correctly when the microk8s snap confinment is classic.

You can see examples of the execution failing here:

• https://github.com/canonical/synapse-operator/actions/runs/7409392889
• https://github.com/cbartz/gh-runner-test/actions/runs/7411805422

[hemanthnakkina]

Same issue in canonical/sunbeam-terraform repo https://github.com/canonical/sunbeam-terraform/actions/runs/7473125546

microk8s is from strict channel but container-registry-url is not explicitly set.

[cbartz]

Same issue in canonical/sunbeam-terraform repo https://github.com/canonical/sunbeam-terraform/actions/runs/7473125546

microk8s is from strict channel but container-registry-url is not explicitly set.

Yes, because you are using our self-hosted runners (https://github.com/canonical/sunbeam-terraform/actions/runs/7473125546/job/20336784983#step:1:2), which sets it by default via an environment variable.

[weiiwang01]

I have opened this pull request to fix this issue https://github.com/charmed-kubernetes/actions-operator/pull/68