Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mention fix for AppArmor related permission errors #5842

Merged
merged 1 commit into from
Nov 9, 2019
Merged

mention fix for AppArmor related permission errors #5842

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 28 additions & 5 deletions site/content/en/docs/Tasks/docker_daemon.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,19 +27,23 @@ You should now be able to use docker on the command line on your host mac/linux
docker ps
```

Remember to turn off the _imagePullPolicy:Always_, as otherwise Kubernetes won't use images you built locally.

### Possible errors and solutions

Docker may report following forbidden error if you are using http proxy and the `$(minikube ip)` is not added to `no_proxy`/`NO_PROXY`:

```shell
```
error during connect: Get https://192.168.39.98:2376/v1.39/containers/json: Forbidden
```

On Centos 7, docker may report the following error:

```shell
```
Could not read CA certificate "/etc/docker/ca.pem": open /etc/docker/ca.pem: no such file or directory
```

The fix is to update /etc/sysconfig/docker to ensure that minikube's environment changes are respected:
The fix is to update ``/etc/sysconfig/docker`` to ensure that minikube's environment changes are respected:

```diff
< DOCKER_CERT_PATH=/etc/docker
Expand All @@ -49,8 +53,27 @@ The fix is to update /etc/sysconfig/docker to ensure that minikube's environment
> fi
```

Remember to turn off the _imagePullPolicy:Always_, as otherwise Kubernetes won't use images you built locally.
When you're using a docker installed via `snap` on a distribution like Ubuntu that uses AppArmor profiles the following error may appear:

```
could not read CA certificate "/home/USERNAME/.minikube/certs/ca.pem": open /home/USERNAME/.minikube/certs/ca.pem: permission denied
```

The solution is to allow docker to read the minikube certificates by adding a line in ``/var/lib/snapd/apparmor/profiles/snap.docker.docker`` file:

```shell
# allow docker to read minikube certificates
owner @{HOME}/.minikube/certs/* r,
```

After that check for syntax errors and try again:

```shell
sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.docker.docker
eval $(minikube docker-env)
docker ps
```

## Related Documentation

- [docker_registry.md](Using the Docker registry)
- [docker_registry.md](Using the Docker registry)