ARTIFACTORY: How to resolve permission denied error while managing Helm repository

ARTIFACTORY: How to resolve permission denied error while managing Helm repository
AuthorFullName__c
Kajaal R
articleNumber
000006245
ft:sourceType
Salesforce
FirstPublishedDate
2024-11-25T11:24:47Z
lastModifiedDate
2024-11-25
VersionNumber
3
Symptoms


Error faced : open /etc/docker/certs.d/<servername>.jfrog.io: permission denied

The certificate error is common when respective server certificates are not trusted by the Docker daemon. 


But, why is Docker coming into the picture when we perform Helm login

 

When you start Minikube with the command minikube start --driver=docker, you're instructing the minikube to use Docker containers to run the Kubernetes components instead of a virtual machine (VM). This approach is more efficient because:
  1. Resource Efficiency: Docker containers are lightweight compared to VMs, leading to lower resource consumption.
  2. Speed: Starting Kubernetes with Docker is generally faster than booting a full VM.
  3. Simplified Management: Using Docker simplifies operations and allows leveraging existing container management tools.
  4. Default Behavior: If you don’t specify a driver, Minikube may default to a VM-based driver, which can increase resource usage and complexity.

 

How to troubleshoot the error:

Minikube with docker as driver is started before the login, as K8s clusters are being leveraged.

By looking at the error, it is related to permission. Therefore,
we need to acquire the ssl certificate (in this case, Artifactory’s certificate) and update the crt file within the certs.d folder of the docker.
  • After performing the “minikube start –driver=docker”
    User-added image 
  • Run “minikube ssh”:minikube ssh facilitates direct interaction with the Minikube container, allowing you to configure and inspect its Docker environment, isolated from your local Docker setup

    User-added image 
  • Move into the /etc/docker folder and check the if +x permissions (755) attached to this folder and files within.
  • Now, add the certificate to the certs.d folder within the docker directory and restart the service to resolve the reported error.

    NOTE: When you access /etc/docker via minikube ssh, you are interacting with the Docker configuration specific to the Minikube instance. This directory contains Docker configurations and settings that are used by the Docker daemon running within the Minikube VM or container. Changes or configurations here affect only the Docker environment within that specific Minikube instance.

    In contrast, the /etc/docker directory present on your local machine (if Docker is installed and running locally) contains configurations related to the Docker daemon operating on your host system.

    Finally, if the issue persists even after carrying out the above mentioned steps, please reach out to JFrog Support.