Attempting to get Minikube running on Ubuntu with Docker installed via Snap, and trying to utilize Docker directly , after performing a “eval $(minikube docker-env)”” for the minikube environment resulted in the following error:

hero@hv1:~$ docker ps

could not read CA certificate "/home/hero/.minikube/certs/ca.pem": open /home/hero/.minikube/certs/ca.pem: permission denied

This was because snap isolates everything in AppArmor profiles for better or worse, see: https://docs.ubuntu.com/core/en/guides/intro/security

How to fix:

Edit the AppArmor profile.

/var/lib/snapd/apparmor/profiles/snap.docker.docker

add:

owner @{HOME}/.minikube/certs/*

Run Commands:

eval $(minikube docker-env)

apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.docker.docker

docker ps

hero@hv1:~$ docker ps
CONTAINER ID        IMAGE                                      COMMAND                  CREATED             STATUS              PORTS               NAMES
39b186b346f5        k8s.gcr.io/k8s-dns-sidecar-amd64           "/sidecar --v=2 --..."   44 minutes ago      Up 44 minutes                           k8s_sidecar_kube-dns-86f4d74b45-q74tw_kube-system_c708749e-a3da-11e8-a19f-e452b0928c7b_0
30280d9c5deb        k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64     "/dnsmasq-nanny -v..."   44 minutes ago      Up 44 minutes                           k8s_dnsmasq_kube-dns-86f4d74b45-q74tw_kube-system_c708749e-a3da-11e8-a19f-e452b0928c7b_0
10be502d9c0c        gcr.io/k8s-minikube/storage-provisioner    "/storage-provisioner"   44 minutes ago      Up 44 minutes                           k8s_storage-provisioner_storage-provisioner_kube-system_c8863e32-a3da-11e8-a19f-e452b0928c7b_0
09bb155312a5        k8s.gcr.io/kubernetes-dashboard-amd64      "/dashboard --inse..."   44 minutes ago      Up 44 minutes                           k8s_kubernetes-dashboard_kubernetes-dashboard-5498ccf677-w5vcb_kube-system_c868c565-a3da-11e8-a19f-e452b0928c7b_0
cf68cf27563c        k8s.gcr.io/k8s-dns-kube-dns-amd64          "/kube-dns --domai..."   45 minutes ago      Up 45 minutes                           k8s_kubedns_kube-dns-86f4d74b45-q74tw_kube-system_c708749e-a3da-11e8-a19f-e452b0928c7b_0
ff5a8a032756        k8s.gcr.io/kube-proxy-amd64                "/usr/local/bin/ku..."   45 minutes ago      Up 45 minutes                           k8s_kube-proxy_kube-proxy-czzq5_kube-system_c6ea1dce-a3da-11e8-a19f-e452b0928c7b_0
4d64f12abdbc        k8s.gcr.io/pause-amd64:3.1                 "/pause"                 45 minutes ago      Up 45 minutes                           k8s_POD_storage-provisioner_kube-system_c8863e32-a3da-11e8-a19f-e452b0928c7b_0
5d2f92112b7a        k8s.gcr.io/pause-amd64:3.1                 "/pause"                 45 minutes ago      Up 45 minutes                           k8s_POD_kubernetes-dashboard-5498ccf677-w5vcb_kube-system_c868c565-a3da-11e8-a19f-e452b0928c7b_0
91e73dfe81f6        k8s.gcr.io/pause-amd64:3.1                 "/pause"                 45 minutes ago      Up 45 minutes                           k8s_POD_kube-dns-86f4d74b45-q74tw_kube-system_c708749e-a3da-11e8-a19f-e452b0928c7b_0
5e89eb99579a        k8s.gcr.io/pause-amd64:3.1                 "/pause"                 45 minutes ago      Up 45 minutes                           k8s_POD_kube-proxy-czzq5_kube-system_c6ea1dce-a3da-11e8-a19f-e452b0928c7b_0
da6c9eafae2c        k8s.gcr.io/kube-apiserver-amd64            "kube-apiserver --..."   45 minutes ago      Up 45 minutes                           k8s_kube-apiserver_kube-apiserver-minikube_kube-system_714c056ad938717aec9e833aef216fb2_0
0ce2b54cb33f        k8s.gcr.io/kube-controller-manager-amd64   "kube-controller-m..."   About an hour ago   Up About an hour                        k8s_kube-controller-manager_kube-controller-manager-minikube_kube-system_616b5ac4330c44cea0acbc6967367c50_0
1998b6265f6e        k8s.gcr.io/etcd-amd64                      "etcd --peer-clien..."   About an hour ago   Up About an hour                        k8s_etcd_etcd-minikube_kube-system_bd81b00b570100a3e030cbf60f623e6b_0
28206f50f141        k8s.gcr.io/kube-scheduler-amd64            "kube-scheduler --..."   About an hour ago   Up About an hour                        k8s_kube-scheduler_kube-scheduler-minikube_kube-system_2acb197d598c4730e3f5b159b241a81b_0
c155f7ffd5cb        k8s.gcr.io/kube-addon-manager              "/opt/kube-addons.sh"    About an hour ago   Up About an hour                        k8s_kube-addon-manager_kube-addon-manager-minikube_kube-system_3afaf06535cc3b85be93c31632b765da_0
ad640e3cb16f        k8s.gcr.io/pause-amd64:3.1                 "/pause"                 About an hour ago   Up About an hour                        k8s_POD_kube-apiserver-minikube_kube-system_714c056ad938717aec9e833aef216fb2_0
8e1c90eeeea0        k8s.gcr.io/pause-amd64:3.1                 "/pause"                 About an hour ago   Up About an hour                        k8s_POD_kube-addon-manager-minikube_kube-system_3afaf06535cc3b85be93c31632b765da_0
2bf54a078a1c        k8s.gcr.io/pause-amd64:3.1                 "/pause"                 About an hour ago   Up About an hour                        k8s_POD_kube-controller-manager-minikube_kube-system_616b5ac4330c44cea0acbc6967367c50_0
76e36eb71dbf        k8s.gcr.io/pause-amd64:3.1                 "/pause"                 About an hour ago   Up About an hour                        k8s_POD_etcd-minikube_kube-system_bd81b00b570100a3e030cbf60f623e6b_0
cfd150228dc3        k8s.gcr.io/pause-amd64:3.1                 "/pause"                 About an hour ago   Up About an hour                        k8s_POD_kube-scheduler-minikube_kube-system_2acb197d598c4730e3f5b159b241a81b_0

Yay!

I wrote a bug on Minikube’s github for more visibility, and hopefully help someone else out in the future https://github.com/kubernetes/minikube/issues/3083

Minikube on Ubuntu - Could Not Read CA certificate

Contents

How to fix:

Edit the AppArmor profile.

Run Commands: