12

When I run commands under k3s kubectl, I get

$ k3s kubectl version
WARN[0000] Unable to read /etc/rancher/k3s/k3s.yaml, please start server with --write-kubeconfig-mode to modify kube config permissions 
error: error loading config file "/etc/rancher/k3s/k3s.yaml" : open /etc/rancher/k3s/k3s.yaml: permission denied

How should I resolve this? Should I change the permissions of /etc/rancher/k3s/k3s.yaml

Evan Carroll
  • 2,091
  • 3
  • 22
  • 65

1 Answers1

22

No, do not change permissions of /etc/rancher/k3s/k3s.yaml

First set up your an environmental variable for KUBECONFIG=~/.kube/config.

export KUBECONFIG=~/.kube/config

Then let's generate the file at that location. Your k3s.yaml file should NOT be world readable.. This is by-design. It should be owned by root and set to 0600. Instead copy the config locally as described here,

mkdir ~/.kube 2> /dev/null
sudo k3s kubectl config view --raw > "$KUBECONFIG"
chmod 600 "$KUBECONFIG"

You can add KUBECONFIG=~/.kube/config to your ~/.profile or ~/.bashrc to make it persist on reboot.

Evan Carroll
  • 2,091
  • 3
  • 22
  • 65
  • If the "sudo k3s kubectl ..." line is giving an error stating "sudo: k3s: command not found", then you can try by adding /usr/local/bin/ in front of "k3s". Which would make that line as this: sudo /usr/local/bin/k3s kubectl config view --raw > "$KUBECONFIG" – UNOPARATOR Aug 01 '22 at 07:30
  • @UNOPARATOR the only way that could make a difference is if /usr/local/bin is not in your $PATH which would be pretty awkward anyway. – Evan Carroll Aug 01 '22 at 15:34
  • In my case with a CentOS 8 Stream server, after the k3s installation that line wasn't working. There was no mention of adding that to $PATH but it might be considered common practice and not mentioned because of that. I'm no linux expert of any kind, just commented in case someone like me encounters the same issue. – UNOPARATOR Aug 02 '22 at 05:06
  • When you run echo $PATH you should see /usr/local/bin in your path. Almost certainly CentOS does that. (also, CentOS is dead, everyone went to Rocky). – Evan Carroll Aug 02 '22 at 14:47
  • It wasn't there, so added export PATH=$PATH:/usr/local/bin line to $HOME/.bashrc. (Just checked out Rocky Linux from wiki, might try that next time - thanks for the heads up) – UNOPARATOR Aug 03 '22 at 04:49
  • 1
    @UNOPARATOR, the problem is that on CentOS by default sudo will use a PATH value different from your own PATH. This other value does not include /usr/local/bin, which is why it couldn't find the k3s command. One way to resolve this is to add /usr/local/bin to the secure_path option in /etc/sudoers. See https://superuser.com/questions/927512/how-to-set-path-for-sudo-commands for details. Ubuntu and Debian do not have this issue (secure_path includes /usr/local/bin). – Stanley Yu Dec 28 '23 at 20:55