When working with K3s, you might encounter the following error when running kubectl
commands:
ARN[0000] Unable to read /etc/rancher/k3s/k3s.yaml, please start the server with --write-kubeconfig-mode to modify kube config permissions
error: error loading config file "/etc/rancher/k3s/k3s.yaml": open /etc/rancher/k3s/k3s.yaml: permission denied
This error usually occurs because, the default K3s configuration file (/etc/rancher/k3s/k3s.yaml
) is restricted in permissions, and is owned by root
. The file permission is set to 0600. It is not advised to directly change the file’s permissions to make it world-readable because doing so puts your security at risk.
Our approach to solve the issue
Instead of changing the permissions of the /etc/rancher/k3s/k3s.yaml
file, we will create a user-specific copy of the file.
Solution
1. Set Up the KUBECONFIG
Environment Variable
The location of our Kubernetes configuration file is defined by the KUBECONFIG
environment variable.
We can avoid directly interacting with the restricted configuration file by setting this variable.
To do so, we need to run the following command:
export KUBECONFIG=~/.kube/config
2. Generate a Local Configuration File
Next, we will create a local copy of the configuration file to use with the kubectl
commands. This process keeps the file secure and accessible to the current user.
# Create the .kube directory if it doesn't already exist
mkdir -p ~/.kube
# Copy the raw configuration content to the local kubeconfig file
sudo k3s kubectl config view --raw > "$KUBECONFIG"
# Secure the file by setting permissions
chmod 600 "$KUBECONFIG"
The chmod 600
command ensures that the file is readable and writable only by the owner.
3. Make it persist even after reboot
We need to add the following code to the shell config to make the KUBECONFIG environment variable persistent after closing the terminal or rebooting.
Let’s add the following line to the ~/.bashrc
or ~/.profile
file,
export KUBECONFIG=~/.kube/config
Save the file. Now reload the file by running the command,
# if you are using ~/.bashrc
source ~/.bashrc
# if you are using ~/.profile
source ~/.profile
4. Verify the Setup
Run the following command to verify that the configuration is working perfectly.
k3s kubectl get nodes
This command should execute without any permission errors.
Conclusion
I hope you can resolve this annoying issue while working on Kubernetes.