Kubefeeds Team A dedicated and highly skilled team at Kubefeeds, driven by a passion for Kubernetes and Cloud-Native technologies, delivering innovative solutions with expertise and enthusiasm.

Resolving the K3s Config File Permission Denied Error

1 min read

When working with K3s, you might encounter the following error when running kubectl commands:

ARN[0000] Unable to read /etc/rancher/k3s/k3s.yaml, please start the server with --write-kubeconfig-mode to modify kube config permissions
error: error loading config file "/etc/rancher/k3s/k3s.yaml": open /etc/rancher/k3s/k3s.yaml: permission denied

This error usually occurs because, the default K3s configuration file (/etc/rancher/k3s/k3s.yaml) is restricted in permissions, and is owned by root. The file permission is set to 0600. It is not advised to directly change the file’s permissions to make it world-readable because doing so puts your security at risk.

Our approach to solve the issue

Instead of changing the permissions of the /etc/rancher/k3s/k3s.yaml file, we will create a user-specific copy of the file.

Solution

1. Set Up the KUBECONFIG Environment Variable

The location of our Kubernetes configuration file is defined by the KUBECONFIG environment variable.
We can avoid directly interacting with the restricted configuration file by setting this variable.

To do so, we need to run the following command:

export KUBECONFIG=~/.kube/config

2. Generate a Local Configuration File

Next, we will create a local copy of the configuration file to use with the kubectl commands. This process keeps the file secure and accessible to the current user.

# Create the .kube directory if it doesn't already exist
mkdir -p ~/.kube

# Copy the raw configuration content to the local kubeconfig file
sudo k3s kubectl config view --raw > "$KUBECONFIG"

# Secure the file by setting permissions
chmod 600 "$KUBECONFIG"

The chmod 600 command ensures that the file is readable and writable only by the owner.

3. Make it persist even after reboot

We need to add the following code to the shell config to make the KUBECONFIG environment variable persistent after closing the terminal or rebooting.

Let’s add the following line to the ~/.bashrc or ~/.profile file,

export KUBECONFIG=~/.kube/config

Save the file. Now reload the file by running the command,

# if you are using ~/.bashrc
source ~/.bashrc

# if you are using ~/.profile
source ~/.profile

4. Verify the Setup

Run the following command to verify that the configuration is working perfectly.

k3s kubectl get nodes

This command should execute without any permission errors.

Conclusion

I hope you can resolve this annoying issue while working on Kubernetes.

Kubefeeds Team A dedicated and highly skilled team at Kubefeeds, driven by a passion for Kubernetes and Cloud-Native technologies, delivering innovative solutions with expertise and enthusiasm.