How to use "kubectl" command instead of "sudo kubectl"

7/11/2018

For every command with kubectl I need to use sudo kubectl.

I understand the security perspective but I am working on a test environment and I want to be able use it without sudo.

I tried to run sudo -i and use the root account to runkubectl get pods but I received:

The connection to the server localhost:8080 was refused - did you
specify the right host or port?

I noticed that when I was playing with https://labs.play-with-k8s.com, the user is root and I can run kubectl freely.

I wanted to have the same thing on my Ubuntu machine with my Minikube.

When I runkubectl get pods with my regular account I received the error:

error: unable to read client-key /home/myuser/.minikube/client.key for minikube due to open /home/myuser/.minikube/client.key: permission denied

I supposed there are two ways:
1. Give everyone access to /home/myuser/.minikube/
2. Give my account permissions to run kubectl without sudo

EDIT:
Following @Konstantin Vustin request, here are the requested information:

myuser@ubuntu:/usr/local/bin$ ls -l  $(which kubectl)
-rwxrwxr-x 1 myuser myuser 54308597 Jun 13 05:21 /usr/local/bin/kubectl

myuser@ubuntu:/usr/local/bin$ ls -la ~ | grep kube
drwxr-xr-x  5 myuser myuser   4096 Jun 17 02:25 .kube
drwxrwxr-x 10 myuser myuser   4096 Jun 13 05:18 .minikube

myuser@ubuntu:/usr/local/bin$ ls -l ~/.kube
total 24
drwxr-xr-x  3 root  root  4096 Jun 13 05:26 cache
-rw-------  1 myuser myuser 911 Jun 13 05:27 config
drwxrwxr-x  3 myuser myuser 4096 Jul 11 01:37 http-cache
-- E235
kubectl
kubernetes
minikube

6 Answers

2/7/2019

Check if proxy is set, if yes then set no_proxy for localhost and cluster server IP( which you can find in ~/.kube/config file server: https://192.168.127.3:6443) in .bashrc or any other environment variable file.

no_proxy=localhost, 192.168.127.3
-- prashant
Source: StackOverflow

7/11/2018

Fix file permissions

Most likely your kubectl files are not owned by your user.

You can set these permissions using below command.

sudo chown -R $USER $HOME/.kube

Run kubectl with sudo

Alternatively you can run kubectl as sudo user using a persistent sudo shell.

sudo -s

then run your kubectl commands

kubectl get pods

kubectl describe <resource_type> <resource_name>

finally exit the sudo shell

exit
-- Webber
Source: StackOverflow

7/11/2018

You don't need to (and shouldn't) run kubectl with sudo. kubectl doesn't need any special permissions, and is interacting entirely with a remote server over an HTTPS connection. Kubernetes tends to take over the system it runs on, so even if you somehow were running kubectl against a local apiserver, being logged into the node at all would be odd and you could do the same level of administration remotely.

If you have been running it under sudo, it might have changed the ownership of some files to be inaccessible, and you can fix this (once) with

sudo chown -R $USER $HOME/.kube

(In your listing, ~/.kube/cache is owned by root, not by myuser.)

-- David Maze
Source: StackOverflow

9/30/2018

I had the same issue. It is suggested (by minikube) to change the ownership and permissions of ~/.kube and ~/.minikube after the installation.

sudo mv /root/.kube $HOME/.kube # this will write over any previous configuration
sudo chown -R $USER $HOME/.kube
sudo chgrp -R $USER $HOME/.kube

sudo mv /root/.minikube $HOME/.minikube # this will write over any previous configuration
sudo chown -R $USER $HOME/.minikube
sudo chgrp -R $USER $HOME/.minikube
-- Sand1512
Source: StackOverflow

5/13/2019

Ansible way to make kubectl able to run without sudo:

- name: Setup kubeconfig for user
  become: no
  command: "{{ item }}"
  with_items:
    - mkdir -p /home/$USER/.kube
    - sudo cp -i /etc/kubernetes/admin.conf /home/$USER/.kube/config
    - sudo chown $USER:$USER /home/$USER/.kube/config

Or you could run this commands manually:

mkdir -p /home/$USER/.kube
cp -i /etc/kubernetes/admin.conf /home/$USER/.kube/config
chown $USER:$USER /home/$USER/.kube/config
-- Eugene Lopatkin
Source: StackOverflow

7/11/2018

Try setuid:

chmod u+s kubectl

The keys can be read by kubectl, while not open to everyone.

-- Kun Li
Source: StackOverflow