For every command with kubectl I need to use sudo kubectl.
I understand the security perspective but I am working on a test environment and I want to be able use it without sudo.
I tried to run sudo -i and use the root account to runkubectl get pods but I received:
The connection to the server localhost:8080 was refused - did you
specify the right host or port?I noticed that when I was playing with https://labs.play-with-k8s.com, the user is root and I can run kubectl freely.
I wanted to have the same thing on my Ubuntu machine with my Minikube.
When I runkubectl get pods with my regular account I received the error:
error: unable to read client-key /home/myuser/.minikube/client.key for minikube due to open /home/myuser/.minikube/client.key: permission deniedI supposed there are two ways:
1. Give everyone access to /home/myuser/.minikube/
2. Give my account permissions to run kubectl without sudo
EDIT:
Following @Konstantin Vustin request, here are the requested information:
myuser@ubuntu:/usr/local/bin$ ls -l $(which kubectl)
-rwxrwxr-x 1 myuser myuser 54308597 Jun 13 05:21 /usr/local/bin/kubectl
myuser@ubuntu:/usr/local/bin$ ls -la ~ | grep kube
drwxr-xr-x 5 myuser myuser 4096 Jun 17 02:25 .kube
drwxrwxr-x 10 myuser myuser 4096 Jun 13 05:18 .minikube
myuser@ubuntu:/usr/local/bin$ ls -l ~/.kube
total 24
drwxr-xr-x 3 root root 4096 Jun 13 05:26 cache
-rw------- 1 myuser myuser 911 Jun 13 05:27 config
drwxrwxr-x 3 myuser myuser 4096 Jul 11 01:37 http-cacheCheck if proxy is set, if yes then set no_proxy for localhost and cluster server IP( which you can find in ~/.kube/config file server: https://192.168.127.3:6443) in .bashrc or any other environment variable file.
no_proxy=localhost, 192.168.127.3Fix file permissions
Most likely your kubectl files are not owned by your user.
You can set these permissions using below command.
sudo chown -R $USER $HOME/.kubeRun kubectl with sudo
Alternatively you can run kubectl as sudo user using a persistent sudo shell.
sudo -sthen run your kubectl commands
kubectl get pods
kubectl describe <resource_type> <resource_name>finally exit the sudo shell
exitYou don't need to (and shouldn't) run kubectl with sudo. kubectl doesn't need any special permissions, and is interacting entirely with a remote server over an HTTPS connection. Kubernetes tends to take over the system it runs on, so even if you somehow were running kubectl against a local apiserver, being logged into the node at all would be odd and you could do the same level of administration remotely.
If you have been running it under sudo, it might have changed the ownership of some files to be inaccessible, and you can fix this (once) with
sudo chown -R $USER $HOME/.kube(In your listing, ~/.kube/cache is owned by root, not by myuser.)
I had the same issue. It is suggested (by minikube) to change the ownership and permissions of ~/.kube and ~/.minikube after the installation.
sudo mv /root/.kube $HOME/.kube # this will write over any previous configuration
sudo chown -R $USER $HOME/.kube
sudo chgrp -R $USER $HOME/.kube
sudo mv /root/.minikube $HOME/.minikube # this will write over any previous configuration
sudo chown -R $USER $HOME/.minikube
sudo chgrp -R $USER $HOME/.minikubeAnsible way to make kubectl able to run without sudo:
- name: Setup kubeconfig for user
become: no
command: "{{ item }}"
with_items:
- mkdir -p /home/$USER/.kube
- sudo cp -i /etc/kubernetes/admin.conf /home/$USER/.kube/config
- sudo chown $USER:$USER /home/$USER/.kube/configOr you could run this commands manually:
mkdir -p /home/$USER/.kube
cp -i /etc/kubernetes/admin.conf /home/$USER/.kube/config
chown $USER:$USER /home/$USER/.kube/configTry setuid:
chmod u+s kubectlThe keys can be read by kubectl, while not open to everyone.