Virtual Geek

Tales from real IT system administrators world and non-production environment

Rancher k3s.yaml permission denied when using kubectl - Kubernetes

While working with Install and Setup your own Kubernetes Cluster with K3s, I installed K3s as a non sudo root user. After complete installation when running any kubectl command I was receiving the below error.

ubuntu@AnsibleAWX:~$ kubectl get nodes
WARN[0000] Unable to read /etc/rancher/k3s/k3s.yaml, please start server with --write-kubeconfig-mode to modify kube config permissions
error: error loading config file "/etc/rancher/k3s/k3s.yaml": open /etc/rancher/k3s/k3s.yaml: permission denied

This issue occurs because the logged in user doesn't have sufficient permissions to access /etc/rancher/k3s/k3s.yaml file. To check and see the permissions use ls command with parameters. Next to grant access to current user, grab the information with commands users and groups.

ubuntu@AnsibleAWX:~$ ls -lsa /etc/rancher/k3s/k3s.yaml
4 -rw------- 1 root root 2969 Dec  4 13:52 /etc/rancher/k3s/k3s.yaml
ubuntu@AnsibleAWX:~$ groups
ubuntu adm cdrom sudo dip plugdev lpadmin lxd sambashare
ubuntu@AnsibleAWX:~$ users

Use chown command with users:groups to assign permissions to k3s.yaml file. You can check the permissions again with ls command.

ubuntu@AnsibleAWX:~$ sudo chown ubuntu:ubuntu /etc/rancher/k3s/k3s.yaml
ubuntu@AnsibleAWX:~$ ls -lsa /etc/rancher/k3s/k3s.yaml
4 -rw------- 1 ubuntu ubuntu 2969 Dec  4 13:52 /etc/rancher/k3s/k3s.yaml

Execute kubectl command again to get the nodes list, it is successful after providing correct permissions.

ubuntu@AnsibleAWX:~$ kubectl get nodes
NAME         STATUS   ROLES                  AGE   VERSION
ansibleawx   Ready    control-plane,master   19m   v1.25.4+k3s1

This is a snapshot of complete error and solution of the issue.

Ubuntu linux kubectl get nodes etc rancher k3s.yaml k3s write kubeconfig mode permission denied groups users chown k3s.yaml get nodes kubectl.jpg

Useful Articles
Configure Nginx Load Balancer for the Kubernetes API Server - Part 1
Install and configure Kubernetes cluster master nodes using kubeadm - Part 2
Install and configure Kubernetes cluster worker nodes using kubeadm - Part 3
Kubernetes kubeadm join couldn't validate the identity of the API server connection refused
Kubernetes kubeadm join could not find a jws signature in the cluster-info ConfigMap for token ID
Setup and deploy Ingress controller for Kubernetes on Bare Metal servers
Setup HAProxy for Ingress Controller Kubernetes Cluster

Go Back


Blog Search

Page Views


Follow me on Blogarama