DEV Community

Cover image for AIO : Unable to read /etc/rancher/k3s/k3s.yaml, please start server with --write-kubeconfig-mode to modify ... permissions
Dan Benitah
Dan Benitah

Posted on • Edited on

3

AIO : Unable to read /etc/rancher/k3s/k3s.yaml, please start server with --write-kubeconfig-mode to modify ... permissions

Using Azure IoT Operations (AIO) and found that issue of permissions denied and the cluster not running with the following messages? Here is how I fixed it...

When I connect to my clusters, my first action is to check if my pods or services are running with the following command, but recently I have at times been getting the subsequent output error:

$ kubectl get service -n azure-iot-operations
WARN[0000] Unable to read /etc/rancher/k3s/k3s.yaml, please start server with --write-kubeconfig-mode to modify kube config permissions
error: error loading config file "/etc/rancher/k3s/k3s.yaml": open /etc/rancher/k3s/k3s.yaml: permission denied
Enter fullscreen mode Exit fullscreen mode

I tried the following solution using this command, but that was only temporary...

Solution 1: Admin Kubeconfig Options

sudo k3s server --write-kubeconfig-mode 644
Enter fullscreen mode Exit fullscreen mode

If you encounter the following...

$ sudo k3s server --write-kubeconfig-mode 644
[sudo] password for dan:
INFO[0000] Starting k3s v1.28.7+k3s1 (051b14b2)
INFO[0000] Configuring sqlite3 database connection pooling: maxIdleConns=2, maxOpenConns=0, connMaxLifetime=0s
INFO[0000] Configuring database table schema and indexes, this may take a moment...
INFO[0000] Database tables and indexes are up to date
INFO[0000] Kine available at unix://kine.sock
INFO[0000] Reconciling bootstrap data between datastore and disk
FATA[0000] starting kubernetes: preparing server: init cluster datastore and https: listen tcp :6443: bind: address already in use
Enter fullscreen mode Exit fullscreen mode

...you can just stop the service with this command first:

sudo systemctl stop k3s
Enter fullscreen mode Exit fullscreen mode

Solution 2: Directly provide access to the file for all users

sudo chmod 644 /etc/rancher/k3s/k3s.yaml
Enter fullscreen mode Exit fullscreen mode

Your k3s cluster should now start and you will be able to get the list of pods/services confirming everything is running as expected.

kubectl get pods -n azure-iot-operations
Enter fullscreen mode Exit fullscreen mode

This issue occurred every time I reset my ubuntu server's kubernetes cluster, but I will just apply that going forward to continue testing with my user and run kubectl commands without sudo ...

References:

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more

Top comments (0)

Billboard image

Create up to 10 Postgres Databases on Neon's free plan.

If you're starting a new project, Neon has got your databases covered. No credit cards. No trials. No getting in your way.

Try Neon for Free →

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay