DEV Community

Cover image for Resolving the K3s Config File Permission Denied Error
M. Oly Mahmud
M. Oly Mahmud

Posted on

Resolving the K3s Config File Permission Denied Error

When working with K3s, you might encounter the following error when running kubectl commands:

ARN[0000] Unable to read /etc/rancher/k3s/k3s.yaml, please start the server with --write-kubeconfig-mode to modify kube config permissions
error: error loading config file "/etc/rancher/k3s/k3s.yaml": open /etc/rancher/k3s/k3s.yaml: permission denied
Enter fullscreen mode Exit fullscreen mode

This error usually occurs because, the default K3s configuration file (/etc/rancher/k3s/k3s.yaml) is restricted in permissions, and is owned by root. The file permission is set to 0600. It is not advised to directly change the file's permissions to make it world-readable because doing so puts your security at risk.

Our approach to solve the issue

Instead of changing the permissions of the /etc/rancher/k3s/k3s.yaml file, we will create a user-specific copy of the file.

Solution

1. Set Up the KUBECONFIG Environment Variable

The location of our Kubernetes configuration file is defined by the KUBECONFIG environment variable.
We can avoid directly interacting with the restricted configuration file by setting this variable.

To do so, we need to run the following command:

export KUBECONFIG=~/.kube/config
Enter fullscreen mode Exit fullscreen mode

2. Generate a Local Configuration File

Next, we will create a local copy of the configuration file to use with the kubectl commands. This process keeps the file secure and accessible to the current user.

# Create the .kube directory if it doesn't already exist
mkdir -p ~/.kube

# Copy the raw configuration content to the local kubeconfig file
sudo k3s kubectl config view --raw > "$KUBECONFIG"

# Secure the file by setting permissions
chmod 600 "$KUBECONFIG"
Enter fullscreen mode Exit fullscreen mode

The chmod 600 command ensures that the file is readable and writable only by the owner.

3. Make it persist even after reboot

We need to add the following code to the shell config to make the KUBECONFIG environment variable persistent after closing the terminal or rebooting.

Let's add the following line to the ~/.bashrc or ~/.profile file,

export KUBECONFIG=~/.kube/config
Enter fullscreen mode Exit fullscreen mode

Save the file. Now reload the file by running the command,

# if you are using ~/.bashrc
source ~/.bashrc

# if you are using ~/.profile
source ~/.profile
Enter fullscreen mode Exit fullscreen mode

4. Verify the Setup

Run the following command to verify that the configuration is working perfectly.

k3s kubectl get nodes
Enter fullscreen mode Exit fullscreen mode

This command should execute without any permission errors.

Conclusion

I hope you can resolve this annoying issue while working on Kubernetes.

Image of AssemblyAI tool

Challenge Submission: SpeechCraft - AI-Powered Speech Analysis for Better Communication

SpeechCraft is an advanced real-time speech analytics platform that transforms spoken words into actionable insights. Using cutting-edge AI technology from AssemblyAI, it provides instant transcription while analyzing multiple dimensions of speech performance.

Read full post

Top comments (0)

Billboard image

Try REST API Generation for MS SQL Server.

DevOps for Private APIs. With DreamFactory API Generation, you get:

  • Auto-generated live APIs mapped from database schema
  • Interactive Swagger API documentation
  • Scripting engine to customize your API
  • Built-in role-based access control

Learn more

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay