Note To Self: Error Loading Config File /etc/rancher/k3s/k3s.yaml
3 Min Read
The Story
After updating k3s to the latest version on my vagrant box, I started getting permission denied errors when I ran commands such as kubectl get pod.
This was mainly because previous versions of k3s created a world-readable /etc/rancher/k3s/k3s.yaml file, which appears to contain a plain text admin password (Serious security threat).
vagrant@dashboard:~> kubectl get pod -A
WARN[2021-04-18T23:59:51.388277731Z] Unable to read /etc/rancher/k3s/k3s.yaml, please start server with --write-kubeconfig-mode to modify kube config permissions
error: error loading config file "/etc/rancher/k3s/k3s.yaml": open /etc/rancher/k3s/k3s.yaml: permission denied
kubectl/k3s version info:
vagrant@dashboard:~> kubectl version
Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.5+k3s1", GitCommit:"355fff3017b06cde44dbd879408a3a6826fa7125", GitTreeState:"clean", BuildDate:"2021-03-31T06:21:52Z", GoVersion:"go1.15.10", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.5+k3s1", GitCommit:"355fff3017b06cde44dbd879408a3a6826fa7125", GitTreeState:"clean", BuildDate:"2021-03-31T06:21:52Z", GoVersion:"go1.15.10", Compiler:"gc", Platform:"linux/amd64"}
vagrant@dashboard:~> k3s --version
k3s version v1.20.5+k3s1 (355fff30)
go version go1.15.10
The Fix
There’s 2 ways to fix this:
-
Reinstall k3s or start server with 644 permissions
curl -sfL https://get.k3s.io | sh -s - --write-kubeconfig-mode 644or using the variable
K3S_KUBECONFIG_MODEcurl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" sh -s - -
Explicitly change file permissions without reinstalling.
sudo chmod 644 /etc/rancher/k3s/k3s.yaml