I cannot run kubectl get nodes as root. Why?

Question

On my master node

root@k8smaster:~# kubectl get nodes
The connection to the server localhost:8080 was refused - did you specify the right host or port?
root@k8smaster:~# exit
logout

yoda@k8smaster:~/bin$ kubectl get nodes
NAME        STATUS    ROLES     AGE       VERSION
k8smaster   Ready     master    5d        v1.9.2
k8sworker   Ready     <none>    51s       v1.9.2

Why do I need to run kubectl as my own user ?

Answer 1

kubectl needs kubeconfig at $HOME/.kube/config by default.

Kubeadm puts the original kubeconfig in /etc/kubernetes/admin.conf.

Any user (including root) can do the following to get kubeconfig in the current user's home directory at $HOME/.kube/config:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run this:

export KUBECONFIG=/etc/kubernetes/admin.conf

Answer 2

What Michael said is exactly accurate; kubectl looks in the current user's home directory, which for yoda will likely be /home/yoda but for root is almost certainly /root.

You can very quickly test this theory by re-running your kubectl command with an explicit --kubeconfig ~yoda/.kube/config:

kubectl --kubeconfig ~yoda/.kube/config get nodes

You can also export the shell variable KUBECONFIG to avoid having to constantly include that long --kubeconfig syntax:

export KUBECONFIG=~yoda/.kube/config
kubectl get nodes

Ensure you don't put any characters between the ~ and yoda or it will look for a yoda directory inside the current user's home directory.