How to use "kubectl" command instead of "sudo kubectl"

Question

For every command with kubectl I need to use sudo kubectl.

I understand the security perspective but I am working on a test environment and I want to be able use it without sudo.

I tried to run sudo -i and use the root account to runkubectl get pods but I received:

The connection to the server localhost:8080 was refused - did you
specify the right host or port?

I noticed that when I was playing with https://labs.play-with-k8s.com, the user is root and I can run kubectl freely.

I wanted to have the same thing on my Ubuntu machine with my Minikube.

When I runkubectl get pods with my regular account I received the error:

error: unable to read client-key /home/myuser/.minikube/client.key for minikube due to open /home/myuser/.minikube/client.key: permission denied

I supposed there are two ways:
1. Give everyone access to /home/myuser/.minikube/
2. Give my account permissions to run kubectl without sudo

EDIT:
Following @Konstantin Vustin request, here are the requested information:

myuser@ubuntu:/usr/local/bin$ ls -l  $(which kubectl)
-rwxrwxr-x 1 myuser myuser 54308597 Jun 13 05:21 /usr/local/bin/kubectl

myuser@ubuntu:/usr/local/bin$ ls -la ~ | grep kube
drwxr-xr-x  5 myuser myuser   4096 Jun 17 02:25 .kube
drwxrwxr-x 10 myuser myuser   4096 Jun 13 05:18 .minikube

myuser@ubuntu:/usr/local/bin$ ls -l ~/.kube
total 24
drwxr-xr-x  3 root  root  4096 Jun 13 05:26 cache
-rw-------  1 myuser myuser 911 Jun 13 05:27 config
drwxrwxr-x  3 myuser myuser 4096 Jul 11 01:37 http-cache

Answer 1

For Accessing K3S custer without sudo...

export KUBECONFIG="~/.kube/config:/etc/rancher/k3s/k3s.yaml"

sudo chmod u+s /var/lib/rancher/k3s/data/current/bin/kubectl

Answer 2

Change the owner on your installation

1. locate where this is installed
2. Change owner to your user
3. Test with version argument

# 1
$ whereis kubectl
kubectl: /usr/bin/kubectl /usr/local/bin/kubectl
$ ll /usr/bin/kubectl
-rwxr-xr-x 1 root root 45015040 Nov 10 10:51 /usr/bin/kubectl*
# 2
$ sudo chown $USER:$USER /usr/bin/kubectl
# 3
$ kubectl version --short
Flag --short has been deprecated, and will be removed in the future. The --short output will become the default.
Client Version: v1.25.4
Kustomize Version: v4.5.7

Answer 3

The most easiest way is to make an alias:

alias kubectl='sudo kubectl

Answer 4

If you are using kubeadm, just follow the commands:

• Create .kube folde

  mkdir -p ~/.kube
  

• Copy admin.conf to this folder

  sudo cp -i /etc/kubernetes/admin.conf ~/.kube/config
  

• Change owner of this file to ourselves

  sudo chown $(id -u):$(id -g) ~/.kube/config
  

• Now everything is good, and we don't have to use sudo or --kubeconfig

  kubectl get nodes
  

---

Source:

• Certified Kubernetes Administrator

Answer 5

If anyone is wondering for k3s, use the following:

sudo chmod 644 /etc/rancher/k3s/k3s.yaml

After this, you can simply use kubectl rather than sudo kubectl.

Answer 6

Check if proxy is set, if yes then set no_proxy for localhost and cluster server IP( which you can find in ~/.kube/config file server: https://192.168.127.3:6443) in .bashrc or any other environment variable file.

no_proxy=localhost, 192.168.127.3

Answer 7

Fix file permissions

Most likely your kubectl files are not owned by your user.

You can set these permissions using below command.

sudo chown -R $USER $HOME/.kube

Run kubectl with sudo

Alternatively you can run kubectl as sudo user using a persistent sudo shell.

sudo -s

then run your kubectl commands

kubectl get pods

kubectl describe <resource_type> <resource_name>

finally exit the sudo shell

exit

Answer 8

Ansible way to make kubectl able to run without sudo:

- name: Setup kubeconfig for user
  become: no
  command: "{{ item }}"
  with_items:
    - mkdir -p /home/$USER/.kube
    - sudo cp -i /etc/kubernetes/admin.conf /home/$USER/.kube/config
    - sudo chown $USER:$USER /home/$USER/.kube/config

Or you could run this commands manually:

mkdir -p /home/$USER/.kube
cp -i /etc/kubernetes/admin.conf /home/$USER/.kube/config
chown $USER:$USER /home/$USER/.kube/config

Answer 9

I had the same issue. It is suggested (by minikube) to change the ownership and permissions of ~/.kube and ~/.minikube after the installation.

sudo mv /root/.kube $HOME/.kube # this will write over any previous configuration
sudo chown -R $USER $HOME/.kube
sudo chgrp -R $USER $HOME/.kube

sudo mv /root/.minikube $HOME/.minikube # this will write over any previous configuration
sudo chown -R $USER $HOME/.minikube
sudo chgrp -R $USER $HOME/.minikube

Answer 10

You don't need to (and shouldn't) run kubectl with sudo. kubectl doesn't need any special permissions, and is interacting entirely with a remote server over an HTTPS connection. Kubernetes tends to take over the system it runs on, so even if you somehow were running kubectl against a local apiserver, being logged into the node at all would be odd and you could do the same level of administration remotely.

If you have been running it under sudo, it might have changed the ownership of some files to be inaccessible, and you can fix this (once) with

sudo chown -R $USER $HOME/.kube

(In your listing, ~/.kube/cache is owned by root, not by myuser.)

Answer 11

Try setuid:

chmod u+s kubectl

The keys can be read by kubectl, while not open to everyone.