TheLazy.Dev
Portfolio GitHub

Blog

aio |azureiot |troubleshooting

AIO : Unable to read /etc/rancher/k3s/k3s.yaml, please start server with --write-kubeconfig-mode to modify ... permissions

danuw

Dan Benitah

Posted on May 2, 2024

AIO : Unable to read /etc/rancher/k3s/k3s.yaml, please start server with --write-kubeconfig-mode to modify ... permissions

Using Azure IoT Operations (AIO) and found that issue of permissions denied and the cluster not running with the following messages? Here is how I fixed it...

When I connect to my clusters, my first action is to check if my pods or services are running with the following command, but recently I have at times been getting the subsequent output error:

$ kubectl get service -n azure-iot-operations
WARN[0000] Unable to read /etc/rancher/k3s/k3s.yaml, please start server with --write-kubeconfig-mode to modify kube config permissions
error: error loading config file "/etc/rancher/k3s/k3s.yaml": open /etc/rancher/k3s/k3s.yaml: permission denied
Enter fullscreen mode Exit fullscreen mode

I tried the following solution using this command, but that was only temporary...

Solution 1: Admin Kubeconfig Options 

sudo k3s server --write-kubeconfig-mode 644
Enter fullscreen mode Exit fullscreen mode

If you encounter the following...

$ sudo k3s server --write-kubeconfig-mode 644
[sudo] password for dan:
INFO[0000] Starting k3s v1.28.7+k3s1 (051b14b2)
INFO[0000] Configuring sqlite3 database connection pooling: maxIdleConns=2, maxOpenConns=0, connMaxLifetime=0s
INFO[0000] Configuring database table schema and indexes, this may take a moment...
INFO[0000] Database tables and indexes are up to date
INFO[0000] Kine available at unix://kine.sock
INFO[0000] Reconciling bootstrap data between datastore and disk
FATA[0000] starting kubernetes: preparing server: init cluster datastore and https: listen tcp :6443: bind: address already in use
Enter fullscreen mode Exit fullscreen mode

...you can just stop the service with this command first:

sudo systemctl stop k3s
Enter fullscreen mode Exit fullscreen mode

Solution 2: Directly provide access to the file for all users 

sudo chmod 644 /etc/rancher/k3s/k3s.yaml
Enter fullscreen mode Exit fullscreen mode

Your k3s cluster should now start and you will be able to get the list of pods/services confirming everything is running as expected.

kubectl get pods -n azure-iot-operations
Enter fullscreen mode Exit fullscreen mode

This issue occurred every time I reset my ubuntu server's kubernetes cluster, but I will just apply that going forward to continue testing with my user and run kubectl commands without sudo ...

References:

💖 💪 🙅 🚩
danuw
Dan Benitah

Posted on May 2, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

AIO : Unable to read /etc/rancher/k3s/k3s.yaml, please start server with --write-kubeconfig-mode to modify ... permissions
aio AIO : Unable to read /etc/rancher/k3s/k3s.yaml, please start server with --write-kubeconfig-mode to modify ... permissions

May 2, 2024