-2

I can access the kubectl with root user. I want to restrict the access of kubectl to non-root users so that they can perform all the kubectl operations. How should I achieve the same?

Ivan Aracki
  • 4,861
  • 11
  • 59
  • 73
MrunalTheCoder
  • 5
  • 1
  • 4

1 Answers1

-1

kubectl client it's distributed as a binary file so depending on your host you might give exec access to all users by doing chmod +x /usr/local/bin/kubectl

or you can add a custom rule to your /etc/sudoers by using visudo 

your_user ALL = NOPASSWD: /usr/local/bin/kubectl

your user will be able to run kubectl like this 

sudo kubectl ...
Hernan Garcia
  • 1,416
  • 1
  • 13
  • 24
  • 1
    Thank you so much @Hernan Garcia.I needed to give a non-root user access of kubectl. Created .kube directory under non-root linux user and copied /etc/kubernetes/config file to .kube file owned by non-root user.It worked for me. – MrunalTheCoder Mar 20 '19 at 05:46
  • I can confirm that copying the file `/root/.kube/config` and the certificates as configured in `/root/.kube/config` from `/root/.minikube/` into the User Directory `/home//.minikube` enables the access to the _Kubernetes_ cluster. In `/root/.minikube/` you will also find the CA key `/root/.minikube/ca.key` which will enable you to create custom user certificates. In the case to disable the access you would just remove those certificates from the User Directory. – Bodo Hugo Barwich Mar 19 '21 at 14:21
  • The access to the _Kubernetes_ Cluster with `kubectl` without the certificates should fail: `$ kubectl get pods` -> `The connection to the server localhost:8080 was refused - did you specify the right host or port?` – Bodo Hugo Barwich Mar 19 '21 at 14:29
  • As **Warning** I must say that this procedure gives **root** access to the _Kubernetes_ Cluster. Thus the better procedure would be to go through the correct User Authorisation Procedure as explained at: https://stackoverflow.com/a/42186135/7774231 – Bodo Hugo Barwich Mar 19 '21 at 15:28
  • @MrunalTheCoder is there a better way? I mean to re-generate cluster config for non-root user? – Rajesh Swarnkar Feb 14 '23 at 12:13