Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ability to run k3s as non-root user #38

Closed
erikwilson opened this Issue Feb 25, 2019 · 2 comments

Comments

4 participants
@erikwilson
Copy link
Member

erikwilson commented Feb 25, 2019

When attempting to run release binary k3s server as non-root we prepare a data directory:

INFO[0000] Preparing data dir /home/test/.rancher/k3s/data/XXX
FATA[2019-02-25T17:19:39.192549600Z] must run as root unless --disable-agent is specified

but further attempts to run as non-root result in an error:

FATA[0000] exec: "k3s-server": executable file not found in $PATH
@ibuildthecloud

This comment has been minimized.

Copy link
Member

ibuildthecloud commented Feb 25, 2019

Related or the same issue #21

@erikwilson erikwilson added this to Testing in K3S Development Feb 27, 2019

@erikwilson erikwilson moved this from Testing to Reviewer approved in K3S Development Feb 27, 2019

@ibuildthecloud ibuildthecloud moved this from Reviewer approved to Testing in K3S Development Mar 4, 2019

@ibuildthecloud ibuildthecloud moved this from Testing to Reviewer approved in K3S Development Mar 4, 2019

@cjellick cjellick added this to the v0.2.0 milestone Mar 8, 2019

@cjellick cjellick moved this from Reviewer approved to Testing in K3S Development Mar 8, 2019

@cjellick cjellick changed the title Unable to run k3s as non-root user Add ability to run k3s as non-root user Mar 8, 2019

@dnoland1

This comment has been minimized.

Copy link
Contributor

dnoland1 commented Mar 8, 2019

Works with v0.2.0-rc6:

ubuntu@k3s-node1:~$ id
uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),110(netdev),111(lxd)
ubuntu@k3s-node1:~$ ./k3s server --disable-agent
INFO[2019-03-08T04:32:34.679276979Z] Starting k3s v0.2.0-rc6 (2771ae1)
INFO[2019-03-08T04:32:35.896017650Z] Running kube-apiserver --watch-cache=false --cert-dir /home/ubuntu/.rancher/k3s/server/tls/temporary-certs --allow-privileged=true --authorization-mode Node,RBAC --service-account-signing-key-file /home/ubuntu/.rancher/k3s/server/tls/service.key --service-cluster-ip-range 10.43.0.0/16 --advertise-port 6445 --advertise-address 127.0.0.1 --insecure-port 0 --secure-port 6444 --bind-address 127.0.0.1 --tls-cert-file /home/ubuntu/.rancher/k3s/server/tls/localhost.crt --tls-private-key-file /home/ubuntu/.rancher/k3s/server/tls/localhost.key --service-account-key-file /home/ubuntu/.rancher/k3s/server/tls/service.key --service-account-issuer k3s --api-audiences unknown --basic-auth-file /home/ubuntu/.rancher/k3s/server/cred/passwd --kubelet-client-certificate /home/ubuntu/.rancher/k3s/server/tls/token-node.crt --kubelet-client-key /home/ubuntu/.rancher/k3s/server/tls/token-node.key
INFO[2019-03-08T04:32:37.209801481Z] Running kube-scheduler --kubeconfig /home/ubuntu/.rancher/k3s/server/cred/kubeconfig-system.yaml --port 10251 --address 127.0.0.1 --secure-port 0 --leader-elect=false
INFO[2019-03-08T04:32:37.211504506Z] Running kube-controller-manager --kubeconfig /home/ubuntu/.rancher/k3s/server/cred/kubeconfig-system.yaml --service-account-private-key-file /home/ubuntu/.rancher/k3s/server/tls/service.key --allocate-node-cidrs --cluster-cidr 10.42.0.0/16 --root-ca-file /home/ubuntu/.rancher/k3s/server/tls/token-ca.crt --port 10252 --address 127.0.0.1 --secure-port 0 --leader-elect=false
Flag --address has been deprecated, see --bind-address instead.
INFO[2019-03-08T04:32:37.389503594Z] Creating CRD listenerconfigs.k3s.cattle.io
INFO[2019-03-08T04:32:37.416034969Z] Creating CRD addons.k3s.cattle.io
INFO[2019-03-08T04:32:37.427321802Z] Creating CRD helmcharts.k3s.cattle.io
INFO[2019-03-08T04:32:37.459529124Z] Waiting for CRD listenerconfigs.k3s.cattle.io to become available
INFO[2019-03-08T04:32:37.961566620Z] Done waiting for CRD listenerconfigs.k3s.cattle.io to become available
INFO[2019-03-08T04:32:37.962033975Z] Waiting for CRD addons.k3s.cattle.io to become available
INFO[2019-03-08T04:32:38.465847971Z] Done waiting for CRD addons.k3s.cattle.io to become available
INFO[2019-03-08T04:32:38.466789685Z] Waiting for CRD helmcharts.k3s.cattle.io to become available
INFO[2019-03-08T04:32:38.970526981Z] Done waiting for CRD helmcharts.k3s.cattle.io to become available
INFO[2019-03-08T04:32:38.972947943Z] Listening on :6443
INFO[2019-03-08T04:32:39.761363086Z] Node token is available at /home/ubuntu/.rancher/k3s/server/node-token
INFO[2019-03-08T04:32:39.766048704Z] To join node to cluster: k3s agent -s https://10.0.2.15:6443 -t ${NODE_TOKEN}
INFO[2019-03-08T04:32:39.765798683Z] Writing manifest: /home/ubuntu/.rancher/k3s/server/manifests/coredns.yaml
INFO[2019-03-08T04:32:39.770124190Z] Writing manifest: /home/ubuntu/.rancher/k3s/server/manifests/traefik.yaml
INFO[2019-03-08T04:32:40.068422826Z] Wrote kubeconfig /home/ubuntu/.kube/k3s.yaml
INFO[2019-03-08T04:32:40.069537204Z] Run: k3s kubectl
INFO[2019-03-08T04:32:40.069837608Z] k3s is up and running

@erikwilson erikwilson closed this Mar 8, 2019

K3S Development automation moved this from Testing to Done Mar 8, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.