New k3s server flag: --write-kubeconfig-own or --write-kubeconfig-group

[kittydoor]

Per #389 the default mode for kubeconfig was changed to 600 with ability to override this to 644 (or any other) via a config flag. This is awesome! However, I would like to go with 640 so that I can make it only accessible to a certain group as opposed to world.

It would be great if a flag such as --write-kubeconfig-own <user>:<group> or --write-kubeconfig-group <group> existed so that I can define a group myself, and used together with --write-kubeconfig-mode the file is written as 640 root:.

At the moment, this is a step I take manually after installation. I think it would be more helpful to be able to add this into the configuration file.

[brandond]

I think --write-kubeconfig-group would be reasonable.

[VestigeJ]

validated with commit_id on v1.30 branch

$ echo $COMMIT

79ba10f5ec88a2458b44f67d009b4ee071918e4d

$ sudo INSTALL_K3S_COMMIT=$COMMIT INSTALL_K3S_EXEC="server --write-kubeconfig-group=testingNewFeature" ./install-k3s.sh

[INFO]  Using commit 79ba10f5ec88a2458b44f67d009b4ee071918e4d as release
[INFO]  Downloading hash https://k3s-ci-builds.s3.amazonaws.com/k3s-79ba10f5ec88a2458b44f67d009b4ee071918e4d.sha256sum
[INFO]  Downloading binary https://k3s-ci-builds.s3.amazonaws.com/k3s-79ba10f5ec88a2458b44f67d009b4ee071918e4d
[INFO]  Verifying binary download
[INFO]  Installing k3s to /usr/local/bin/k3s
[INFO]  Skipping installation of SELinux RPM
[INFO]  Creating /usr/local/bin/kubectl symlink to k3s
[INFO]  Creating /usr/local/bin/crictl symlink to k3s
[INFO]  Creating /usr/local/bin/ctr symlink to k3s
[INFO]  Creating killall script /usr/local/bin/k3s-killall.sh
[INFO]  Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO]  env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO]  systemd: Creating service file /etc/systemd/system/k3s.service
[INFO]  systemd: Enabling k3s unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.
[INFO]  systemd: Starting k3s

$ ls -lahr /etc/rancher/k3s/

total 8.0K
-rw-r--r-- 1 root testingNewFeature 2.9K Jun  4 00:15 k3s.yaml
-rw-r--r-- 1 root root               223 Jun  4 00:15 config.yaml
drwxr-xr-x 4 root root                29 Jun  4 00:15 ..
drwxr-xr-x 2 root root                41 Jun  4 00:15 .

[davidshen84]

Hi @VestigeJ ,

Is this feature officially released? I could not find a reference on https://docs.k3s.io/cli/server, but I can see it on my machine with k3s server -h. My k3s version is v1.30.5+k3s1 (9b58670)

[brandond]

Yep. Docs frequently lag behind features. A docs PR would be welcomed!

[davidshen84]

Create PR k3s-io/docs#345.

…

On Mon, 21 Oct 2024 at 16:01, Brad Davidson ***@***.***> wrote: Yep. Docs frequently lag behind features. A docs PR would be welcomed! — Reply to this email directly, view it on GitHub <#9209 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAQBTLLJVJ42F375256UCLZ4SDA3AVCNFSM6AAAAABBVGSFQKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRVGU4TCMJZGM> . You are receiving this because you commented.Message ID: ***@***.***>

[kittydoor]

Thank you for pitching in on this! :)