Issue
I am trying to access a k0s cluster with Jenkins in order to deploy from Jenkins pipeline. In order to copy/paste cluster credentials in the kubeconfig file I tried to access with "~/.kube/config" command but there is an error saying "No such file or directory" i.e when I run :
sudo cp ~/.kube/config ~/.jenkins/.kube/
I get No such file or directory error. It appears as if the config file is not there or may be located elsewhere where I am not aware. I have created a kubeconfig file for the root user (on the assumption that it doesnt exist by default) as per the documentation here :
k0s kubeconfig create root
but when I reattempt to copy I am still getting same error 'No such file or directory'. The kubeconfig file has been created as per output from this command k0s kubeconfig create root :
WARN[2022-01-30 17:44:16] no config file given, using defaults
apiVersion: v1
clusters:
cluster:
server: https://10.XXX.XXX.XXX:6443
certificate-authority-data: xxxxxxxx
name: k0s
contexts:
context:
cluster: k0s
user: root
name: k0s
current-context: k0s
kind: Config
preferences: {}
users:
name: root
user:
client-certificate-data: xxxxxxxxxxxx
I can verify that the file indeed exists with command k0s kubectl config view:
apiVersion: v1
clusters:
cluster:
certificate-authority-data: DATA+OMITTED
server: https://localhost:6443
name: local
contexts:
context:
cluster: local
namespace: default
user: user
name: Default
current-context: Default
kind: Config
preferences: {}
users:
name: user
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
One of the posts suggests using the command k0s kubectl get pods -v=6 to see the exact location of the kubeconfig file but when I run it -v seems unsupported for k0s :
Error: unknown shorthand flag: 'v' in -v=6
See 'k0s kubectl get --help' for usage
As a check I have done cd ~/.kube/config but there is nothing also there
What am I missing ?
Solution
I found out what I was missing :
~/.kube/config does NOT get created by k0s by default at all. What k0s does create by default is the "break-the-glass" admin kubeconfig which is located at /var/lib/k0s/pki/admin.conf
So I had to do :
cp /var/lib/k0s/pki/admin.conf ~/.kube/configcp ~/.kube/config/admin.conf /var/lib/jenkins- Add jenkins user to sudo users :
nano -f /etc/sudoers
then
jenkins ALL=NOPASSWD: ALL
The recommended way however is to avail dedicated access for Jenkins with proper RBAC allowing only the needed access e.g service account tokens. As next step I will have to test this on another Jenkins instance since I can no longer revoke access (disadvantage of using admin.conf)
Answered By - Golide
Answer Checked By - Robin (JavaFixing Admin)
