Currently even though kubectl is linked to the ansible_user and we copy over the kubectl config from /etc/rancher/k3s/k3s.yaml running kubectl get pods as ansible_user would still fail as by default the kubectl provided by k3s uses /etc/rancher/k3s/k3s.yaml as the default kubeconfig. This requires the user to additional setup extra_server_args: --write-kubeconfig-mode=644 for the whole system to work.
Changes
Fully configure the ansible_user kubectl for immediate use. Point the default KUBECONFIG to the user accessible ~/.kube/config, and setup kubectl autocompletion
New default variable user_kubectl which allows disabling this kubectl setup steps. Useful if you don't want a local user accessing k3s, only root.
Remove link to k3s crictl as this still requires root permissions to access, making the symlink irrelevant.
Signed-off-by: Derek Nola derek.nola@suse.com
Background
Currently even though kubectl is linked to the
ansible_userand we copy over the kubectl config from/etc/rancher/k3s/k3s.yamlrunningkubectl get podsasansible_userwould still fail as by default the kubectl provided by k3s uses/etc/rancher/k3s/k3s.yamlas the default kubeconfig. This requires the user to additional setupextra_server_args: --write-kubeconfig-mode=644for the whole system to work.Changes
ansible_userkubectl for immediate use. Point the default KUBECONFIG to the user accessible ~/.kube/config, and setup kubectl autocompletionuser_kubectlwhich allows disabling this kubectl setup steps. Useful if you don't want a local user accessing k3s, only root.k3s crictlas this still requires root permissions to access, making the symlink irrelevant.