The Issue
When using kubectl or oc you may see warnings that your Kubernetes configuration file is readable by group or by everyone.
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/user/cluster/admin-kubeconfig
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/user/cluster/admin-kubeconfig
The Cause
The kubeconfig file has permissions that allow access for group or others. The tools expect your kubeconfig to be readable and writable only by your user.
You can confirm this with a long listing. If you see read permission for group or others, the file is too open.
ls -l /home/user/cluster/admin-kubeconfig
-rw-r--r-- 1 user staff 12345 Sep 3 14:05 /home/user/cluster/admin-kubeconfig
# ^ group and others have read access
The Fix
- Restrict the file permissions so only your user can read and write it.
chmod 600 /home/user/cluster/admin-kubeconfig - Optionally restrict the directory that holds the file.
chmod 700 /home/user/cluster - Verify the new permissions. The output should show owner read and write only.
ls -l /home/user/cluster/admin-kubeconfig -rw------- 1 user staff 12345 Sep 3 14:05 /home/user/cluster/admin-kubeconfig - Consider moving the kubeconfig into your home configuration folder for easier use, then point your tools at it.
mkdir -p ~/.kube mv /home/user/cluster/admin-kubeconfig ~/.kube/admin-kubeconfig export KUBECONFIG=~/.kube/admin-kubeconfigIf you work with several kubeconfigs, you can join them in an environment variable.
export KUBECONFIG=~/.kube/admin-kubeconfig:~/.kube/other.kubeconfig - Keep your kubeconfig private. Do not share it, and do not commit it to a source control system.
Regards