Explicit use of sudo in MicroK8s CLI

With the upcoming v1.15.3 release, MicroK8s commands will require the use of sudo whenever elevated privileges are needed. For example, microk8s.kubectl by default authenticates you as a Kubernetes administrator and will therefore be restricted to sudo users only.

This change was made to improve the overall security of MicroK8s. Authors of scripts that use microk8s. commands may wish to test their scripts with an updated MicroK8s build . The edge channel already contains these changes; give them a try with:

sudo snap install microk8s --classic --edge

For more information on MicroK8s consult the official docs, and to contribute to the project, check out the repo at https://github.com/ubuntu/microk8s, or chat with us on the Kubernetes Slack, in the #microk8s channel.

[UPDATE ]
Based on the feedback we got from the community we introduced a linux user group called “microk8s”. Users of this group are able to access MicroK8s with no restrictions (no need for sudo). Add your user to the group with:

sudo usermod -a -G microk8s $USER

Thank you

2 Likes

This is cool and working as expected. But then why is it asking for sudo password when I enable the dashboard? microk8s.enable dashboard
It does not attaches itself to any restricted port, so I don’t see the need

This is because the dashboard addon also enables the metrics server, to get the cluster metrics such as cpu and memory.

The metrics server addon adds the authentication-token-webhook options in the apiserver. Followed by a restart of the apiserver.

Restarting the apiserver needs sudo permission.