When installing Rancher’s K3s on a “containerd”-based platform (so not using Docker to run your containers), it might not be as obvious as one expects to gain root access inside the containers.
But why might you need this at all? Typically, in a Kubernetes environment you’ll not be in touch with the containers directly, and that’s a good thing. But sometimes you might need to diagnose some problem, or things didn’t work out as expected (like having wrong permissions on a PV, so that the de-privileged software in the container cannot write to that storage). And sometimes, even if you can start a shell inside the container using i. e. “kubectl exec -ti <podname> — sh” (or similar, depending on what shell is available in the specific container), you may find yourself running the shell with a non-root user and no way to up your privileges (no “su” binary, no root password, or similar). Continue reading