For the replica_cnf_api service we load the user's kubeconfig using sudo embedded in a yaml data chunk so the main api does not need direct access to the user files.
But then we need to be able to load that configuration directly, and it would be preferred if we don't have to change permissions or create temporary files with the certificates/keys.