diff --git a/e2e/provision/install_sandbox.sh b/e2e/provision/install_sandbox.sh
index d421d8d3..99e40652 100755
--- a/e2e/provision/install_sandbox.sh
+++ b/e2e/provision/install_sandbox.sh
@@ -111,12 +111,6 @@ else
         ansible-playbook -vvv -i ~/nephio.yaml playbooks/cluster.yml
     fi
 
-    # Put this in the ubuntu dir and make it accessible to world
-    mkdir "$HOME/.kube" && chmod 755 "$HOME/.kube"
-    sudo cp /root/.kube/config "$HOME/.kube"
-    sudo chown $USER:$USER "$HOME/.kube/config"
-    chmod 644 "$HOME/.kube/config"
-
     # I don't know how to make ansible do what I want, this is what I want
     deploy_kpt_pkg "repository@repository/v3" "mgmt"
     deploy_kpt_pkg "rootsync@rootsync/v3" "mgmt"
diff --git a/e2e/provision/playbooks/roles/bootstrap/tasks/main.yml b/e2e/provision/playbooks/roles/bootstrap/tasks/main.yml
index 5c266a1a..2a863161 100644
--- a/e2e/provision/playbooks/roles/bootstrap/tasks/main.yml
+++ b/e2e/provision/playbooks/roles/bootstrap/tasks/main.yml
@@ -27,7 +27,7 @@
 
 - name: Create management cluster
   become: true
-  ansible.builtin.command: kind create cluster --config=-
+  ansible.builtin.command: kind create cluster --kubeconfig /tmp/kubeconfig --config=-
   args:
     stdin: |
       kind: Cluster
@@ -41,8 +41,23 @@
   when: not 'kind' in bootstrap_kind_get_cluster.stdout
   changed_when: true
 
-- name: Create gitea namespace
+- name: Create .kube directory
+  ansible.builtin.file:
+    path: "{{ ansible_user_dir }}/.kube"
+    state: directory
+    mode: '0755'
+
+- name: Copy root kubeconfig file
   become: true
+  ansible.builtin.copy:
+    remote_src: true
+    src: /tmp/kubeconfig
+    dest: "{{ ansible_user_dir }}/.kube/config"
+    owner: "{{ ansible_user_uid }}"
+    group: "{{ ansible_user_gid }}"
+    mode: '0644'
+
+- name: Create gitea namespace
   kubernetes.core.k8s:
     state: present
     definition:
@@ -52,7 +67,6 @@
         name: gitea
 
 - name: Create gitea postgresql user password
-  become: true
   kubernetes.core.k8s:
     state: present
     definition:
@@ -70,7 +84,6 @@
         password: "{{ gitea_db_password }}"
 
 - name: Create gitea user password
-  become: true
   kubernetes.core.k8s:
     state: present
     definition:
diff --git a/e2e/provision/playbooks/roles/install/molecule/default/molecule.yml b/e2e/provision/playbooks/roles/install/molecule/default/molecule.yml
index 22dc88ac..7d0788a9 100644
--- a/e2e/provision/playbooks/roles/install/molecule/default/molecule.yml
+++ b/e2e/provision/playbooks/roles/install/molecule/default/molecule.yml
@@ -33,5 +33,3 @@ provisioner:
     ANSIBLE_LIBRARY: ${MOLECULE_PROJECT_DIRECTORY}/../../../playbooks/library
 verifier:
   name: testinfra
-  options:
-    sudo: true
diff --git a/e2e/provision/playbooks/roles/install/tasks/main.yml b/e2e/provision/playbooks/roles/install/tasks/main.yml
index 1e61f3be..2ea9c21c 100644
--- a/e2e/provision/playbooks/roles/install/tasks/main.yml
+++ b/e2e/provision/playbooks/roles/install/tasks/main.yml
@@ -23,8 +23,8 @@
     version: "{{ item.version }}"
     namespaces: "{{ item.namespaces }}"
     context: kind-kind
+
 - name: Create gitea user password in nephio-system namespace
-  become: true
   kubernetes.core.k8s:
     state: present
     definition:
@@ -37,6 +37,7 @@
       stringData:
         username: "{{ gitea_username }}"
         password: "{{ gitea_password }}"
+
 - name: Deploy Nephio webui
   ansible.builtin.include_role:
     name: kpt
diff --git a/e2e/provision/playbooks/roles/kpt/molecule/default/molecule.yml b/e2e/provision/playbooks/roles/kpt/molecule/default/molecule.yml
index 3cc09607..ce2e771e 100644
--- a/e2e/provision/playbooks/roles/kpt/molecule/default/molecule.yml
+++ b/e2e/provision/playbooks/roles/kpt/molecule/default/molecule.yml
@@ -39,5 +39,3 @@ provisioner:
           - default
 verifier:
   name: testinfra
-  options:
-    sudo: true
diff --git a/e2e/provision/playbooks/roles/kpt/molecule/default/prepare.yml b/e2e/provision/playbooks/roles/kpt/molecule/default/prepare.yml
index 38afa222..c3c06890 100644
--- a/e2e/provision/playbooks/roles/kpt/molecule/default/prepare.yml
+++ b/e2e/provision/playbooks/roles/kpt/molecule/default/prepare.yml
@@ -46,5 +46,19 @@
       failed_when: (kind_get_cluster.rc not in [0, 1])
     - name: Create k8s cluster
       become: true
-      ansible.builtin.command: kind create cluster --image kindest/node:v1.27.1
+      ansible.builtin.command: kind create cluster --image kindest/node:v1.27.1 --kubeconfig=/tmp/kubeconfig
       when: not 'kind' in kind_get_cluster.stdout
+    - name: Create .kube directory
+      ansible.builtin.file:
+        path: "{{ ansible_user_dir }}/.kube"
+        state: directory
+        mode: '0755'
+    - name: Copy root kubeconfig file
+      become: true
+      ansible.builtin.copy:
+        remote_src: true
+        src: /tmp/kubeconfig
+        dest: "{{ ansible_user_dir }}/.kube/config"
+        owner: "{{ ansible_user_uid }}"
+        group: "{{ ansible_user_gid }}"
+        mode: '0644'
diff --git a/e2e/provision/playbooks/roles/kpt/molecule/default/tests/test_default.py b/e2e/provision/playbooks/roles/kpt/molecule/default/tests/test_default.py
index dac442c9..fc496746 100644
--- a/e2e/provision/playbooks/roles/kpt/molecule/default/tests/test_default.py
+++ b/e2e/provision/playbooks/roles/kpt/molecule/default/tests/test_default.py
@@ -16,16 +16,16 @@
 
 def test_deployments(host):
     got = host.check_output(
-        "sudo kubectl get deploy --no-headers -o custom-columns=':metadata.name'"
+        "kubectl get deploy --no-headers -o custom-columns=':metadata.name'"
     )
     assert "my-nginx" == got
-    cmd = host.run("sudo kubectl rollout status deployment/my-nginx")
+    cmd = host.run("kubectl rollout status deployment/my-nginx")
     assert cmd.succeeded
     assert cmd.rc == 0
 
 
 def test_services(host):
     got = host.check_output(
-        "sudo kubectl get service --no-headers -o custom-columns=':metadata.name'"
+        "kubectl get service --no-headers -o custom-columns=':metadata.name'"
     )
     assert "my-nginx-svc" in got
diff --git a/e2e/provision/playbooks/roles/kpt/tasks/main.yml b/e2e/provision/playbooks/roles/kpt/tasks/main.yml
index d7149235..6f27284d 100644
--- a/e2e/provision/playbooks/roles/kpt/tasks/main.yml
+++ b/e2e/provision/playbooks/roles/kpt/tasks/main.yml
@@ -26,7 +26,6 @@
     directory: "{{ local_dest_directory }}/{{ pkg | split('/') | last }}"
 
 - name: Get package content information
-  become: true
   kpt:
     directory: "{{ directory }}"
     command: pkg-tree
@@ -49,8 +48,15 @@
     command: fn-render
   when: not kpt_resourcegroup.stat.exists
 
+- name: Recursively restore ownership of a directory package
+  ansible.builtin.file:
+    path: "{{ directory }}"
+    state: directory
+    owner: "{{ ansible_user_uid }}"
+    group: "{{ ansible_user_gid }}"
+    recurse: true
+
 - name: Get package differences between local and upstream
-  become: true
   kpt:
     pkg_path: "{{ directory }}"
     version: "{{ version }}"
@@ -62,7 +68,6 @@
     var: kpt_pkg_diff.stdout_lines
 
 - name: Init package
-  become: true
   kpt:
     pkg_path: "{{ directory }}"
     version: "{{ version }}"
@@ -77,7 +82,6 @@
     var: kpt_live_init
 
 - name: Apply package
-  become: true
   kpt:
     pkg_path: "{{ directory }}"
     version: "{{ version }}"
diff --git a/e2e/provision/playbooks/roles/kpt/tasks/wait_deployments.yml b/e2e/provision/playbooks/roles/kpt/tasks/wait_deployments.yml
index 04bc85d7..59f10581 100644
--- a/e2e/provision/playbooks/roles/kpt/tasks/wait_deployments.yml
+++ b/e2e/provision/playbooks/roles/kpt/tasks/wait_deployments.yml
@@ -9,7 +9,6 @@
 ##############################################################################
 
 - name: Get deployment resources
-  become: true
   kubernetes.core.k8s_info:
     context: "{{ context }}"
     api_version: v1
@@ -22,7 +21,6 @@
     var: deployment_list.resources
 
 - name: Wait for deployments
-  become: true
   kubernetes.core.k8s:
     definition:
       apiVersion: apps/v1