GCE and Kubernetes permissions

3/3/2018

I'm trying to setup via script a kubernetes cluster on GCE, which always worked for the past, but I created a new project on GCE and I suddenly get all these permissions errors:

Example:

Error from server (Forbidden): serviceaccounts is forbidden: User "client" cannot list serviceaccounts in the namespace "default": Unknown user "client"

Also when I kubectl proxy and open http://localhost:8001/ I get:

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "forbidden: User \"client\" cannot get path \"/\": Unknown user \"client\"",
  "reason": "Forbidden",
  "details": {

  },
  "code": 403
}

Could somebody hint me please into the right direction? Thx!

-- Tino
google-compute-engine
kubernetes

1 Answer

3/3/2018

Duplicate of what does Unknown user "client" mean?:

Found out there is some issue with gcloud config. This command solved it:

gcloud config unset container/use_client_certificate

-- Tino
Source: StackOverflow