I have 2 gmail accounts, each account is associated with 2 separate GCP accounts. To switch accounts from the command line, I've been using both of these commands for the past 2 weeks or so:
$ gcloud config configurations activate ACCT_NAME
$ kubectl config set-context CONTEXTNote: I also have been using 'kubectx' which makes switching contexts a bit easier than using 'kubectl config set-context'; basically its a bit less typing. Both 'kubectl config set-context' and 'kubect' have worked in the past (I think).
It seems like this approach has been working fine until this morning. I tried switching from context A to context B, but now I'm getting errors like this:
$ kubectl get pods -A
Error from server (Forbidden): pods is forbidden: User "<my_email_address>" cannot list resource "pods" in API group "" at the cluster scope: Required "container.pods.list" permission.The email address shown is for context A, not context B. I checked the following commands to verify the current (or active) context and email accounts are correct:
$ kubectl config current-context
$ gcloud config configurations listSo the current contexts, accounts, and associated email addresses are correct. I'm not clear why kubectl is still trying to access the GKE with the email account from context A (not context B).
Any thoughts?
So I had posted this question a couple weeks ago:
https://serverfault.com/questions/997220/kubectl-not-showing-new-context-created-in-gcp
For whatever reason, I had to rerun this command to get things working again:
$ gcloud container clusters get-credentials NAMENote: you can get the cluster name from this command 'gcloud container clusters list'
I have no idea why I had to re-run get-credentials. I don't believe my credentials changed; this took me a while to figure out.