使用gcloud和kubectl切换GCP帐户和上下文无法正常工作 [英] Switching GCP accounts and contexts with gcloud and kubectl is not working

问题描述

我有2个gmail帐户，每个帐户都与2个单独的GCP帐户相关联.要从命令行切换帐户，过去两周左右的时间里，我一直在使用这两个命令:

I have 2 gmail accounts, each account is associated with 2 separate GCP accounts. To switch accounts from the command line, I've been using both of these commands for the past 2 weeks or so:

$ gcloud config configurations activate ACCT_NAME
$ kubectl config set-context CONTEXT

注意:我也一直在使用'kubectx'，这使得切换上下文比使用'kubectl config set-context'更容易.基本上，它的打字少了一点. "kubectl config set-context"和"kubect"在过去都有效(我认为).

Note: I also have been using 'kubectx' which makes switching contexts a bit easier than using 'kubectl config set-context'; basically its a bit less typing. Both 'kubectl config set-context' and 'kubect' have worked in the past (I think).

直到今天早上，这种方法似乎一直有效.我尝试从上下文A切换到上下文B，但是现在出现了这样的错误:

It seems like this approach has been working fine until this morning. I tried switching from context A to context B, but now I'm getting errors like this:

$ kubectl get pods -A                                             
Error from server (Forbidden): pods is forbidden: User "<my_email_address>" cannot list resource "pods" in API group "" at the cluster scope: Required "container.pods.list" permission.

显示的电子邮件地址用于上下文A，而不是上下文B.我检查了以下命令，以验证当前(或活动的)上下文和电子邮件帐户是否正确:

The email address shown is for context A, not context B. I checked the following commands to verify the current (or active) context and email accounts are correct:

$ kubectl config current-context
$ gcloud config configurations list

因此，当前的上下文，帐户和关联的电子邮件地址是正确的.我不清楚为什么kubectl仍然尝试使用上下文A(而不是上下文B)中的电子邮件帐户访问GKE.

So the current contexts, accounts, and associated email addresses are correct. I'm not clear why kubectl is still trying to access the GKE with the email account from context A (not context B).

有什么想法吗?

推荐答案

所以我几周前发布了这个问题:

So I had posted this question a couple weeks ago:

https://serverfault.com/questions/997220/kubectl -不显示在gcp中创建的新上下文

无论出于何种原因，我都必须重新运行此命令才能使事情再次运行:

For whatever reason, I had to rerun this command to get things working again:

$ gcloud container clusters get-credentials NAME

注意:您可以从此命令"gcloud容器群集列表"中获取群集名称

Note: you can get the cluster name from this command 'gcloud container clusters list'

我不知道为什么我必须重新运行get-credentials.我不相信我的身份有所改变；这花了我一段时间才能弄清楚.

I have no idea why I had to re-run get-credentials. I don't believe my credentials changed; this took me a while to figure out.

这篇关于使用gcloud和kubectl切换GCP帐户和上下文无法正常工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！