I'm using gcloud and kubectl to handle my resources (Kubernetes, VM and so on). Everything worked find until I read some article that created a new service account and activate it via cloud. Something like this:
gcloud auth activate-service-account --key-file=path/to/key
The created service account has limited permissions to few resources. When I run commands, like:
kubectl --namespace production get pods
I'm getting back response like:
Error from server (Forbidden): pods is forbidden: User "[email protected]" cannot list resource "pods" in API group "" in the namespace "production": requires one of ["container.pods.list"] permission(s).
The SA [email protected] is the service account that I created yesterday. For some reason, it took control on my default permissions and I'm locked out because this user almost has no permissions.
I tried to make the gcloud forget this service account without success. Things I tried:
- Uninstall & Install of
gcloudandkubectl - Remove the config directory ("~/.config/gcloud/")
gcloud auth login
All those tried was failed. I still getting the same message as above.
How I can make gcloud and kubectl forget this service account?
Thanks!
gcloud auth application-default login? You can also see the current configuration of your gcloud CLI by doinggcloud config list, and change some default parameter withgcloud config set param_name param_value. With this, you will be able to solve your issue. – guillaume blaquiere