0
votes

I'm using gcloud and kubectl to handle my resources (Kubernetes, VM and so on). Everything worked find until I read some article that created a new service account and activate it via cloud. Something like this:

gcloud auth activate-service-account --key-file=path/to/key

The created service account has limited permissions to few resources. When I run commands, like:

kubectl --namespace production get pods

I'm getting back response like:

Error from server (Forbidden): pods is forbidden: User "[email protected]" cannot list resource "pods" in API group "" in the namespace "production": requires one of ["container.pods.list"] permission(s).

The SA [email protected] is the service account that I created yesterday. For some reason, it took control on my default permissions and I'm locked out because this user almost has no permissions.

I tried to make the gcloud forget this service account without success. Things I tried:

  1. Uninstall & Install of gcloud and kubectl
  2. Remove the config directory ("~/.config/gcloud/")
  3. gcloud auth login

All those tried was failed. I still getting the same message as above.

How I can make gcloud and kubectl forget this service account?

Thanks!

1
Did you try a gcloud auth application-default login? You can also see the current configuration of your gcloud CLI by doing gcloud config list, and change some default parameter with gcloud config set param_name param_value. With this, you will be able to solve your issue. - guillaume blaquiere
Yes, this solved the problem! Thank you. Please convert it to answer and I'll mark it as "solution". - No1Lives4Ever
happy to hear this!! I answered your question ;) - guillaume blaquiere

1 Answers

2
votes

You can perform a gcloud auth application-default login

You can also see the current configuration of your gcloud CLI by doing gcloud config list. You can change some default parameter with gcloud config set param_name param_value. For example (because you will use often it if you have several projects)

gcloud config set project MyProjectId

With these, you will be able to solve your issue