kubectx does not change user when switching between contexts
danielleiszen opened this issue · 5 comments
I have multiple google accounts that I use for different GKE projects.
When I try to switch between these projects using kubectx, the kubectl context is being switched, but the user remains the same.
I get the following error:
kubectl get pod
Error from server (Forbidden): pods is forbidden: User "d....n@gmail.com" cannot list resource "pods" in API group "" in the namespace "default": requires one of ["container.pods.list"] permission(s).
However for that context, a different user is configured using
glcoud auth login
gcloud container clusters get-credentials
Do I need to configure something else?
Thx
Check if your contexts share the user. Kubectx doesn't do any magic.
The contexts do not share the same user. They are attached to different users.
Magic is not expected. Maybe this is obvious for you, but I do not know (and not planning to know) the internals of kubectl. So, for me its quite natural to expect that if the user is tied to the context, when I switch the context I would switch the user also. Sadly it seems not being the case, however I could not find any useful information about switching the user without removing the whole context and creating again using gcloud. That is (being magic or not) not what I expected from such sophisticated technology.
Anyway, thank you for the clarification.
Yeah, kubeconfig file has a certain format. Each context gets its own user, you can't "switch users", you have to switch context altogether. Switching gcloud user works too.
Yeah, kubeconfig file has a certain format. Each context gets its own user, you can't "switch users", you have to switch context altogether. Switching gcloud user works too.
How does it work to switch gcloud user?
It doesn't. Your user comes from the current account on gcloud, but it may be cached in kubectl. I recommend re-running "gcloud container get-credentials" when you switch users.