Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why do I get "get-credentials requires edit permission" error in gcloud on my terminal, when it succeeds in Cloud Shell?

From my laptop, I am able to execute most gcloud commands, for example creating a cluster and many other commands. I have the Project Owner role.

But when I try to get credentials for a K8s cluster, I get a permission error. But in Cloud Shell, the command succeeds.

The logged-in account is the same in both.

% gcloud container clusters get-credentials my-first-cluster-1 --zone us-central1-c --project my-project
Fetching cluster endpoint and auth data.
ERROR: (gcloud.container.clusters.get-credentials) get-credentials requires edit permission on my-project
$ gcloud config list account --format "value(core.account)"
<MY EMAIL>

But in Cloud Shell, this succeeds!

$ gcloud container clusters get-credentials my-first-cluster-1 --zone us-central1-c --project my-project
Fetching cluster endpoint and auth data.
kubeconfig entry generated for my-first-cluster-1.
$ gcloud config list account --format "value(core.account)"
<MY EMAIL>
like image 820
Joshua Fox Avatar asked Jul 16 '20 15:07

Joshua Fox


1 Answers

The error message is indeed incorrect and not very helpful in this case. This issue occurs when the gcloud config value container/use_client_certificate is set to True but no client certificate has been configured (note that client certificate is a legacy authentication method and is disabled by default for clusters created with GKE 1.12 and higher.). Setting it to False via the following gcloud command solves this issue:

gcloud config set container/use_client_certificate False

This config value is set to False by default in Cloud Shell, which explains the different behavior you experienced.

like image 68
LundinCast Avatar answered Nov 18 '22 08:11

LundinCast