问题描述

在我的笔记本电脑上，我能够执行大多数 gcloud 命令，例如创建集群和许多其他命令.我有项目负责人的角色.

From my laptop, I am able to execute most gcloud commands, for example creating a cluster and many other commands. I have the Project Owner role.

但是，当我尝试获取K8s群集的凭据时，出现权限错误.但是在Cloud Shell中，命令成功.

But when I try to get credentials for a K8s cluster, I get a permission error. But in Cloud Shell, the command succeeds.

两者的登录帐户相同.

% gcloud container clusters get-credentials my-first-cluster-1 --zone us-central1-c --project my-project
Fetching cluster endpoint and auth data.
ERROR: (gcloud.container.clusters.get-credentials) get-credentials requires edit permission on my-project
$ gcloud config list account --format "value(core.account)"
<MY EMAIL>

但是在Cloud Shell中，这成功了！

But in Cloud Shell, this succeeds!

$ gcloud container clusters get-credentials my-first-cluster-1 --zone us-central1-c --project my-project
Fetching cluster endpoint and auth data.
kubeconfig entry generated for my-first-cluster-1.
$ gcloud config list account --format "value(core.account)"
<MY EMAIL>

推荐答案

错误消息确实不正确，在这种情况下不是很有用.当gcloud配置值 container/use_client_certificate 设置为 True 但未配置任何客户端证书时，就会发生此问题(请注意，客户端证书是旧式身份验证方法，并且是禁用及更高.).通过以下gcloud命令将其设置为 False 即可解决此问题:

The error message is indeed incorrect and not very helpful in this case. This issue occurs when the gcloud config value container/use_client_certificate is set to True but no client certificate has been configured (note that client certificate is a legacy authentication method and is disabled by default for clusters created with GKE 1.12 and higher.). Setting it to False via the following gcloud command solves this issue:

gcloud config set container/use_client_certificate False

在Cloud Shell中，此配置值默认设置为 False ，这说明了您遇到的不同行为.

This config value is set to False by default in Cloud Shell, which explains the different behavior you experienced.

这篇关于为什么我会收到“获取凭据需要编辑权限"的信息，我的终端上的gcloud错误，何时在Cloud Shell中成功?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！