Managing Multiple Accounts in GCP

Add an account.

gcloud config configurations create [CONFIG_NAME]


gcloud config configurations create my-account

Setup the new configuration.

gcloud init

List config.

gcloud config configurations list
default    False  project-1  us-west1-a    us-west1
my-account True  project-2  us-west1-a    us-west1

List active account.

gcloud auth list
      Credentialed Accounts

List Cloud SDK properties for the currently active configuration.

gcloud config list
region = us-west1
zone = us-west1-a
account =
disable_usage_reporting = True
project = project-2

Your active configuration is: [my-account]

Switch account.

gcloud config configurations activate [CONFIG_NAME]


gcloud config configurations activate default
gcloud config configurations activate my-account

Create aliases (optional).

vi ~/.zshrc
alias g1="gcloud config configurations activate default"
alias g2="gcloud config configurations activate my-account"
alias gl="gcloud config list"
alias gll="gcloud config configurations list"

Delete configuration.

gcloud config configurations delete my-account


When switching back and fourth, I ran into the following permissions issue when using kubectl.

kubectl get pods
Error from server (Forbidden): pods is forbidden: User "" cannot list resource "pods" in API group "" in the namespace "itsmetommy": No policy matched.
Required "container.pods.list" permission.

It looks like there’s some sort of issue with the access-token, so I ended up deleting the access-token lines within ~/.kube/config. Not the best solution IMO, but it works for now. It re-creates a new access-token once you make a new request to the k8s API.

sed -i '' '/access-token:/d' ~/.kube/config

Updated aliases.

vi ~/.zshrc
alias g1="gcloud config configurations activate default && sed -i '' '/access-token:/d' ~/.kube/config"
alias g2="gcloud config configurations activate my-account && sed -i '' '/access-token:/d' ~/.kube/config"