It's Me, Tommy

Managing Multiple Accounts in GCP

Add config. I like to name them based on my project name.

gcloud config configurations create [CONFIG_NAME]

Example

gcloud config configurations create my-account

Setup the new configuration.

gcloud init

List config.

gcloud config configurations list
NAME       IS_ACTIVE  ACCOUNT            PROJECT    DEFAULT_ZONE  DEFAULT_REGION
default    False      user1@domain1.com  project-1  us-west1-a    us-west1
my-account True       user2@domain2.com  project-2  us-west1-a    us-west1

List active account.

gcloud auth list
      Credentialed Accounts
ACTIVE  ACCOUNT
        user1@domain1.com
*       user2@domain2.com

List Cloud SDK properties for the currently active configuration.

gcloud config list
[compute]
region = us-west1
zone = us-west1-a
[core]
account = user2@domain2.com
disable_usage_reporting = True
project = project-2

Your active configuration is: [my-account]

Switch account.

gcloud config configurations activate [CONFIG_NAME]

Example

gcloud config configurations activate default
gcloud config configurations activate my-account

Create aliases (optional).

vi ~/.zshrc
alias g1="gcloud config configurations activate default"
alias g2="gcloud config configurations activate my-account"
alias gl="gcloud config list"
alias gll="gcloud config configurations list"

Delete configuration.

gcloud config configurations delete my-account

Errors

When switching back and fourth, I ran into the following permissions issue when using kubectl.

kubectl get pods
Error from server (Forbidden): pods is forbidden: User "user1@domain1.com" cannot list resource "pods" in API group "" in the namespace "itsmetommy": No policy matched.
Required "container.pods.list" permission.

It looks like there’s some sort of issue with the access-token, so I ended up deleting the access-token lines within ~/.kube/config. Not the best solution IMO, but it works for now. It re-creates a new access-token once you make a new request to the k8s API.

sed -i '' '/access-token:/d' ~/.kube/config

Updated aliases.

vi ~/.zshrc
alias g1="gcloud config configurations activate default && sed -i '' '/access-token:/d' ~/.kube/config"
alias g2="gcloud config configurations activate my-account && sed -i '' '/access-token:/d' ~/.kube/config"

Tommy Elmesewdy

, , , , , , ,