what does Unknown user “client” mean?

Question

When I run a simple command on my local shell with gcloud sdk.

$ kubectl get pod

I get such error:

Error from server

Answer 1

This happens when you disable Legacy Authorisation in the cluster settings, because the client certificate that you are using is a legacy authentication method. So it looks like what is happening is the client authentication succeeds but the authorisation fails, as expected. ("Unknown user" in the error message, confusingly, seems to mean the user is unknown to the authorisation system, not to the authentication system.)

You can either disable the use of the client certificate with

gcloud config unset container/use_client_certificate

and then regenerate your kubectl config with

gcloud container clusters get-credentials my-cluster

Or you can simply re-enable Legacy Authorisation in the cluster settings in the Google Cloud Console, or using the command:

gcloud container clusters update [CLUSTER_NAME] --enable-legacy-authorization