I think your Legacy Authorisation has been disabled in cluster settings. The client certificate that you are using is a Legacy Authentication method. So your client authentication actually succeeds but the authorisation fails. So now you can either of the following things:
Try and disable the use of client certificate:
gcloud config unset container/use_client_certificate
And regenerate your kubectl config:
gcloud container clusters get-credentials my-cluster
OR the more simpler method being, enable Legacy Authorisation in the cluster settings in the Google Cloud Console.