This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Configure workload identity federation with kubernetes for 2 google projects

Posted on 12-14-2023 12:26 AM
MayuCH
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I succeeded to configure workload identity federation with kubernetes according to this guide for one gc project: https://cloud.google.com/iam/docs/workload-identity-federation-with-kubernetes#eks_1 , but I don't understand how I can configure my kubernetes workload to authenticate to 2 different google cloud projects.

Even if I succeed to override the credentials file the authentication fails because of the serviceAccountToken.audience field in the manifest which can receive only a single value. I get an error: The audience in ID Token does not match the expected audience.

 
0 2 355
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
markWyatt
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

 

Setting up workload identity federation in Kubernetes across two Google Cloud projects involves configuring both projects, creating service accounts, enabling workload identity, and establishing trust between the projects. Below is a step-by-step guide:

Assumptions:

  1. You have two Google Cloud projects: Project A and Project B.
  2. You have the necessary permissions to perform actions in both projects.

Steps:

1. Enable Workload Identity in Both Projects:

Enable workload identity for both projects using the following commands:

 

bashCopy code
gcloud beta container clusters update CLUSTER_NAME --workload-pool=PROJECT_ID.svc.id.goog --region=REGION

 

 

Replace CLUSTER_NAME, PROJECT_ID, and REGION with your actual values.

2. Create a Service Account in Project A:

 

bashCopy code
gcloud iam service-accounts slideshare online downloader  create SA_NAME --project=PROJECT_A_ID

 

 

Replace SA_NAME and PROJECT_A_ID with your preferred service account name and Project A ID.

3. Bind Roles to Service Account in Project A:

 

bashCopy code
gcloud projects add-iam-policy-binding PROJECT_A_ID --member=serviceAccount:SA_NAME@PROJECT_A_ID.iam.gserviceaccount.com --role=roles/ROLE_NAME

 

 

Replace PROJECT_A_ID, SA_NAME, and ROLE_NAME with your actual values..............

0 Likes

Posted on --/--/---- --:-- AM
geekstation
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Looking for garage door repair near me? A Plus Garage Door Repairs is here for you in Palm Harbor also with 24/7 for emergency repairs. Garage Door Repair near me

0 Likes
Top Labels in this Space