I succeeded to configure workload identity federation with kubernetes according to this guide for one gc project: https://cloud.google.com/iam/docs/workload-identity-federation-with-kubernetes#eks_1 , but I don't understand how I can configure my kubernetes workload to authenticate to 2 different google cloud projects.
Even if I succeed to override the credentials file the authentication fails because of the serviceAccountToken.audience field in the manifest which can receive only a single value. I get an error: The audience in ID Token does not match the expected audience.
Setting up workload identity federation in Kubernetes across two Google Cloud projects involves configuring both projects, creating service accounts, enabling workload identity, and establishing trust between the projects. Below is a step-by-step guide:
Enable workload identity for both projects using the following commands:
Replace CLUSTER_NAME, PROJECT_ID, and REGION with your actual values.
Replace SA_NAME and PROJECT_A_ID with your preferred service account name and Project A ID.
Replace PROJECT_A_ID, SA_NAME, and ROLE_NAME with your actual values..............
Looking for garage door repair near me? A Plus Garage Door Repairs is here for you in Palm Harbor also with 24/7 for emergency repairs. Garage Door Repair near me