Configure workload identity federation with kubernetes for 2 google projects

Google Cloud Serverless Applications
1

I succeeded to configure workload identity federation with kubernetes according to this guide for one gc project: https://cloud.google.com/iam/docs/workload-identity-federation-with-kubernetes#eks_1 , but I don’t understand how I can configure my kubernetes workload to authenticate to 2 different google cloud projects.

Even if I succeed to override the credentials file the authentication fails because of the serviceAccountToken.audience field in the manifest which can receive only a single value. I get an error: The audience in ID Token does not match the expected audience.

2

Setting up workload identity federation in Kubernetes across two Google Cloud projects involves configuring both projects, creating service accounts, enabling workload identity, and establishing trust between the projects. Below is a step-by-step guide:

Assumptions:

  1. You have two Google Cloud projects: Project A and Project B.
  2. You have the necessary permissions to perform actions in both projects.

Steps:

1. Enable Workload Identity in Both Projects:

Enable workload identity for both projects using the following commands:

bashCopy code
gcloud beta container clusters update CLUSTER_NAME --workload-pool=PROJECT_ID.svc.id.goog --region=REGION

 

Replace CLUSTER_NAME, PROJECT_ID, and REGION with your actual values.

2. Create a Service Account in Project A:

bashCopy code
gcloud iam service-accounts slideshare online downloader create SA_NAME --project=PROJECT_A_ID

 

Replace SA_NAME and PROJECT_A_ID with your preferred service account name and Project A ID.

3. Bind Roles to Service Account in Project A:

bashCopy code
gcloud projects add-iam-policy-binding PROJECT_A_ID --member=serviceAccount:SA_NAME@PROJECT_A_ID.iam.gserviceaccount.com --role=roles/ROLE_NAME

 

Replace PROJECT_A_ID, SA_NAME, and ROLE_NAME with your actual values…

3

Looking for garage door repair near me? A Plus Garage Door Repairs is here for you in Palm Harbor also with 24/7 for emergency repairs. Garage Door Repair near me