Sergey Shcherbakov
Sergey Shcherbakov
Yes. I am waiting for our infrastructure to upgrade to Java 11. Unfortunately, that's not going to happen soon.
+1 The Cloud SDK libraries support using Workload Identity for authentication by either contacting local metadata server when running on GCE or GKE or by accepting fleet workload identity configuration...
I am not sure how hostNetwork is related to WIF. WIF introduces additional credential type "external_account" for the client authentication libraries to be supported. The implementation would need to make...
When it "works", are you sure that you are authenticating as "workload" (`serviceAccount:FLEET_PROJECT_ID.svc.id.goog[K8S_NAMESPACE/KSA_NAME]`) rather than a single GSA, that the underlying GCE VM is running with?
It does, but 1) it depends on the environment where you are, e.g. GCE, GKE, non-GCP 2) the point of WIF is to work seamlessly (similarly) in environments outside of...
As minimum Reloader could deploy a K8s service that would allow triggering the reload.
Can it be that you are using externalTrafficPolicy=Local in Service and only one MetalLB node has Service Endpoint (pod) on it and it is the one that gets all VIPs?
@VakarisZ Could you please share the solution? I've tried setting `ssh_username` to `root` as well, still getting the same > ssh: unable to authenticate, attempted methods [none publickey], no supported...
The same OSLogin config with Google Service Account impersonation works! ``` source "googlecompute" "basic-example" { project_id = "my-project-id" source_image = "rhel-8-v20250123" machine_type = "n2-standard-4" zone = "us-central1-a" image_name = "my-image-rhel8-v20250303"...
Thank you, @akvadrako. Your hint about going via the certificate map in between has worked!