-
Bug
-
Resolution: Not a Bug
-
Normal
-
None
-
4.10
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
Moderate
-
No
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
We are setting up a webhook for mutating pods that will require GCP Workload Identity Federation access from openshift Kubernetes Cluster.
we installed the webhook (https://github.com/pfnet-research/gcp-workload-identity-federation-webhook), created sa with required annotations for the configured GCP workload identity federation. Once we run a pod with the created sa, it's not able to list storage buckets for example due to following:
(gcloud.storage.buckets.list) There was a problem refreshing your current auth tokens: ('Error code invalid_grant: Unable to verify the ID Token signature.', '{"error":"invalid_grant","error_description":"Unable to verify the ID Token signature."}')
Version-Release number of selected component (if applicable): OCP 4.10
How reproducible:{code:none}
Steps to Reproduce:
