salrashid123 · December 6, 2021 13:21
diff --git a/k8s_wif_7.sh b/k8s_wif_7.sh
 export OIDC_TOKEN=`kubectl exec -ti myapp-deployment-86d84cff8f-ckljb  cat /var/run/secrets/iot-token/iot-token`

 curl -s -X POST    -d "grant_type=urn:ietf:params:oauth:grant-type:token-exchange"  \
   -d "audience=//iam.googleapis.com/projects/$PROJECT_NUMBER/locations/global/workloadIdentityPools/pool-k8s/providers/oidc-provider-k8s-1" \
   -d "subject_token_type=urn:ietf:params:oauth:token-type:jwt" \
   -d "requested_token_type=urn:ietf:params:oauth:token-type:access_token" \
   -d "scope=https://www.googleapis.com/auth/cloud-platform" \
   -d "subject_token=$OIDC_TOKEN"     https://sts.googleapis.com/v1beta/token | jq '.'
	export OIDC_TOKEN=`kubectl exec -ti myapp-deployment-86d84cff8f-ckljb cat /var/run/secrets/iot-token/iot-token`

	curl -s -X POST -d "grant_type=urn:ietf:params:oauth:grant-type:token-exchange" \
	-d "audience=//iam.googleapis.com/projects/$PROJECT_NUMBER/locations/global/workloadIdentityPools/pool-k8s/providers/oidc-provider-k8s-1" \
	-d "subject_token_type=urn:ietf:params:oauth:token-type:jwt" \
	-d "requested_token_type=urn:ietf:params:oauth:token-type:access_token" \
	-d "scope=https://www.googleapis.com/auth/cloud-platform" \
	-d "subject_token=$OIDC_TOKEN" https://sts.googleapis.com/v1beta/token \| jq '.'