I am trying to get cert-manager in Project B to set up a certificate automatically but for the DNS01 challenge to work for the clusterIssuer i need it to access Project A's Cloud DNS.
I have two separate projects in Google Cloud on my first, say Project A, i have a Cloud DNS setup which i want to reach from Project B. I created a service-account in Project A and activated it in gcloud with
gcloud auth activate-service-account --key-file=projectA-service-account.json
and then copied the service-account email and went to Project B in the Google Cloud Console, into IAM and choose to make a new Member, pasted the email and clicked the IAM that pops up, adds the role "DNS Administrator". With this i only seem to get access to Project B's Cloud DNS and if i try to do it reversed so i setup a service-account in Project B i only get
ERROR: (gcloud.dns.record-sets.list) HTTPError 404: The 'parameters.managedZone' resource named 'test-zone' does not exist.
I try to follow: https://stackoverflow.com/a/35558464/10516964
Does anyone have any ideas on how i can reach the Cloud DNS in Project A from Project B?
EDIT: Solved this, i just used the wrong key-file, see answer below.
