When an application needs to access Google Cloud APIs, it needs credentials. On Google Cloud, we can attach a service account to the underlying compute resource to let the application obtain credentials. On AWS and Azure, we can achieve something to the same effect by using workload identity federation. But what about on-premises? What Google Cloud, AWS, and Azure all have in common is that they give VMs access to a metadata server, which serves as a conduit between data plane and control pla...
