cross project

Author: mletalie

modules/create-wif-cluster-cli.adoc

@@ -46,10 +46,26 @@ Alternatively, you can use the `manual` mode. In `manual` mode, you are provided
 $ ocm gcp create wif-config --name <wif_name> \ <1>
   --project <gcp_project_id> \ <2>
   --version <osd_version> <3>
+  --federated project <gcp_project_id> <4>
 ----
 <1> Replace `<wif_name>` with the name of your WIF configuration.
 <2> Replace `<gcp_project_id>` with the ID of the {GCP} project where the WIF configuration will be implemented.
 <3> Optional: Replace `<osd_version>` with the desired {product-title} version the wif-config will need to support. If you do not specify a version, the wif-config will support the latest {product-title} y-stream version as well as the last three supported {product-title} y-stream versions (beginning with version 4.17).
+<4> Optional: Replace `<gcp_project_id>` with the ID of the dedicated project where the workload identity pools and providers will be created and managed. If `--federated-project` is not specified, the workload identity pools and providers will be created and managed in the project specified by the `--project flag`.
++
+
+[NOTE]
+=====
+Using a dedicated project to create and manage workload identity pools and providers is recommended by {GCP}.
+Using a dedicated project helps you to establish centralized governance over the configuration of workload identity pools and providers, enforce uniform attribute mappings and conditions throughout all projects and applications, and ensure that only authorized identity providers can authenticate with WIF.
+
+For more information, see link:https://cloud.google.com/iam/docs/best-practices-for-using-workload-identity-federation#dedicated-project[Use a dedicated project to manage workload identity pools and providers].
+=====
++
+[IMPORTANT]
+====
+Creating and managing workload identity pools and providers in a dedicated project is only allowed during initial WIF configuration creation. The `--federated-project` flag cannot be applied to existing `wif-configs`.
+====
 +
 --
 .Example output

osd_whats_new/osd-whats-new.adoc

@@ -16,11 +16,18 @@ With its foundation in Kubernetes, {product-title} is a complete {OCP} cluster p
 == New changes and updates
 
 [id="osd-q2-2025_{context}"]
+
+=== Q3 2025
+* ** Support for managing workload identity pools and providers in a dedicated {GCP} project.**
+{product-title} on {GCP} now supports the option of creating and managing workload identity pools and providers in a specified dedicated project during the creation of a  WIF configuration. For more information, see  xref:../osd_gcp_clusters/creating-a-gcp-cluster-with-workload-identity-federation.adoc#create-wif-configuration_osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Creating a WIF configuration].
+
+
+
 === Q2 2025
 
 // * **{product-title} SDN network plugin blocks future major upgrades**
 * **Updated version requirements for migration from OpenShift SDN to OVN-Kubernetes.**
-Your cluster version must be 4.16.43 or above to initiate live migration from the OpenShift SDN network plugin to the OVN-Kubernetes network plugin. 
+Your cluster version must be 4.16.43 or above to initiate live migration from the OpenShift SDN network plugin to the OVN-Kubernetes network plugin.
 +
 If your cluster uses the OpenShift SDN network plugin, you cannot upgrade to future major versions of {product-title} without migrating to OVN-Kubernetes.
 +