Acccess Google Cloud DNS Cross project

Question

I am trying to get cert-manager in Project B to set up a certificate automatically but for the DNS01 challenge to work for the clusterIssuer i need it to access Project A's Cloud DNS.

I have two separate projects in Google Cloud on my first, say Project A, i have a Cloud DNS setup which i want to reach from Project B. I created a service-account in Project A and activated it in gcloud with

gcloud auth activate-service-account --key-file=projectA-service-account.json

and then copied the service-account email and went to Project B in the Google Cloud Console, into IAM and choose to make a new Member, pasted the email and clicked the IAM that pops up, adds the role "DNS Administrator". With this i only seem to get access to Project B's Cloud DNS and if i try to do it reversed so i setup a service-account in Project B i only get

ERROR: (gcloud.dns.record-sets.list) HTTPError 404: The 'parameters.managedZone' resource named 'test-zone' does not exist.

I try to follow: https://stackoverflow.com/a/35558464/10516964

Does anyone have any ideas on how i can reach the Cloud DNS in Project A from Project B?

EDIT: Solved this, i just used the wrong key-file, see answer below.

Answer 1

I managed to solve this.

It did work, i just didn't saved the correct key-file into a secret so the clusterIssuer had the wrong credentials. Worked alot better when i saved the key from Project A and put into the secret on Project B and made that clusterIssuer use it. DNS01 Worked right away after that.