Hey everyone,

I've been following this guide: Connect from Google Kubernetes Engine  |  Cloud SQL for SQL Server  |  Google Cloud to setup the sql auth proxy as a sidecar using workload identities, for SQL Server. I've given my service account the appropriate roles of roles/cloudsql.client and roles/cloudsql.admin. However, even though I've configured a Kubernetes Service Account with this GCP service account, whenever I make a deployment I get this error: 

{"severity":"INFO","timestamp":"2023-07-27T18:55:10.423Z","message":"Authorizing with Application Default Credentials"}
{"severity":"ERROR","timestamp":"2023-07-27T18:55:10.786Z","message":"The proxy has encountered a terminal error: unable to start: failed to get instance: Refresh error: failed to get instance metadata (connection name = <CONNECTION_NAME"): googleapi: Error 403: Request had insufficient authentication scopes.\nDetails:\n[\n {\n \"@type\": \"type.googleapis.com/google.rpc.ErrorInfo\",\n \"domain\": \"googleapis.com\",\n \"metadata\": {\n \"method\": \"google.cloud.sql.v1beta4.SqlConnectService.GetConnectSettings\",\n \"service\": \"sqladmin.googleapis.com\"\n },\n \"reason\": \"ACCESS_TOKEN_SCOPE_INSUFFICIENT\"\n }\n]\n\nMore details:\nReason: insufficientPermissions, Message: Insufficient Permission\n"}

where I just blotted out <CONNECTION_NAME> for privacy. Despite trying repeatedly and even setting up a new service account, I still get this issue. Any help would be greatly appreciated, thanks!