The new vault workload identity thing for Nomad... I have questions

Actually just one: it mentions in the setup for the jwt auth in Vault that you should refer back to the JWKS URL on the Nomad server. That’s fine, but how does that work if we have multiple clusters federated together? Do I use 1 auth endpoint? Does each cluster need it’s own auth endpoint?

The documentation does not make this clear, at all.