ssh-compute icon indicating copy to clipboard operation
ssh-compute copied to clipboard

Published 20 hours ago verified publisher icon google-github-actions

ERROR: (gcloud.beta.compute.ssh) RESOURCE_EXHAUSTED / APPLICATION_ERROR

Open gnomefin opened this issue 7 months ago • 0 comments

TL;DR

Unable to log in a designated VM instance in GCP through the Action Runner. I am using WIF/provider to authenticate.

Expected behavior

SSH to the machine.

Observed behavior

Command : gcloud compute ssh xxx-xxx-gateway --zone me-central2-c
--tunnel-through-iap --command "echo 'Test successful'" WARNING:

To increase the performance of the tunnel, consider installing NumPy. For instructions, please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the_tcp_upload_bandwidth

Test successful.

works fine on a local.

Action Yaml

    - name: Get Prod Deployment Image
      id: get-prod-deployment-images
      continue-on-error: true
      uses: google-github-actions/ssh-compute@v1
      with:
        gcloud_component: beta
        instance_name: "xxx-xxx-gateway"
        zone: "me-central2-c"
        ssh_private_key: "${{ steps.fetch-pat-secret.outputs.gcp-ssh-private-key }}"
        command: |
          # Set context for prod
          CONTEXT_NAME="xxx-xxx-xxx-central2_prod-cluster"
          
          # Use or get credentials
          if kubectl config get-contexts "${CONTEXT_NAME}" > /dev/null 2>&1; then
            kubectl config use-context "${CONTEXT_NAME}" > /dev/null 2>&1
          else
            gcloud container clusters get-credentials prod-cluster --zone me-central2 --project xxx-xxx-prod > /dev/null 2>&1
          fi
          
          # Get current image tag (with better error handling)
          if kubectl get deployment ${{ inputs.service-name }} -n prod &>/dev/null; then
            kubectl get deployment ${{ inputs.service-name }} -n prod -o jsonpath='{.spec.template.spec.containers[0].image}'
          else
            echo "DEPLOYMENT_NOT_FOUND"
          fi

Log Output

Error: google-github-actions/ssh-compute failed with: failed to execute gcloud command `gcloud beta compute ssh xxx-xxx-gateway --zone me-central2-c --ssh-key-file /tmp/e1031d58295d884216f4c20a/google_compute_engine --quiet --tunnel-through-iap --command # Set context for dev
CONTEXT_NAME="xxx-app-xxx-central2-b_dev-cluster"

# Use or get credentials
if kubectl config get-contexts "${CONTEXT_NAME}" > /dev/null 2>&1; then
  kubectl config use-context "${CONTEXT_NAME}" > /dev/null 2>&1
else
  gcloud container clusters get-credentials dev-cluster --zone me-central2-b --project xxx-xxx-dev > /dev/null 2>&1
fi

# Get current image tag (with better error handling)
if kubectl get deployment xxx-service -n dev &>/dev/null; then
  kubectl get deployment xxx-service -n dev -o jsonpath='{.spec.template.spec.containers[0].image}'
else
  echo "DEPLOYMENT_NOT_FOUND"
fi`: ERROR: (gcloud.beta.compute.ssh) RESOURCE_EXHAUSTED: <eye3 title='/OsLoginService.SignSshPublicKey, RESOURCE_EXHAUSTED'/> APPLICATION_ERROR;google.cloud.oslogin.v1alpha/OsLoginService.SignSshPublicKey;Request throttled at the client by AdaptiveThrottler.;AppErrorCode=4;StartTimeMs=1742463849331;unknown;Deadline(sec)=5.0;ResFormat=uncompressed;NoServerTime;LogBytes=256;Non-FailFast;EffSecLevel=none;ReqFormat=uncompressed;ReqID=96b67075592dd8d1;GlobalID=0

gnomefin avatar Mar 20 '25 10:03 gnomefin