ERROR: (gcloud.beta.compute.ssh) RESOURCE_EXHAUSTED / APPLICATION_ERROR #81
Description
TL;DR
Unable to log in a designated VM instance in GCP through the Action Runner. I am using WIF/provider to authenticate.
Expected behavior
SSH to the machine.
Observed behavior
Command :
gcloud compute ssh xxx-xxx-gateway --zone me-central2-c
--tunnel-through-iap --command "echo 'Test successful'"
WARNING:
To increase the performance of the tunnel, consider installing NumPy. For instructions,
please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the_tcp_upload_bandwidth
Test successful.
works fine on a local.
Action Yaml
- name: Get Prod Deployment Image
id: get-prod-deployment-images
continue-on-error: true
uses: google-github-actions/ssh-compute@v1
with:
gcloud_component: beta
instance_name: "xxx-xxx-gateway"
zone: "me-central2-c"
ssh_private_key: "${{ steps.fetch-pat-secret.outputs.gcp-ssh-private-key }}"
command: |
# Set context for prod
CONTEXT_NAME="xxx-xxx-xxx-central2_prod-cluster"
# Use or get credentials
if kubectl config get-contexts "${CONTEXT_NAME}" > /dev/null 2>&1; then
kubectl config use-context "${CONTEXT_NAME}" > /dev/null 2>&1
else
gcloud container clusters get-credentials prod-cluster --zone me-central2 --project xxx-xxx-prod > /dev/null 2>&1
fi
# Get current image tag (with better error handling)
if kubectl get deployment ${{ inputs.service-name }} -n prod &>/dev/null; then
kubectl get deployment ${{ inputs.service-name }} -n prod -o jsonpath='{.spec.template.spec.containers[0].image}'
else
echo "DEPLOYMENT_NOT_FOUND"
fi
Log Output
Error: google-github-actions/ssh-compute failed with: failed to execute gcloud command `gcloud beta compute ssh xxx-xxx-gateway --zone me-central2-c --ssh-key-file /tmp/e1031d58295d884216f4c20a/google_compute_engine --quiet --tunnel-through-iap --command # Set context for dev
CONTEXT_NAME="xxx-app-xxx-central2-b_dev-cluster"
# Use or get credentials
if kubectl config get-contexts "${CONTEXT_NAME}" > /dev/null 2>&1; then
kubectl config use-context "${CONTEXT_NAME}" > /dev/null 2>&1
else
gcloud container clusters get-credentials dev-cluster --zone me-central2-b --project xxx-xxx-dev > /dev/null 2>&1
fi
# Get current image tag (with better error handling)
if kubectl get deployment xxx-service -n dev &>/dev/null; then
kubectl get deployment xxx-service -n dev -o jsonpath='{.spec.template.spec.containers[0].image}'
else
echo "DEPLOYMENT_NOT_FOUND"
fi`: ERROR: (gcloud.beta.compute.ssh) RESOURCE_EXHAUSTED: <eye3 title='/OsLoginService.SignSshPublicKey, RESOURCE_EXHAUSTED'/> APPLICATION_ERROR;google.cloud.oslogin.v1alpha/OsLoginService.SignSshPublicKey;Request throttled at the client by AdaptiveThrottler.;AppErrorCode=4;StartTimeMs=1742463849331;unknown;Deadline(sec)=5.0;ResFormat=uncompressed;NoServerTime;LogBytes=256;Non-FailFast;EffSecLevel=none;ReqFormat=uncompressed;ReqID=96b67075592dd8d1;GlobalID=0