I am using Bitbucket pipelines to run deploy script on preemptable machines on compute engine. I use google sdk and service account with Owner role, but still can't ssh to the machine. that is how my bitbucket-pipelines.yml looks like:
- echo $GCLOUD_API_KEYFILE | base64 --decode --ignore-garbage > ./gcloud-api-key.json
- gcloud auth activate-service-account --key-file gcloud-api-key.json
- gcloud config set project $GCLOUD_PROJECT
- gcloud compute --project $GCLOUD_PROJECT ssh --zone "us-east1-c" $INSTANCE_NAME --command "./deploy"
I can see that I am able to successfully authenticate:
Activated service account credentials for: [...]
but I am still failing on ssh to instance
gcloud compute --project "..." ssh --zone "us-east1-c" "..." --command "..."
WARNING: The public SSH key file for gcloud does not exist.
WARNING: The private SSH key file for gcloud does not exist.
WARNING: You do not have an SSH key for gcloud.
WARNING: SSH keygen will be executed to generate a key.
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/google_compute_engine.
Your public key has been saved in /root/.ssh/google_compute_engine.pub.
The key fingerprint is: ...
...
Updating project ssh metadata...
................Updated [https://www.googleapis.com/compute/v1/projects/...].
done.
Waiting for SSH key to propagate.
Warning: Permanently added '...' (RSA) to the list of known hosts.
Permission denied (publickey).
Am I missing something? My understanding was once I authenticate as service account with permissions perform ssh, gcloud ssh command suppose to work
