bitbucket - 使用 gcloud 计算引擎实例的 Bitbucket 管道 ssh

问题描述

我正在使用 Bitbucket 管道在计算引擎上的可抢占机器上运行部署脚本。我使用具有所有者角色的 google sdk 和服务帐户，但仍然无法 ssh 到机器。这就是我的 bitbucket-pipelines.yml 的样子：

- echo $GCLOUD_API_KEYFILE | base64 --decode --ignore-garbage > ./gcloud-api-key.json
- gcloud auth activate-service-account --key-file gcloud-api-key.json
- gcloud config set project $GCLOUD_PROJECT
- gcloud compute --project $GCLOUD_PROJECT ssh --zone "us-east1-c" $INSTANCE_NAME --command "./deploy"

我可以看到我能够成功进行身份验证：

Activated service account credentials for: [...]

但我仍然无法通过 ssh 实例化

    gcloud compute --project "..." ssh --zone "us-east1-c" "..." --command "..."
WARNING: The public SSH key file for gcloud does not exist.
WARNING: The private SSH key file for gcloud does not exist.
WARNING: You do not have an SSH key for gcloud.
WARNING: SSH keygen will be executed to generate a key.
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/google_compute_engine.
Your public key has been saved in /root/.ssh/google_compute_engine.pub.
The key fingerprint is: ...
...
Updating project ssh metadata...
................Updated [https://www.googleapis.com/compute/v1/projects/...].
done.
Waiting for SSH key to propagate.
Warning: Permanently added '...' (RSA) to the list of known hosts.
Permission denied (publickey).

我错过了什么吗？我的理解是，一旦我以具有执行 ssh 权限的服务帐户身份进行身份验证，gcloud ssh 命令假设可以工作

标签： bitbucketgoogle-compute-enginegcloudbitbucket-pipelines