Describe your use-case which is not covered by existing documentation.
If a GCP project is using OS Login the GCE guest agent skips inserting the SSH host key in the instance guest attributes (which by te way may also need to be enabled).
So, in a project with a project-wide GCE metadata that enables OS Login, the jenkins nodes started by the plugin will not be able to publish their SSH host key as a guest attribute and the jenkins controller won't be able to connect to them (failing because of a WARNING validating the host SSH key which in itself not very pretty).
A possible setup is disabling OS Login globally for the GCP project and enabling it for the jenkins controller machine (in its metadata) if it is needed and in the same GCP project. Without OS Login, IAM identities will not be able to login in worker nodes unless the nodes are prepared beforehand with authorized SSH keys. I'm not sure if changing the worker node metadata with the authorized SSH keys may reflect immediately in the actually authorized keys, as I'm not usually logging in interactively with statically assigned keys.
Reference any relevant documentation, other materials or issues/pull requests that can be used for inspiration.
No response
Are you interested in contributing to the documentation?
No response
Describe your use-case which is not covered by existing documentation.
If a GCP project is using OS Login the GCE guest agent skips inserting the SSH host key in the instance guest attributes (which by te way may also need to be enabled).
So, in a project with a project-wide GCE metadata that enables OS Login, the jenkins nodes started by the plugin will not be able to publish their SSH host key as a guest attribute and the jenkins controller won't be able to connect to them (failing because of a
WARNINGvalidating the host SSH key which in itself not very pretty).A possible setup is disabling OS Login globally for the GCP project and enabling it for the jenkins controller machine (in its metadata) if it is needed and in the same GCP project. Without OS Login, IAM identities will not be able to login in worker nodes unless the nodes are prepared beforehand with authorized SSH keys. I'm not sure if changing the worker node metadata with the authorized SSH keys may reflect immediately in the actually authorized keys, as I'm not usually logging in interactively with statically assigned keys.
Reference any relevant documentation, other materials or issues/pull requests that can be used for inspiration.
No response
Are you interested in contributing to the documentation?
No response