This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Having problems to access private cluster from GH Actions self-hosted runner with kubectl

Posted on 03-12-2024 08:51 PM
arkadyb
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I am tying to get `kubectl` to access from the self-hosted GH Actions runner to a private GKE cluster.

Here is the pipeline i use:

 

 

deploy:
    name: Deploy
    runs-on: arc-runner-set # self-hosted runner within the same GKE cluster
    environment: production

    permissions:
      id-token: write
      contents: read
      actions: read

    steps:
      - id: auth
        uses: "google-github-actions/auth@v2"
        with:
          credentials_json: "${{ secrets.GCP_CREDENTIALS }}"

      - uses: azure/setup-kubectl@v3
        with:
          version: "latest"

      - uses: google-github-actions/get-gke-credentials@v2
        with:
          cluster_name: ${{ env.GKE_CLUSTER }}
          location: ${{ env.GKE_ZONE }}

      - id: "get-pods"
        run: "kubectl get pods"

 

 

The steps all pass except for the last one throwing:

 

 

E0313 02:30:55.926214     101 memcache.go:265] couldn't get current server API group list: Get "https://35.202.107.4/api?timeout=32s": dial tcp 35.202.107.4:443: i/o timeout
E0313 02:31:25.927328     101 memcache.go:265] couldn't get current server API group list: Get "https://35.202.107.4/api?timeout=32s": dial tcp 35.202.107.4:443: i/o timeout
E0313 02:31:55.928008     101 memcache.go:265] couldn't get current server API group list: Get "https://35.202.107.4/api?timeout=32s": dial tcp 35.202.107.4:443: i/o timeout
E0313 02:32:25.930975     101 memcache.go:265] couldn't get current server API group list: Get "https://35.202.107.4/api?timeout=32s": dial tcp 35.202.107.4:443: i/o timeout
E0313 02:32:55.932510     101 memcache.go:265] couldn't get current server API group list: Get "https://35.202.107.4/api?timeout=32s": dial tcp 35.202.107.4:443: i/o timeout
Unable to connect to the server: dial tcp 35.202.107.4:443: i/o timeout
Error: Process completed with exit code 1.

 

 

Apparently kubectl does several retries and then errors. Has anyone seen anything similar?

0 2 1,878
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
abdelfettah
Staff
Reply posted on --/--/---- --:-- AM

Your cluster's control plane is public or private ? and do you have the control plane authorized network enabled ?

https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture
https://cloud.google.com/kubernetes-engine/docs/how-to/authorized-networks

0 Likes

Posted on --/--/---- --:-- AM
DrunkenBeetle
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Was getting the same error but @abdelfettah response helped me find the issue. I didn't realise I was on a vpn, so my network address was different and was essentially denied.

What stumped me was the error message "i/o timeout". If the error message was "refused" or "unauthorised" or something along those lines then that would have helped me narrow down the issue, but anything with "i/o" in it implies that the endpoint is too busy to handle my request.

0 Likes
Top Labels in this Space
Top Solution Authors
View all