Merge pull request #26333 from fejta/ssh

Automatic merge from submit-queue

Push public key to project if not already present

Fixes https://github.com/kubernetes/kubernetes/issues/26128
Fixes https://github.com/kubernetes/kubernetes/issues/26129

Whenever the ssh key changes (which happens right now whenever we add/change a new jenkins agent) this key will not get pushed to the project until either `gcloud compute ssh` or `gcloud compute config-ssh` runs. As a result instances on this project will reject ssh attempts with this key.

In many cases this will not happen until after a test on a project fails and we attempt to ssh to the nodes to grab logs.

This verifies the presence of the ssh key before starting tests, and attempts to add it if it is missing.

hack/jenkins/e2e-runner.sh

@@ -257,12 +257,19 @@ case "${KUBERNETES_PROVIDER}" in
             cp /var/lib/jenkins/gce_keys/google_compute_engine ${WORKSPACE}/.ssh/
             cp /var/lib/jenkins/gce_keys/google_compute_engine.pub ${WORKSPACE}/.ssh/
         fi
-        if [[ ! -f ${WORKSPACE}/.ssh/google_compute_engine ]]; then
-            echo "google_compute_engine ssh key missing!"
+        echo 'Checking existence of private ssh key'
+        gce_key="${WORKSPACE}/.ssh/google_compute_engine"
+        if [[ ! -f "${gce_key}" || ! -f "${gce_key}.pub" ]]; then
+            echo 'google_compute_engine ssh key missing!'
             exit 1
         fi
+        echo "Checking presence of public key in ${PROJECT}"
+        if ! gcloud compute --project="${PROJECT}" project-info describe |
+             grep "$(cat "${gce_key}.pub")" >/dev/null; then
+            echo 'Uploading public ssh key to project metadata...'
+            gcloud compute --project="${PROJECT}" config-ssh
+        fi
         ;;
-
     default)
         echo "Not copying ssh keys for ${KUBERNETES_PROVIDER}"
         ;;