I want kubectl to use a different local port- not 22. Is this configurable? Is this something I have to configure in ssh?
I want to create an ssh tunnel with IAP first and have kubeclt use that to connect to a private cluster.
I create the tunnel like this:
gcloud compute start-iap-tunnel --project "myproject" \
"nodex-default-pool-abc123-1xc8" 22 --local-host-port=localhost:2200
Now I'd like kubectl to use it to connect via local port 2200
I want to avoid having a bastion vm and just leverage IAP.
I tried to set the HTTPS_PROXY but does not appear to work:
HTTPS_PROXY=localhost:2200 kubectl get pods
Unable to connect to the server: malformed HTTP response "SSH-2.0-OpenSSH_8.5"
EDIT: I also tried to open a tunnel to the control plane but it looks like GKE doesn't support IAP for authentication?
PROJECT_ID=myproject
ZONE=us-central1-b
REGION=us-central1
NETWORK=mynetwork
MASTER_IP=$(gcloud container clusters describe mycluster --zone $ZONE --project $PROJECT_ID --format=json | jq .endpoint -r)
gcloud alpha compute start-iap-tunnel $MASTER_IP 443 --project $PROJECT_ID --network=$NETWORK --region=$REGION \
--local-host-port=localhost:4444
Testing if tunnel connection works.
ERROR: (gcloud.alpha.compute.start-iap-tunnel) While checking if a connection can be made: Error while connecting [4033: 'not authorized'].
Perhaps IAP requires a DNS name to initiate google auth or something? I also tried just connecting to the cluster name itself, but that returned a connection error.
