Setup IP alias for GKE kubectl connection via tunneling through the "bastion" host to avoid insecure-skip-tls-verify option

In reference to this question: Run 'kubectl' commands from my localhost to GKE - but via tunnelling through a bastion host

I'm facing the very same situation. I did all that is described in the accepted answer and achieved the point where I can communicate with my cluster via kubectl with --insecure-skip-tls-verify flag. However, I want to get rid of this flag as it is not the secure option. For that I tried to set up IP alias on my local, as suggested in the answer using command like this:

ifconfig lo0 alias 10.0.0.2

Where 10.0.0.2 is my cluster private IP and lo0 is my loopback interface. However after that (and bringing back https://10.0.0.2:8443 instead https://127.0.0.1:8443 in ~/.kube/config) my kubectl command stopped working with the message

The connection to the server 10.0.0.2:8443 was refused - did you specify the right host or port?

I also tried assigning 10.0.0.2 as a hostname for 127.0.0.1 in /etc/hosts or adding static route in my system to point to 127.0.0.1 - none of these worked.

My system is mac os.