Score:0

Setup IP alias for GKE kubectl connection via tunneling through the "bastion" host to avoid insecure-skip-tls-verify option

cn flag
Mat

In reference to this question: Run 'kubectl' commands from my localhost to GKE - but via tunnelling through a bastion host

I'm facing the very same situation. I did all that is described in the accepted answer and achieved the point where I can communicate with my cluster via kubectl with --insecure-skip-tls-verify flag. However, I want to get rid of this flag as it is not the secure option. For that I tried to set up IP alias on my local, as suggested in the answer using command like this:

ifconfig lo0 alias 10.0.0.2

Where 10.0.0.2 is my cluster private IP and lo0 is my loopback interface. However after that (and bringing back https://10.0.0.2:8443 instead https://127.0.0.1:8443 in ~/.kube/config) my kubectl command stopped working with the message

The connection to the server 10.0.0.2:8443 was refused - did you specify the right host or port?

I also tried assigning 10.0.0.2 as a hostname for 127.0.0.1 in /etc/hosts or adding static route in my system to point to 127.0.0.1 - none of these worked.

My system is mac os.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.