- There is a single bastion host(
BASTION_HOST
) in a given region - change in theproxy_bastion()
function at the top. - If there are multiple kubernetes clusters in different project, the bastion host in the current project has network ACLs to reach all of them.
- You will be running a single instance of the tunnel - the script hardcodes the path to a pid file, and a tunnel port. It should not be too difficult to modify the script to run the tunnel with a per shell pid file and an unique available port.
- You dont share the machine you are running this on! You are setting up a SOCKS proxy using your own credentials to a private network! This is just common sense!
$ source ~/.bashrc.kube_gcp_proxy
$ # To start tunnel in the current shell session
$ proxy_bastion
$ kubectl ....
$ # To end tunnel
$ proxy_bastion_end