So the set up is:
[[ localhost ]] -----> [[ Private Bastion (reqs VPN) ]] -----> [[ Private Cluster ]]
Notes:
- confirmed ability to SSH into the Bastion from my local.
- confirmed ability to run k9s from the Bastion to communicate with the cluster.
Preferred Outcome:
Ability to open Lens on my workstation and, provided VPN is enabled and SSH tunnel is active, communicate with a private cluster; effectively this would just remove any mental capacity regarding the Bastion host acting as an intermediary.
Steps Taken:
- Confirmed ability to SSH into Bastion with a private key (they were using password only before)
- Opened an SSH tunnel from my workstation via
ssh -i ~/.ssh/jumpbox -l jumpadmin -L 50479:127.0.0.1:6443 172,257.257.257
- tried both127.0.0.1andlocalhost
- tried both50479:and6443:as local ports for tunnel - Also attempted to edit the kubeconfig file that was scp’d down from the Bastion with changes from this GH issue thread. Essentially attempting to remove the
certificate-authority-dataand replace it with theinsecure-skip-verifyflag
Error From Lens across all attempts:
INFO Starting connection … INFO Authentication proxy started INFO Refreshing connection status … ERROR E0123 08:30:10.351730 13940 proxy_server.go:147] Error while proxying request: proxyconnect tcp: dial tcp 127.0.0.1:6443: connectex: No connection could be made because the target machine actively refused it. ERROR Failed to GET https://127.0.0.1:50479/b0d05e3f4755d0c283565ed705b7c94b/version: Internal Server Error (500)
I’m sure I’m missing something simple here but the new UI seems unwieldy for anything but cookie-cutter setups