0

I'm looking for a way to connect Cloud Build through proxy instance (GCP VM) to be able to deploy to GKE private cluster.

I have bastion host with IAP and tinyproxy installed, and I'm able to connect into it with gcloud ssh, with -- -L8888:locallhost:8888, and then from another terminal window: HTTPS_PROXY=localhost:8888 kubectl get pod, but I'm looking for a way without ssh, as Cloud Build is not able to connect with this way.

I was also trying to do it from gcloud compute start-iap-tunnel to tunnel connection on port 8888 to bastion, from also localhost:8888, but then I get "access denied" from kubernetes API (with the same kubeconfig), and it is very confusing for me.

Can someone help me with this problem?

Thanks in advance.

Mateusz Magusiak
  • 1
  • 1
    Can you show your Cloud Build pipeline, especially the steps where you open the tunnel and push your command? – guillaume blaquiere Jan 27 '21 at 21:30
  • I was trying to do it locally, so in one terminal window `gcloud compute start-iap-tunnel bastion 8888 --local-host-port localhost:8888 --zone europe-west3-a --project project-name` and then in another terminal window `HTTPS_PROXY=localhost:8888 kubectl get pod --all-namespaces` and I get: `Unable to connect to the server: Access denied` or more specifically `Connection error: Get https://10.10.10.1/api?timeout=32s: Access denied`, but the same config works after connnecting with gcloud ssh – Mateusz Magusiak Jan 28 '21 at 10:23
  • Does this answer your question? [Google Cloud Build deploy to GKE Private Cluster](https://stackoverflow.com/questions/51944817/google-cloud-build-deploy-to-gke-private-cluster) – Methkal Khalawi Jan 28 '21 at 10:56
  • Nope, i saw it. – Mateusz Magusiak Jan 28 '21 at 15:29
  • ok, what exactly didn't work from the question I shared? is there any specific doc or guide you are following to achieve your use case? – Methkal Khalawi Jan 29 '21 at 10:45

0 Answers0