some-doctor-6280008/28/2019, 7:14 PM
some-doctor-6280008/28/2019, 7:41 PM
CLI, and you need the Kubernetes provider to be running on the bastion host, which means you need the
CLI running on the bastion host.
I suspect some sort of VPN is the best near-term way to automate this - and you could technically set that up with existing Pulumi + a dynamic provider I assume - though it's likely not "simple".
Else - a dynamic provider that wraps `pulumi up`/`pulumi destroy` but invokes them via ssh into some remote host may technically be an option, though I've never tried anything quite like that myself.
some-doctor-6280008/28/2019, 8:25 PM
I do a port forward + a dns entry in /etc/hosts for kubernetesIf you are doing this - then what exactly is the problem you have? Don't you then have external access to the cluster via that port forwarding?
some-doctor-6280008/28/2019, 8:31 PM
Don't you then have external access to the cluster via that port forwardingsame with VPN of course, that's also some form of external access
ssh -L 8443:#kubeapi-ip#:443