Hi!
I don't have any experience with k8s, so I'm most likely doing it wrong.
I'm hiding my k8s server behind a bastion server and only use it via local cli.
I don't see a simple way for pulumi to set up ssh tunnelling... what's the industry practice here? Is it safe to expose k8s api to the public?