GKE: secured access to services from outside the cluster

Question

Is there any way to access the \'internal\' services (those not exposed outside) of the cluster in a secure way from the outside.

The goal is simple: I need to debug

Answer 1

After trying the many methods explained in the doc mentioned above, the thing that works for me was:

1) Create a SSHD daemon container to SSH to the cluster 2) Create a ssh Service with a type: NodePort

3) get the port number with kubectl describe service sshd

4) use ssh port forwarding to get to the service with:

ssh -L :: -p user@sshd-container

for example

ssh -L 2181:zookeeper:2181 -p 12345 root@sshd-container

Then I have my zookeeper service on localhost:2181 For more port mappings, use alternate ports.