Bastion Tunnel Mode (Production)

shell

# tfvars for bastion tunnel access
provision_bastion       = true
endpoint_public_access  = false
kubernetes_api_host     = "https://127.0.0.1:16443"  # Tunnel port

# Required: CIDRs allowed to connect to bastion
bastion_client_allow_list = [
  "198.51.100.0/24",   # Your office IP range
  "203.0.113.0/24"     # VPN range
]

Establishing SSH Tunnels:

OKE clusters deployed with private API endpoints require an SSH tunnel through the OCI Bastion Service:

shell

# Start tunnel (port 16443)
LOCAL_PORT=16443 ./scripts/setup-bastion-tunnel.sh --workspace primary kubectl

Terraform usage with bastion:

shell

# 1. Start bastion tunnel (separate terminal)
LOCAL_PORT=16443 ./scripts/setup-bastion-tunnel.sh --workspace primary kubectl

# 2. Run terraform with kubernetes_api_host
terraform apply -var-file=primary-<region>.tfvars -var="kubernetes_api_host=https://127.0.0.1:16443"

Versions of this Page

Deployment Overview

Planning Your Deployment

Instance Sizing

Authentication and identity providers

Other authentication methods

Storage Architecture

Installing Using Containers

Installing On Bare Metal or Cloud Instance

Reference Architectures

Installing Load Balancers

Deploying Auxiliary Services

Configuration Settings

Managing Your Deployment

Testing Your Deployment

Bastion Tunnel Mode (Production)

Enter search term