Support SSH Tunnels

[cheftako]

Part of our goals here is to allow SSH Tunnels to be removed from the KAS. If we support SSH Tunnels it would allow a smoother migration plan for users of SSH Tunnels.

[fejta-bot]

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale

[cheftako]

/remove-lifecycle stale

[cheftako]

/lifecycle frozen

[Jefftree]

@cheftako Quick clarification question: This is supporting SSH tunnels via egress selector correct?

SSH tunnels won't go through the proxy server so this seems to be something on the k/k side and not the network proxy side.

[cheftako]

The idea had been to have the proxy/konnectivity server support SSH Tunnels (at least for a little while). Not a hard requirement, but the thought was it would allow a couple of things. One could decouple using the konnectivity server from disabling ssh tunnels for clusters using ssh tunnels. You could first shift to the konnectivity server but retain ssh tunnels. As a follow on step you could switch to using either http-connect or grpc to the cluster. This allows you to independently measure the cost of each. It also allows you have better granularity on any issues which might come up.