Difficulty setting up ZeroTrust and Kubernetes

We’ve been trying to apply the guidance in https://blog.cloudflare.com/kubectl-with-zero-trust/ and haven’t had any luck yet.

We’re running a private-mode GKE cluster, which until now we’ve controlled access to via IP whitelisting. We’d like to be able to use WARP to control access. We set up a ZT Tunnel as per the guide, including integrating the terraform snippets into our existing configuration. (We did have to make a few minor corrections to the configuration snippets provided, however.)

The result is this: I can warp-cli connect, and now when I kubectl get namespaces I get Unable to connect to the server: net/http: TLS handshake timeout

It’s unclear how to proceed on my end. It’s clear that WARP is doing something because warp-cli connect breaks kubectl and warp-cli disconnnect fixes it. As usual, I don’t see much logging information in the cloudflared Pods, but I also don’t see any recognition of traffic in the Teams dashboard.

Any advice would be appreciated.