Kubectl with Cloudflare Access procedure doesn't work

Hi dear community,
I’ve just tried the procedure outlined here https://developers.cloudflare.com/access/other-protocols/kubectl/ to get my K8S cluster working with Cloudflare access.

I found out that the when the first command run and a web page is opened to get the token the procedure doesn’t work:

> cloudflared tunnel --hostname k8s-dev.test.net --url tcp://my.kubernetes.ip:443 --socks5=true 
...
....

> cloudflared access tcp --hostname k8s-dev.test.net --url 127.0.0.1:9999
INFO[0000] Start Websocket listener on: 127.0.0.1:9999  


> alias kubeone="env  HTTPS_PROXY=socks5://127.0.0.1:9999 kubectl"
> kubeone get ns

Failed to connect to proxy URL: "http://socks5://127.0.0.1:9999"

Failed to connect to proxy URL: "http://socks5://127.0.0.1:9999"

Failed to connect to proxy URL: "http://socks5://127.0.0.1:9999"

Failed to connect to proxy URL: "http://socks5://127.0.0.1:9999"

Failed to connect to proxy URL: "http://socks5://127.0.0.1:9999"
Unable to connect to the server: getting credentials: exec: exit status 255

But I I redo the same things with the last alias changed with HTTP_PROXY:

> cloudflared tunnel --hostname k8s-dev.test.net --url tcp://my.kubernetes.ip:443 --socks5=true 
...
....

> cloudflared access tcp --hostname k8s-dev.test.net --url 127.0.0.1:9999
INFO[0000] Start Websocket listener on: 127.0.0.1:9999  
A browser window should have opened at the following URL:

https://k8s-dev.test.net/cdn-cgi/access/cli?redirect_url=........

If the browser failed to open, please visit the URL above directly in your browser.



> alias kubeone="env  HTTP_PROXY=socks5://127.0.0.1:9999 kubectl"
> kubeone get ns
NAME              STATUS   AGE
default           Active   19h
...

At this point I can change the alias back to HTTPS_PROXY and everything will work as expected. Something is going weird with the proxy and the authentication phase.
Please can advise on it?
Best Regards

In my case using EKS, the problem was that the .kube/config was configured to call aws eks get-token and this command doesn’t work with HTTPS_PROXY set. The quick fix was to set the variable to nothing in the .kube/config and it seems to still work with the kubeone alias:

- name: arn:aws:eks:us-west-1:111111111111:cluster/test-cluster
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - --region
      - us-west-1
      - eks
      - get-token
      - --cluster-name
      - test-cluster
      command: aws
      env:
      - name: AWS_PROFILE
        value: my-profile
      - name: HTTPS_PROXY
        value: ""