A GKE cluster with private networking will come preconfigured with firewall rules that prevent the Traffic Manager's
webhook injector from being invoked by the Kubernetes API server.
For Telepresence to work in such a cluster, you'll need to add a firewall rule allowing the Kubernetes masters to access TCP port
8443 in your pods.
For example, for a cluster named
tele-webhook-gke in region