Support for GKE private clusters

The Cisco Panoptica controller can be deployed on GKE clusters, including private clusters (that is, one whose nodes cannot be publicly reached)

For private clusters, the the firewall rules must be modified to allow communication between the api-server and Istio webhooks. In particular, port 15017 should be enabled, as in the example below.

Update the rule with a command like this:

$ gcloud compute firewall-rules update <firewall-rule-name> --allow tcp:10250,tcp:443,tcp:15017