Use-case: You have create kubernetes cluster using kops cluster.yaml template. It creates bastion server and nodes (master and worker node). Your source code is in bitbucket and your bitbucket setting requires whitelisting of server IP. You want to clone the repo on bastion server.
Problem: In the above case every time k8s cluster is created with bastion server. You have to whitelist the public IP of bastion server in bitbucket to download the repo.
Solution: You can create elastic IP in AWS. This elastic IP can be whitelisted in bitbucket once. Now associate this elastic IP with bastion server when kops creates the server. This way every time cluster is re-created, it will associate the elastic IP with bastion server which is already whitelisted.
You can use the below bastion cluster.yaml template to do so-
apiVersion: kops.k8s.io/v1alpha2 kind: InstanceGroup metadata: creationTimestamp: null labels: kops.k8s.io/cluster: test.demo.local name: bastions spec: associatePublicIp: true additionalUserData: - name: myscript.sh type: text/x-shellscript content: | #!/bin/sh HOME="/home/admin" cd $HOME sudo apt-get -y update sudo apt-get -y install jq awscli sudo apt-get -y install unzip aws configure set aws_access_key_id <REPLACE ACCESS KEY> aws configure set aws_secret_access_key <REPALCE SECRET ACCESS KEY> aws configure set region ap-southeast-2 INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) ALLOCATION_ID=<REPLACE elastic IP allocationID> aws ec2 associate-address --instance-id $INSTANCE_ID --allocation-id $ALLOCATION_ID --allow-reassociation image: kope.io/k8s-1.15-debian-stretch-amd64-hvm-ebs-2020-01-17 machineType: t2.small maxSize: 1 minSize: 1 nodeLabels: kops.k8s.io/instancegroup: bastions role: Bastion subnets: - utility.ap-southeast-2a.test.demo.local ---
For installing other utilities like kops, aws cli, kubectl etc check article How to install kops, kubectl using kops cluster.yaml template