Use-case: You have create kubernetes cluster using kops cluster.yaml template. It creates bastion server and nodes (master and worker node). Your source code is in bitbucket and your bitbucket setting requires whitelisting of server IP. You want to clone the repo on bastion server.

Problem: In the above case every time k8s cluster is created with bastion server. You have to whitelist the public IP of bastion server in bitbucket to download the repo.

Solution: You can create elastic IP in AWS. This elastic IP can be whitelisted in bitbucket once. Now associate this elastic IP with bastion server when kops creates the server. This way every time cluster is re-created, it will associate the elastic IP with bastion server which is already whitelisted.

You can use the below bastion cluster.yaml template to do so-

kind: InstanceGroup
  creationTimestamp: null
  labels: test.demo.local
  name: bastions
  associatePublicIp: true
  - name:
    type: text/x-shellscript
    content: |
      cd $HOME      
      sudo apt-get -y update
      sudo apt-get -y install jq awscli
      sudo apt-get -y install unzip
      aws configure set aws_access_key_id <REPLACE ACCESS KEY>
      aws configure set aws_secret_access_key <REPALCE SECRET ACCESS KEY>
      aws configure set region ap-southeast-2   
      INSTANCE_ID=$(curl -s
      ALLOCATION_ID=<REPLACE elastic IP allocationID>
      aws ec2 associate-address --instance-id $INSTANCE_ID --allocation-id $ALLOCATION_ID --allow-reassociation  
  machineType: t2.small
  maxSize: 1
  minSize: 1
  nodeLabels: bastions
  role: Bastion
  - utility.ap-southeast-2a.test.demo.local  

For installing other utilities like kops, aws cli, kubectl etc  check article How to install kops, kubectl using kops cluster.yaml template