Kops utilizes cloud-init to initialize and setup a host at boot time. You may have a use-case where specific software should be configured on Bastion server when kops is used to create kubernetes cluster. You can install Crowdstrike Antivirus (falcon-sensor) during the Bastion box creation. Additional user-data can be passed to the host provisioning by setting the additionalUserData field. This way even if the server is recreated, the antivirus is automatically installed on new server instance.

You can use the sample yaml template for bastion server (Debian image) created by kops-

apiVersion: kops.k8s.io/v1alpha2
kind: InstanceGroup
metadata:
  creationTimestamp: null
  labels:
    kops.k8s.io/cluster: test.demo.local
  name: bastions
spec:
  associatePublicIp: true
  additionalUserData:
  - name: myscript.sh
    type: text/x-shellscript
    content: |
      #!/bin/sh
      HOME="/home/admin"
      cd $HOME      
      apt-get -y update
      apt-get -y install jq awscli
      apt-get -y install unzip
      #install crowdstrike antivirus
      curl -LO < URL to access falcon-sensor-amzn2.x86_64.rpm>
      dpkg --install falcon-sensor-amzn2.x86_64.rpm
      /opt/CrowdStrike/falconctl -s --cid=<license key> --tags="Any tag name to associate"
      systemctl start falcon-sensor
  image: kope.io/k8s-1.15-debian-stretch-amd64-hvm-ebs-2020-01-17
  machineType: t2.small
  maxSize: 1
  minSize: 1
  nodeLabels:
    kops.k8s.io/instancegroup: bastions
  role: Bastion
  subnets:
  - utility.ap-southeast-2a.test.demo.local  
---

or

for Linux 2 based bastion server:

apiVersion: kops.k8s.io/v1alpha2
kind: InstanceGroup
metadata:
  labels:
    kops.k8s.io/cluster: test.demo.local
  name: bastions
spec:
  additionalUserData:
  - content:| 
      #!/bin/sh 
      #install crowdstrike antivirus
      curl -LO < URL to access falcon-sensor-amzn2.x86_64.rpm file>
      yum install -y <falcon sensor file name>
      /opt/CrowdStrike/falconctl -s --cid=<license key> --tags="Any tag name to associate"
      systemctl start falcon-sensor
    name: user-data.sh
    type: text/x-shellscript
  associatePublicIp: true
  image: amazon/amzn2-ami-hvm-2.0.20200917.0-x86_64-gp2
  machineType: t2.small
  maxSize: 1
  minSize: 1
  nodeLabels:
    kops.k8s.io/instancegroup: bastions
  role: Bastion
  subnets:
  - utility.ap-southeast-2a.test.demo.local

 

For more details check this article: How to create kubernetes cluster using kops cluster template.

You can do lot more of scripting in additionalUserData field. kops will keep running the script until everything mentioned in it is executed.