The bastion node is serving as our buffer so theres a secure location to login to from outside the network and do work. We’ll be using it for some other functions in the future as well that are for within the LAN when we go with an HA control plane in the next iteration.
It’ll also have some executables pre packaged in for cluster management :