The bastion node is serving as our buffer so theres a secure location to login to from outside the network and do work. We’ll be using it for some other functions in the future as well that are for within the LAN when we go with an HA control plane in the next iteration.

It’ll also have some executables pre packaged in for cluster management :

  • Flux2 - git ops for managing cluster state
  • Kubeseal - secret encryption for kubernetes services
  • k9s - graphic CLI interface for managing k8s clusters
  • kubectl - major CLI for interacting with your k8s cluster directly