Merge pull request #704 from vwfs/bastion_hosts

Add support for bastion hosts
2026-02-01 01:28:11 -03:30 · 2016-12-17 12:08:49 +01:00
parent 1c48a001df 96640e68e2
commit 768fe05eea
7 changed files with 67 additions and 1 deletions
--- a/docs/ansible.md
+++ b/docs/ansible.md
@@ -57,6 +57,7 @@ The following tags are defined in playbooks:
 |--------------------------|---------
 |                     apps | K8s apps definitions
 |                    azure | Cloud-provider Azure
+|                  bastion | Setup ssh config for bastion
 |             bootstrap-os | Anything related to host OS configuration
 |                   calico | Network plugin Calico
 |                    canal | Network plugin Canal
@@ -119,3 +120,17 @@ ansible-playbook -i inventory/inventory.ini cluster.yaml \
 ```

 Note: use `--tags` and `--skip-tags` wise and only if you're 100% sure what you're doing.
+
+Bastion host
+--------------
+If you prefer to not make your nodes publicly accessible (nodes with private IPs only),
+you can use a so called *bastion* host to connect to your nodes. To specify and use a bastion,
+simply add a line to your inventory, where you have to replace x.x.x.x with the public IP of the
+bastion host.
+
+```
+bastion ansible_ssh_host=x.x.x.x
+```
+
+For more information about Ansible and bastion hosts, read 
+[Running Ansible Through an SSH Bastion Host](http://blog.scottlowe.org/2015/12/24/running-ansible-through-ssh-bastion-host/)