From 3e007df97cb357940c5902229728213654578b0b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2016 10:57:50 +0100
Subject: [PATCH] Add documentation about bastion hosts

---
 docs/ansible.md             | 14 ++++++++++++++
 inventory/inventory.example |  2 +-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/docs/ansible.md b/docs/ansible.md
index bed95f108..ff7eb1d9d 100644
--- a/docs/ansible.md
+++ b/docs/ansible.md
@@ -119,3 +119,17 @@ ansible-playbook -i inventory/inventory.ini cluster.yaml \
 ```
 
 Note: use `--tags` and `--skip-tags` wise and only if you're 100% sure what you're doing.
+
+Bastion host
+--------------
+If you prefer to not make your nodes publicly accessible (nodes with private IPs only),
+you can use a so called *bastion* host to connect to your nodes. To specify and use a bastion,
+simply add a line to your inventory, where you have to replace x.x.x.x with the public IP of the
+bastion host.
+
+```
+bastion ansible_ssh_host=x.x.x.x
+```
+
+For more information about Ansible and bastion hosts, read 
+[Running Ansible Through an SSH Bastion Host](http://blog.scottlowe.org/2015/12/24/running-ansible-through-ssh-bastion-host/)
\ No newline at end of file
diff --git a/inventory/inventory.example b/inventory/inventory.example
index c08e84ae6..1d10cdce0 100644
--- a/inventory/inventory.example
+++ b/inventory/inventory.example
@@ -8,7 +8,7 @@
 # node6 ansible_ssh_host=95.54.0.17  # ip=10.3.0.6
 
 # ## configure a bastion host if your nodes are not publicly reachable
-# bastion ansible_ssh_host=xxx.xxx.xxx.xxx
+# bastion ansible_ssh_host=x.x.x.x
 
 # [kube-master]
 # node1
-- 
GitLab