kostaleonard
commented
2 years ago In the PR that closes this issue, we've decided to automate tasks like retrieving configuration files rather than creating them. The reason is because the VPN node is configured in Terraform, so to add a peer you could update the Terraform plan (specifically the VPN bootstrap script) and do terraform apply. It is less confusing to reapply the Terraform configuration than it is to use Ansible to modify the Terraform resource--plus, updating the Terraform configuration improves our ability to track changes to peers in version control.
The VPN is the only component not managed in Kubernetes. Add a configuration management agent to automate routine tasks, like adding peers.