Dustin C. Hatch
3916e0eac9
In order to join the on-premises Kubernetes cluster, EC2 instances will need to first connect to the WireGuard VPN. The *dynk8s* provisioner will provide keys to instances to configure their WireGuard clients. WireGuard keys must be pre-configured on the server and stored in Kubernetes as *dynk8s.du5t1n.me/wireguard-key* Secret resources. They must also have a `dynk8s.du5t1n.me/ec2-instance-id` label. If this label is empty, the key is available to be assigned to an instance. When an EventBridge event is received indicating an instance is now running, a WireGuard key is assigned to that instance (by setting the `dynk8s.du5t1n.me/ec2-instance-id` label). Conversely, when an event is received indicating that the instance is terminated, any WireGuard keys assigned to that instance are freed.