K3S on Raspberry Pi 4 - kubectl outside cluster

December 19, 2023

Now that I have a cluster set up (see https://drumcoder.co.uk/blog/2023/dec/19/k3s-on-raspberry-pi-4-initial-setup/ for setup details) I wanted to be able to access it from my mac, without sshing into the cluster master node.

Installing kubectl

The kubectl command can be installed on a mac using:

$ brew install kubectl

Install can be …

K3S on Raspberry Pi 4 - initial setup

December 18, 2023

Now that the supply pressures have eased, I wanted to get a few Raspberry Pi and start messing around with a Kubernetes cluster. This post covers the initial setup of the cluster and hopefully I'll get to deploying something on it in due course.

I bought three Raspberry Pi 4 …

Kubernetes Istio Pod Security

July 4, 2023

We implemented security between the pods to allow only named pods to be able to talk to each other. This was done using both an AuthorisationPolicy and a NetworkPolicy.

Here's the AuthorisationPolicy:

{{ $env := .Values.global.env }}
{{ $ns := .Release.Namespace }}
{{- if .Values.allowedServices }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy …

Kubernetes ConfigMap

July 4, 2023

You can define a ConfigMap in the Helm chart which will provide a file to the Kubernetes Deployment docker image. An example of this is apache config:

{{ $env := .Values.global.env }}
apiVersion: v1
kind: ConfigMap
metadata:
  name: "{{ $env }}-{{ .Chart.Name }}-apache-config"
data:
  my-app-apache.conf: |
    <VirtualHost *:80>
        ServerName my-app …

Kubernetes Deployment

July 4, 2023

I wanted to document the approach taken to to various bits of the Helm charts that I've authored. This is the Helm chart for deployment of a pod which includes Istio, Apache and PHP-FPM in separate docker containers.

{{ $env := .Values.global.env }}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ …