Now that I have a cluster set up (see https://drumcoder.co.uk/blog/2023/dec/19/k3s-on-raspberry-pi-4-initial-setup/ for setup details) I wanted to be able to access it from my mac, without sshing into the cluster master node.

Installing kubectl

The kubectl command can be installed on a mac using:

$ brew install kubectl

Install can be …

Now that the supply pressures have eased, I wanted to get a few Raspberry Pi and start messing around with a Kubernetes cluster. This post covers the initial setup of the cluster and hopefully I'll get to deploying something on it in due course.

I bought three Raspberry Pi 4 …

We implemented security between the pods to allow only named pods to be able to talk to each other. This was done using both an AuthorisationPolicy and a NetworkPolicy.

Here's the AuthorisationPolicy:

{{ $env := .Values.global.env }}
{{ $ns := .Release.Namespace }}
{{- if .Values.allowedServices }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy …

You can define a ConfigMap in the Helm chart which will provide a file to the Kubernetes Deployment docker image. An example of this is apache config:

{{ $env := .Values.global.env }}
apiVersion: v1
kind: ConfigMap
metadata:
  name: "{{ $env }}-{{ .Chart.Name }}-apache-config"
data:
  my-app-apache.conf: |
    <VirtualHost *:80>
        ServerName my-app …

I wanted to document the approach taken to to various bits of the Helm charts that I've authored. This is the Helm chart for deployment of a pod which includes Istio, Apache and PHP-FPM in separate docker containers.

{{ $env := .Values.global.env }}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ …