We implemented security between the pods to allow only named pods to be able to talk to each other. This was done using both an AuthorisationPolicy and a NetworkPolicy.

Here's the AuthorisationPolicy:

{{ $env := .Values.global.env }}
{{ $ns := .Release.Namespace }}
{{- if .Values.allowedServices }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy …

You can define a ConfigMap in the Helm chart which will provide a file to the Kubernetes Deployment docker image. An example of this is apache config:

{{ $env := .Values.global.env }}
apiVersion: v1
kind: ConfigMap
metadata:
  name: "{{ $env }}-{{ .Chart.Name }}-apache-config"
data:
  my-app-apache.conf: |
    <VirtualHost *:80>
        ServerName my-app …

As my project closes down I wanted to document the approach we took to various bits of the Helm charts we used. This is the Helm chart for deployment of a pod which includes Istio, Apache and PHP-FPM in separate docker containers.

{{ $env := .Values.global.env }}
apiVersion: apps/v1
kind: …

I'm working on dockerising some existing PHP applications. Sometimes we need to change the PHP source that we're provided with to make it work in the dockerised environment.

It's useful to protect ourselves from changes to this file - we want the docker build to fail if the file has …

You can scale kubernetes pods manually on the command line, using something like:

$ kubectl -n namespace scale deploy podname --replicas=0

This particular example will scale to zero, and so stop the pod - this is useful for testing probes that rely on this pod to return success.