Kubernetes Istio Pod Security

July 4, 2023

We implemented security between the pods to allow only named pods to be able to talk to each other. This was done using both an AuthorisationPolicy and a NetworkPolicy.

Here's the AuthorisationPolicy:

{{ $env := .Values.global.env }}
{{ $ns := .Release.Namespace }}
{{- if .Values.allowedServices }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy …

Kubernetes ConfigMap

July 4, 2023

You can define a ConfigMap in the Helm chart which will provide a file to the Kubernetes Deployment docker image. An example of this is apache config:

{{ $env := .Values.global.env }}
apiVersion: v1
kind: ConfigMap
  name: "{{ $env }}-{{ .Chart.Name }}-apache-config"
  my-app-apache.conf: |
    <VirtualHost *:80>
        ServerName my-app …

Kubernetes Deployment

July 4, 2023

As my project closes down I wanted to document the approach we took to various bits of the Helm charts we used. This is the Helm chart for deployment of a pod which includes Istio, Apache and PHP-FPM in separate docker containers.

{{ $env := .Values.global.env }}
apiVersion: apps/v1
kind: …

Checking File Changes in Docker Build

May 23, 2023

I'm working on dockerising some existing PHP applications. Sometimes we need to change the PHP source that we're provided with to make it work in the dockerised environment.

It's useful to protect ourselves from changes to this file - we want the docker build to fail if the file has …

Kubernetes Scaling

October 26, 2022

You can scale kubernetes pods manually on the command line, using something like:

$ kubectl -n namespace scale deploy podname --replicas=0

This particular example will scale to zero, and so stop the pod - this is useful for testing probes that rely on this pod to return success.