馃専
z's
  • Hello
  • Cheatsheets
    • 馃崅Docker Compose Services
    • 馃尶Git
    • 鈻讹笍 Golang
      • Gotchas
    • 鉀戯笍Helm
    • 鈽革笍 Kubernetes Management
    • 鈽革笍 Kubernetes Resources
    • 鈽革笍Kubernetes Snippets
    • 馃敤Tools Quicklinks
    • Tools and Useful Stuff
    • 馃煚Using Ubuntu
    • Reference/Template Dockerfiles
  • How-Tos
    • Use Ubuntu
    • Use VSCode
    • Use AWS
    • Use Git
    • Use GPG keys
    • Use Digital Ocean
  • About Me
    • Want to work with me?
    • How to work with me
  • Useful Tools
    • Collaboration
      • Miro
    • Documentation
      • Gitbook
      • Notion
  • On Growing People
    • Ontological Coaching
    • Organization Development (OD)
    • Speech Acts
    • Books & Other Resources
  • On Creating Software
    • Product
    • Design
    • Development Environments
      • Introduction
      • Visual Studio Code/Codium
      • Public Key Infrastructure (PKI) Setup & Usage
    • Patterns
      • API Authentication
      • User Authentication
    • Languages/Formats
      • JavaScript
      • Golang
      • HTML
      • CSS
      • SQL
      • JSON
      • YAML
    • Code Logistics
    • Data Persistence
      • Cassandra
    • Software Architecture
    • System Observability
    • Cool Tools
    • Kubernetes
      • Resource Cheatsheet
      • 1/ Kubernetes in 5 Minutes
      • 2/ Setting up Kubernetes locally
      • 3/ Handling long-running workloads
      • 4/ Handling run-once workloads
Powered by GitBook
On this page
  • Ensure service restarts on ConfigMap/Secret resource change
  • Istio AuthorizationPolicy to blocklist by hostname

Was this helpful?

  1. Cheatsheets

Helm

Ensure service restarts on ConfigMap/Secret resource change

Add the following to your pod's annotation:

kind: Deployment
# ...
spec:
  template:
    metadata:
      annotations:
        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
# ...

Istio AuthorizationPolicy to blocklist by hostname

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: {{ include "template.name" . }}-unity
  labels:
    {{- include "template.labels" . | nindent 4 }}
spec:
  selector:
    matchLabels:
      app.kubernetes.io/instance: {{ include "template.name" . }}
  action: DENY
  rules:
  - to:
    - operation:
        hosts:
          - hostname1.domain.com
          - hostname2.domain.com
PreviousGotchasNext鈽革笍 Kubernetes Management

Last updated 1 year ago

Was this helpful?

鉀戯笍