Ben Leggett
Ben Leggett
> > + # Custom labels on Daemonset level, for eg - FinOps/teams labels + labels: {} + # team-owner: finops + + # Custom labels on Pod level, for...
> That's a bit better - but still something that should be in the PR description. I assume someone modifying the proto sources is less critical - at worse they...
/ok-to-test
> I assume the buf.build servers are only used in 'make generate' - so not a problem. > I'm not really familiar with offline usage of buf.build, but [the FAQ...
> While the security risk is probably low/acceptable, TBH I don't really see the benefits here. We are talking about adding a cache, security, availability... what benefits do we get?...
Looking good, TY!
> doesn't delete+apply cause downtime if we are to actually apply this somewhere with rules already? Thinking of VMs, etc? > > Or in the pod case as well actually....
> In this case "Because init containers can be restarted, retried, or re-executed, init container code should be idempotent. In particular, code that writes to files on EmptyDirs should be...
One thing to keep in mind - the iptables library we have is used in 3 spots. 1 of which is run as a CLI binary in a sidecar context....
Another thing we could do is say that there are no traffic disruption guarantees for init containers, because as per kube init containers can be restarted. And that if people...