[10:58:24] <brouberol>	 FYI the `restricted` PSS is now enforced everywhere in dse-k8s-eqiad. I've had to upgrade an operator that insisted on not injected `seccompProfile.type: RuntimeDefault` because our kube version was "too old" for its taste, but after that, everything seem to be nominal
[13:16:28] <elukey>	 nice!
[14:01:22] <akosiaris>	 well done!
[14:13:12] <brouberol>	 thanks :)
[14:49:56] <brouberol>	 qq: if I have a service running in k8s that needs to talk to another. Should I a) use the discovery DNS pointing to the ingress (meaning I need to add our certificate to the truststore), b) use a simple Cluster IP service and internal coredns resolution or c) our service mesh?
[14:50:59] <cdanis>	 c
[14:51:00] <claime>	 I'd tend towards c
[14:53:35] <brouberol>	 alright then, and where would I add said service to the mesh? I'm guessing we have some puppet config somewhere?
[14:55:29] <brouberol>	 ah well https://wikitech.wikimedia.org/wiki/Kubernetes/Add_a_new_service#Add_in_Service_Mesh
[14:57:52] <claime>	 :D
[15:37:27] <brouberol>	 thanks y'all