[11:32:14] <brouberol>	 FYI elukey, we have tightened the ceph-csi-rbd clusterroles the same way we did for ceph-csi-cephfs https://gerrit.wikimedia.org/r/c/operations/deployment-charts/+/1090439 
[11:34:47] <elukey>	 <3
[12:46:06] <akosiaris>	 nice!
[14:12:12] <elukey>	 hello folks, I filed a change for limiting the catalog fetch in the registry https://gerrit.wikimedia.org/r/c/operations/puppet/+/1090450
[14:12:17] <elukey>	 lemme know your thoughts
[14:18:18] <akosiaris>	 elukey: have you looked at logs?
[14:18:30] <akosiaris>	 as in, how many people from the outside have pull the catalog recently?
[14:18:38] <akosiaris>	 pulled*
[14:21:42] <elukey>	 akosiaris: I tried on registry200[4,5] this zgrep "/v2/_catalog" /var/log/nginx/access.log* | grep -v "pywmflib/1.2.7"
[14:21:58] <elukey>	 and I found a couple of calls only from a bot and from a generic mozilla client
[14:22:22] <elukey>	 (we don't log the x-forwarded-for in there afaics, just noticed, probably we should)
[14:23:35] <elukey>	 also after a chat with Janis we realized that there shouldn't be any need from the outside to fetch the catalog
[14:24:20] <elukey>	 docker report goes through the internal discovery endpoint at the moment
[14:24:48] <elukey>	 and the timer that builds the list of images for docker-registry.wikimedia.org uses a localhost:port combination
[14:38:48] <akosiaris>	 OK then, let me +1 and let's see how complains (if any)
[14:45:13] <elukey>	 <3