[09:01:18] <btullis>	 I'm sorry to have to ask, but would anyone be available to help me with a review of an upstream chart, please? https://wikitech.wikimedia.org/wiki/Helm/Upstream_Charts/spark-operator
[09:03:42] <btullis>	 This is a replacement of the spark-operator chart that I wrote in 2023 and I believe it to be of a significantly better quality than mine. The full justification is here: T405490
[09:03:43] <stashbot>	 T405490: Upgrade spark-operator to v2.2.1 - https://phabricator.wikimedia.org/T405490
[09:04:57] <btullis>	 Most notably, they have radically improved the RBAC, compared with what the upstream chart was like when I looked at it in 2023: https://github.com/kubeflow/spark-operator/issues/1977
[09:05:54] <btullis>	 I have prepared a stack of patches with the removal and replacement of the existing operator here: https://gerrit.wikimedia.org/r/c/operations/deployment-charts/+/1191139
[09:42:28] <btullis>	 We could remove the existing spark-operator release by merging the first patch, which will make the helm-lint easier to read.
[09:44:38] <elukey>	 btullis: o/ what is your timeline? I can try to review those next week
[09:51:04] <btullis>	 elukey: Many thanks, that would be great. The timeline is just as soon as is realistically possible, I'm afraid. We have recently started picking up work on spark-on-k8s, as I mentioned in the sig meeting yesterday, but issues around the RBAC and the webhook surfaced quickly. I could waste a lot of time trying to tweak my hand-crafted chart, but I think that it is better at this point to switch to the upstream version.
[09:52:30] <elukey>	 yep yep I can understand
[09:52:42] <elukey>	 ok ping me on Monday then, I'll try to squeeze a review in
[09:52:59] <btullis>	 Super! Many thanks.
[09:53:01] <elukey>	 (and if anybody else has time, feel free to do it before me)
[10:46:30] <klausman>	 https://github.com/metalbear-co/mirrord?tab=readme-ov-file#how-it-works This sounds pretty sweet
[10:47:47] <klausman>	 To quote: "When you select a pod to impersonate, mirrord launches a pod on the same node as the pod you selected. The new pod is then used to connect your local process and the impersonated pod: it mirrors incoming traffic from the pod to your process, routes outgoing traffic from your process through the pod, and does the same for file reads, file writes, and environment variables."
[10:48:34] <klausman>	 Quite heavy on the needed privs, though
[10:51:24] <btullis>	 Pretty nifty, but yeah I can't see us granting those additional caps on any of our existing clusters.
[10:54:11] <klausman>	 maaaybe on a tsaging cluster, for debugging
[13:59:33] <cdanis>	 I think you'd get like 80% of the value that offers by making it easy to grab a near-real-time sample of production traffic, possibly after scrubbing some PII