[06:18:03] <akosiaris>	 oh, nice to know we aren't the first to experience this
[12:57:08] <cdanis>	 added it to the incident doc and also made a stalled followup task on our side
[14:54:22] <brouberol>	 I've had to "debug" calico network policy recently, aka resolving the service IPs/ports as well as policy selector to pods. I've written this (WIP & crude) script to help https://wikitech.wikimedia.org/wiki/User:Brouberol#Link_a_Calico_Network_Policy_to_Pods,_IPs_and_ports
[15:10:11] <cdanis>	 brouberol: haha thanks, grepping calico iptables via cumin was a side quest for me recently
[15:11:09] <brouberol>	 I'm glad it could help! I need to print a phat red warning "Service XXX not found" when the calico policy is linked to a non-existing service
[15:11:37] <brouberol>	 which itself could be prevented by a validation admission controller, I _think_
[15:12:41] <brouberol>	 and I might just rewrite it to output JSON instead of manlging spaces, but anyway
[15:48:44] <brouberol>	 (done, with --format json)
[15:51:16] <brouberol>	 would it make sense to deploy the helper via puppet to, say, the deployment server?
[20:15:53] <inflatador>	 brouberol please do! You might add something to MOTD as well. The hardest thing about these awesome tools is their discoverability ;)