[10:01:16] <klausman>	 Why would kubectl diff ignore on-disk changes to e.g. harts/kserve/templates/networkpolicy.yaml? I've bumped the corresponding chart version, but my edits seem to ahev no effect
[10:05:57] <jayme>	 klausman: thats usually an if-guard that makes your change not render at all
[10:06:14] <klausman>	 hm, ok. I'll keep digging
[10:09:50] <klausman>	 There is something else going on. Even if I check out an older commit from ~days ago, my diff for ml-serve-codfw still shows changes that were only committed yesterday
[13:02:30] <klausman>	 Is there a way to take an IP:port like 10.194.12.243:443 and figure out what it is connected to?
[13:02:34] <klausman>	 in k8s, I mean
[13:12:33] <akosiaris>	 depends on what that pair is
[13:12:55] <akosiaris>	 if is it a service, get svc or describe svc will tell you the endpoints that power it
[13:13:37] <akosiaris>	 if it is a pod IP and you want the mapping to which pod it maps to, get svc -o yaml -A and a bit of grep will do wonders
[13:14:53] <akosiaris>	 -o json | jq will also work wonder. and kubectl get -o gotemplate (alongside others) exist if you feel like being punished
[13:42:43] <klausman>	 that's the thing: I have no idea what it is :)
[14:32:58] <jayme>	 you can tell from the ip range, no?
[14:59:55] <klausman>	 Well, I know it's a service IP, yes
[15:05:19] <jayme>	 "kubectl get svc -A -o wide | grep 10.194.12.243" then, I'd say
[15:17:16] <klausman>	 which was empty. But then again, the error I was chasing was about not being able to talk to that ip/port, soooo
[15:17:29] <klausman>	 But I think thanks to Luca, I have chased down the root cause.
[15:19:42] <akosiaris>	 which was?
[15:54:38] <klausman>	 We were deploying a change that deleted a lot of example data from a configmap, and for some reason the normal helm deployment process fails, instead I edited the configmap, deleting the subkey, and then deployed again
[16:23:22] <inflatador>	 just curious, is it possible to 'dig -x' those IPs from somewhere? Or does calico know anything useful about them?
[19:00:47] <akosiaris>	 Yes both pod and svc IPs PTR records are served by coredns. You got to be inside the cluster though, any pod would do though.
[19:01:35] <akosiaris>	 It's an interesting small side project to expose this externally and delegate from the core auth servers
[20:37:02] <cdanis>	 is there a way to define a calico NetworkPolicy selector in terms of the podSelector.matchLabels you might put in an original-recipe networking.k8s.io/v1 NetworkPolicy?