[13:08:45] <dhinus>	 cdanis: we already mirror k9s debs :) https://gerrit.wikimedia.org/r/c/operations/puppet/+/1052677
[13:18:42] <cdanis>	 neat!
[14:34:24] <inflatador>	 I'm looking at deploying the opensearch operator on dse-k8s and it imposes some TLS requirements (ref https://github.com/opensearch-project/opensearch-k8s-operator/blob/main/docs/userguide/main.md#tls ) . I'm just wondering if we have an example of pods that terminate TLS outside envoy, or what the best practice is there
[14:36:16] <cdanis>	 heh https://github.com/opensearch-project/opensearch-k8s-operator/issues/141
[14:54:33] <inflatador>	 interesting, thanks for finding that. I was hoping (dreaming?) that we would just include a template from cert manager and it would do the magic (that's how I did it with vault at my old job)
[15:14:18] <cdanis>	 yeah, the envoy certs here are also backed by cert-manager
[15:14:31] <cdanis>	 https://wikitech.wikimedia.org/wiki/Kubernetes/cert-manager
[15:19:50] <inflatador>	 ACK, I figured as much since I never had to spend much time thinking about it. But do we have any applications that don't use envoy at all for TLS termination? And/or, they terminate TLS at envoy but then also have TLS enabled on the application itself?