[06:44:13] <elukey>	 good morning!
[09:00:07] <klausman>	 Morning
[10:39:15] <elukey>	 I was able to make the istio sidecar working with arwiki, but of course I cannot reliably use the circuit breaking settings for some reasons
[10:39:36] <elukey>	 with siege it seems as if they are no applied
[10:39:44] <elukey>	 istio is more subtle than expected
[11:37:20] * elukey lunch!
[11:37:47] <elukey>	 after a morning spent between istio and partman, I go with my broken soul to lunch
[11:56:49] <klausman>	 partman! ontop of istio? Poor man.
[14:13:39] <elukey>	 luckily separately!
[14:13:52] <elukey>	 but it was not a nice experience (if you want to laugh https://gerrit.wikimedia.org/r/c/operations/puppet/+/771355)
[14:13:58] <klausman>	 istio in partman? Now that's something to rival Cthulhu
[14:15:04] <klausman>	 Oh wow
[14:15:12] <klausman>	 That double dot thing is just... pain
[14:15:33] <klausman>	 I must tell Stevie Beth about it, once she's back from sick leave
[14:17:57] <elukey>	 she would be delighted to know that I spent hours on a bug like that
[14:20:15] <elukey>	 klausman: about istio, I think that the istio-proxy sidecar makes sense, I'll write down a plan in the task (deb package + configs) so you can tell me what you think about it
[14:20:25] <elukey>	 it may take 2/3 days to be implemented, but it should work
[14:20:32] <elukey>	 (without the install-cni daemonset horror)
[15:27:22] <klausman>	 Sounds good, how much distruption do you think it would be to roll it out?
[16:05:04] <elukey>	 klausman: I hope not much, I am already testing it on ml-serve1001 and it works fine
[16:05:36] <elukey>	 basically we'll need to deploy a couple of binaries from istio upstream that are called when a pod is created (with the injection sidecar annotations etc..)
[16:06:07] <elukey>	 that will inject the iptables nat horrors to make the traffic routes that we configure in istio
[16:06:33] <elukey>	 plus a user and some network policies, all hopefully handled via helmfile with one command
[16:06:44] <elukey>	 then we can switch models one by one or similar
[16:11:22] <klausman>	 Sounds very doable. Thanks for doing all the legwork
[16:11:47] <elukey>	 np! It seems a nice addendum with the circuit breaking things
[16:18:09] <klausman>	 Agreed. And while it's a complex beast (and I hope I will never have to understand those NAT rules...), I think the functionality it provides might come in handy
[16:20:18] <elukey>	 klausman: don't you already picture yourself doing nsenter iptables -t nat -L on a sunday morning ? :D
[16:21:17] <klausman>	 I... prefer not to
[16:23:15] <elukey>	 ahahahah
[16:31:10] <klausman>	 I owe you so many beers by now, you'd have more than Mr. Moretti
[16:35:03] <elukey>	 \o/
[16:53:16] <klausman>	 "Toscana Breweries. We'll make you forget partman."
[16:53:31] <klausman>	 (or Toscano, if you prefer ;))
[16:59:21] <elukey>	 I like it
[16:59:27] <elukey>	 it could be a new brand
[18:18:17] * elukey afk!
[21:01:40] <RhinosF1>	 accraze: good luck with wherever you're heading