Using #NetworkPolicy in #Openshift just revealed a little obstacle. If you set a LoadBalancer Service from externalTrafficPolicy=Cluster to =Local the "Allow From Ingress" is no longer applied and you need to add a separate rule allowing the traffic via port - in this case UDP. Would be nice to understand why that is happening in the first place.

Today's adventure in #darkpattern #surveillance comes from #Grafana #Loki. (Not a surprise, but this is why I run egress filters and dns #adblock in my #homelab clusters.)

I know not everyone agrees that #optout #telemetry is a dark pattern, but you might agree with me about this one after you see it documented:

> # -- Optional analytics configuration
> analytics: {}

Enlightening, isn't it? There are other empty blocks, but they are either fairly standard or are described elsewhere in the document.

If you are familiar with #helm, you won't despair because you have the power of `analytics.enabled: false`. That works on the rest of this chart and is the standard way to en/disable things.

It doesn't work that way.

Let me save you some time with the terrible new #github code search. Here is the actual syntax:
"analytics.reporting_enabled: false"

This was caught by #adguard and enforced by an egress #networkpolicy

#monitoring #prometheus #kubernetes #k3s #k8s #helmchart

RT @industrybambam
Woah, Cilium!!! #kubernetes #networking #networkpolicy Will do k8s object references, ports, protocols, DNS wildcards AND layer 7 filtering (although my anticipation is that I'll be able to do some things there). Great stuff!!