[awild]

This looks really neat. Haven't taken much time to look in depth, it it took me a while to find info on whether this was k8s or podman related. Maybe the docs could make it a little more obvious. (for those wondering it's k8s)

Would mirrord actually work with podman? It would be pretty neat to setup something akin to a canary deployment

[m3adow]

It's literally in the first sentence of the README:

> mirrord lets you easily mirror traffic from your Kubernetes cluster to your development environment.

That said, cool application, although I can see a lot of compliance and/or data protection problems when production data is leaving the (hopefully protected) production environment.

[reilly3000]

This is a real concern for PCI, PII, and SOX services. If you have good service inventory you could gate this to only work for approved apps, but some live rewriting of form data could also be helpful. Faker on demand :)

[aviramha]

Thanks for the feedback! One of the creators here :) Our initial thought is to create a solution similar to what Lyft has done (https://eng.lyft.com/scaling-productivity-on-microservices-a...) to enable using staging as a dev environment and sharing it with many developers at once. We do want people to use at us production later on, but right now we know there might be compliance/security issues.

[aviramha]

Hey, one of the creators or mirrord here. The technology behind mirrord is actually agnostic - what it does is wrap a local process and "proxy" it's API calls to a remote environment and remote traffic is also mirrored from there. We tailored the solution for K8S to provide seamless experience, but if there's a need for another orchestration solution, we can consider adding support :)

[idealmedtech]

Forgive my ignorance, web et al is not my specialty, but how does this work with HTTPS traffic? Do you install a root cert in the dev environment like Wireshark to be able to mirror agnostically? Or does there need to be application config (DNS change, internal routing changes) to make this work? If the latter, what's the value add here?

[eyalbukchin]

Our agent sniffs traffic in the same network namespace as the pod whose incoming traffic we mirror, so in most cases that would be after the HTTPS traffic is decrypted (by e.g. a load balancer, or a service mesh)