Geo: Silent mode - Document limitations
Problem to solve
Phase 1 of silent mode will focus on supporting DR site testing. To keep the scope small for the initial release we will not be able to block all outbound communications. However, silent mode could have other uses which we will look to address in phase 2.
Proposal
Create a list of limitations that highlight outbound communications that will not be blocked when silent mode is enabled.
Dependency proxy
Dependency proxy will not be blocked as part of silent mode allowing the instance under test to use the cache and pull through any missing images as required as per discussion here. Pulling through images for testing purposes may have unexpected consequences in depleting the pull quota on Docker hub. We should explain that any images required during the testing that are not cached will be fetched from Docker hub resulting consumption from pull requests quota.
File hooks
File hooks will not be blocked in phase 1. Primary use case for phase 1 is to support DR site testing. Since file hooks are not replicated to DR sites blocking file hooks is out of scope for this phase.
Server hooks
Server hooks will not be blocked in phase 1. Primary use case for phase 1 is to support DR site testing. Since server hooks are not replicated to DR sites blocking server hooks is out of scope for this phase.
Elastic search
Elastic search communications will not be blocked in phase 1. Primary use case for phase 1 is to support DR site testing. We recommend having a separate Elastic search instance for each DR site therefore there is little risk of the testing on the DR impacting the production Elastic search instance. Therefore, Elastic search is out of scope for this phase.
Snowplow
Deprecated Kubernetes Connections
Outgoing external traffic from container registry webhooks
Who can address the issue
Anyone from Geo team