First time I see this piece of software and I'm both intrigued and scared of what it's capable of. My fear (as a k8s administrator) comes from not yet understanding the details of how it works. Yes, I've read the linked article and project's readme on github and they didn't contain the important details.
Does this tool work with any k8s cluster? or does one at first need to install an operator into their cluster?
Does this tool talk to kubernetes API? If yes - then does it rely on kubectl's config or what?
> No, mirrord doesn’t install anything on the cluster, nor does it have any persistent state. It does spawn a short-living pod/container to run the proxy, which is automatically removed when mirrord exits.
> If you have any restrictions for pulling external images inside your cluster, you have to allow pulling of ghcr.io/metalbear-co/mirrord image.
and also another important detail:
> Since mirrord uses the dynamic linker to load into the application’s process, it cannot load if the binary is statically linked.
It does work with any k8s cluster, no operator needed. It indeed relies on kubectl's config to talk to the k8s API. All that's needed is permissions to run privileged pods (or if you've configured mirrord to use ephemeral containers, not even that).
We're currently working on a more enterprise-oriented version where you would have a persistent operator in the cluster, and it would let you properly manage RBAC, rather than relying on each user's kubectl.
Thanks for pointing all of this out! We'll try to make this info more easily accessible.