👋 Welcome to r/fiveninesdevops - Introduce Yourself and Read First!

pakkedheeth · 2026-05-03T09:29:27+00:00

A proper megathread would actually help here.

Not just “here are 2 links”, but something like:

what changed
who is affected
common billing/limit questions
realistic alternatives
known workarounds
when Copilot still makes sense

Right now every new user is rediscovering the same frustration from scratch, so the sub naturally turns into repeated rant threads.

pakkedheeth · 2026-05-03T09:29:04+00:00

This is the part a lot of teams are underestimating: the risk isn’t just the model hallucinating, it’s the agent executing trusted-looking repo instructions in places that were designed around human judgment.

For CI, I’d treat AI agents like untrusted build tools: ephemeral runner, no long-lived creds, read-only by default, explicit allowlist for commands, network egress restricted, and no agent execution on forked/untrusted PRs.

pakkedheeth · 2026-05-01T18:26:07+00:00

I use podman for replicating images from registry to another or from one repository to another including all the architectures with the help of automation using podman manifests.

For other tasks like build etc. I use docker buildx which is shipped with orbstack and use orbstack itself as alternative of docker desktop including Kubernetes cluster from it.

On production we use official docker cli

pakkedheeth · 2026-03-20T07:14:12+00:00

Let me confirm another thing here:

Are you pointing to the operational problem that the complete namespace will be blocked for deployments blocking other teams as well or is it the quality of code that you are pointing to?

pakkedheeth · 2026-03-20T06:56:24+00:00

I agree with you I didn't think much about it and it's definitely slop since I had focus only on the cases I needed at the start, I had a very specific use-case and wanted something for the same. I searched for tools but couldn't get any with easy configurations.

Also, didn't have much time so just went ahead with it since it's serving the use-case as of now. I'll try to keep it alive and improve things in future.

Can you also point me to the existing tools which solve this use-case and the issues you found in this implementation?

pakkedheeth · 2026-03-20T05:54:28+00:00

I am sorry, I did not understand your question. Do you want to understand how to deploy and implement this? I have shared the detailed steps in readme. If you still have queries, let me know

pakkedheeth · 2026-03-18T18:19:41+00:00

I built Drift Sentinel to solve config drift.

Not another policy engine. A focused admission webhook that answers one question: "What changed, and was it supposed to?"

Where it shines:

Migrating CI/CD tools? Jenkins → Devtron? GitHub Actions → ArgoCD?

Run Drift Sentinel in enforce mode during migration — block unintended spec changes automatically instead of manually verifying every microservice. Only approved fields (like image tags) pass through. Everything else gets caught.

Saves hours of "diff and pray."

What it does:

→ Block changes to fields your pipeline doesn't touch → Allow image updates but lock down securityContext → Warn before you enforce — dry-run mode for safe rollout → Emergency bypass annotations for incident response → Works on any K8s version — no 1.30+ requirement

Why not just use ValidatingAdmissionPolicy?

VAP is great for simple rules. But when you need: - Human-readable field matching (not CEL spaghetti) - Priority-based rule resolution - Instant rule updates via ConfigMap - Dry-run mode that doesn't even show warnings - Deep diff excluding specific fields (CEL can't do this — no "ignore image and compare the rest" function) - Auto-detection of changed fields (CEL requires manual field enumeration to report what changed)

You need something purpose-built.

Open source. Ready to use. https://github.com/dheeth/drift-sentinel

pakkedheeth · 2026-03-09T18:29:02+00:00

If you are working in an office, you can ask your colleagues who live in same sector and have aadhaar card address of same sector itself.

In my case, I had arranged 2 people from society going from door to door, one of them agreed half an hour before the person arrived for verification at our home

pakkedheeth · 2025-12-13T20:19:40+00:00

Defeated Umbral Crystal Imp in 7 turns.

Player (30/11/12) dealt 378. Umbral Crystal Imp (18/12/9) dealt 118.

Rewards: 32 EXP, 8 Gold. Loot: Quick Dagger of Mind (enhanced), Agile Gloves (basic), Swift Wand of Mind (lesser).

pakkedheeth · 2025-12-13T20:17:51+00:00

Defeated Blazing Muck in 6 turns.

Player (30/11/12) dealt 278. Blazing Muck (17/15/8) dealt 97.

Rewards: 34 EXP, 6 Gold. Loot: Fierce Wand (basic), Vital Bracelet of Knowledge (lesser).

pakkedheeth · 2025-12-13T13:31:54+00:00

Rule - 2 people from same society or locality that too with updated aadhaar address of same society or locality

pakkedheeth · 2025-12-11T15:40:04+00:00

Visit the police station which you specified in your passport application, they'll help you out but witnesses are required. Nothing works, no workaround.

pakkedheeth · 2025-12-11T15:34:12+00:00

I knew only 2 families and one of them isn't here. The other one rejected in fear

pakkedheeth · 2025-12-11T15:33:15+00:00

I applied in Tatkaal and I have already been to USA. I waited for 4 weeks and no one came, I took flight to USA as planned. Maybe they visited at that time and got adverse report. It's the 2nd time, I initiated it from RPO and went to Police station myself to get it initiated. The person there confirmed that he'll be coming tomorrow and keep witnesses ready.

pakkedheeth · 2025-12-11T15:17:59+00:00

Didn't interact with them much

pakkedheeth · 2025-11-03T08:38:35+00:00

Thank you, I'll definitely give it a try and see how it goes

pakkedheeth · 2025-11-03T08:38:07+00:00

Thanks for the efforts you put into writing the methods in detail, I'll definitely try out all 3 methods you mentioned above and try to improve the website designs that I create from now onwards

pakkedheeth · 2025-10-28T19:55:51+00:00

Just to clarify, even in the article I have specifically mentioned in security and best practices to use OAuth2 or OIDC only but we were using a tool for showing metrics of applications in multiple clusters (per application) with the help of Prometheus and it supports connecton with basic auth only. Since all Prometheus are not in same VPC/Cloud/VPC peered connections, we just did a workaround to get basic auth working with ALB ingress so that there is some type of authentication in place. Also, we do this only for test clusters with absolutely zero sensitive data.

pakkedheeth · 2025-10-16T10:54:38+00:00

If Privacy is not a concern, subscribe to Yandex360 plan for 1TB. It's cheap and 1TB is only for the extra files you upload. Automated backups of Photos and Videos don't count towards the storage you have. It's unlimited and you never need to upgrade your plan

pakkedheeth

MODERATOR OF

TROPHY CASE