Operational MVD

Helm Drift Detector

sandbox control plane

Helm + Kubernetes drift detection

Continuous drift assurance for Helm releases and live cluster state.

Materialize release intent, capture live control-plane evidence, surface governed configuration drift, and reconcile safely from a single operator console.

Drift simulator

Replay governed changes before reconcile

Variance detected
Helm release assurance Out-of-band drift Governed change review across autoscaling and traffic contracts before reconcile.
Drift load 4 active variances
Scenario state Out-of-band mutation
Focused control path HPA floor
Reconcile gated

spec.minReplicas

Observed autoscaler floor diverges from the approved release contract.

Desired 6
Live 4
delta -2
Scenario timeline Scrub the audit lifecycle
Baseline render Out-of-band mutation Controlled reconcile

Pipeline

Short flow

Helm drift detector
Workflow Helm release assurance
Source of truth Rendered release baseline
Active drift signals 4
Scope sandbox-nginx / test-nginx

Operator console

Centered operator console

Release assurance, live-state evidence, drift review, and guided remediation in one command surface.

Helm release assurance

driftctl operator console

Release baseline audit, live control-plane evidence, and guided reconciliation workflow.

context: sandbox-nginx / test-nginx workflow: helm-release-audit state: variance-detected
shell=bash cluster=sandbox-control-plane audited=hpa,svc artifact=release-baseline.yaml

Approved baseline

Release contract materialized from Helm or Git

helm template test-nginx ./charts/nginx --namespace sandbox-nginx --include-crds > release-baseline.yaml


              


              

                

                  

                    
Live evidence

                    
Live control-plane evidence captured from Kubernetes

                    
kubectl get hpa,svc -n sandbox-nginx -o yaml > live-snapshot.yaml

                  

                

                

              


              

                

                  

                    
Governed drift

                    
Governed differences across high-signal control paths

                    
Review governed deltas before promotion, rollback, or reconciliation.

                  

                

                

                  

                    Active variances
                    4
                  

                  

                    Reconcile path
                    kubectl apply -f release-baseline.yaml
                  

                  

                    Compliance
                    Variance detected
                  

                

                
    
              
    

              
    
                
    
                  
    
                    
    Audit assets
    
                    
    Execution runners and release templates behind the control check
    
                    
    Execution runner for Helm-rendered baseline capture and drift evidence.
    
                  
    
                
    
                
    
                  
                  
                  
                  
                
    
                
    scripts/run_helm_mode.sh
    
                
    
              
    

              
    
                
    
                  
    
                    
    Ops flow
    
                    
    Release assurance operating flow
    
                    
    Use this path for release validation, production drift review, and controlled remediation.
    
                  
    
                
    
                
    
                  
                  
                  
                  
                
    
              
    
            
    

            
    
              
              driftctl>
              
            
    

            
    
              workflow=helm-release-assurance
              state=variance-detected
              artifact=release-baseline.yaml