Go back to the app

Drift detection 🕵️

Overview

Brainboard allows you to detect any drift happening to the cloud infrastructure, and in some cases it removes the root cause of the drift.

Detecting the drift

To detect a drift happening to the cloud infrastructure, you have 2 options. Both options are based on a workflow.

Actually, Brainboard is the only tool in the market that allows you to create multiple CI/CD workflows for the same infrastructure. You can for e.g. create a workflow for security checks, another one for costs and a third one to detect a drift.

Refer to this page if you want additional information about workflows.

Manual workflow

You can create a workflow to check if a drift has happened to the cloud infrastructure and run it manually as follows:

  1. Go to the CI/CD page of the infrastructure by clicking on the rocket in the top bar

  2. Either create a new workflow by clicking on the button New workflow or use the public template called [Public] Drift detection by Brainboard:

  3. Once the workflow created, add a drift detection task and give it a name:

  4. Run the pipeline by clicking on the button on the top right called Run pipeline.

Scheduled automatic detection

  1. Go to the CI/CD page of the infrastructure by clicking on the rocket in the top bar

  2. Either create a new workflow by clicking on the button New workflow or use the public template called [Public] Drift detection by Brainboard:

  3. Open the settings of the workflow you just created:

  4. Activate the cron schedule and specify the frequency of the execution of the workflow

  5. If you want to be notified when a drift is detected, enable Notify on failure and specify the email address(es) that will receive the notification.

You can use this crontab generator to generate a cron expression.

Output

When the pipeline runs (either manually or automatically), Brainboard creates an execution environment, runs the detection and gives you the output:

Drift task output

When a drift is detected, the workflow will be marked as failed, because when a drift happens this is considered a failure by Brainboard as the infrastructure doesn't comply with the provisioned one.

Best practices

It's a good practice to use the automatic scheduled drift detection, for both critical workloads in case anything unwanted happens outside the source of truth, and for non-critical workloads to control costs and detect any modification that may increase them beyond the allowed budget.

PreviousDeploy runner with kubernetesNextRemediation 🔃

Last updated