u/Confident-Quail-946 — reddlx

first week at the new gig and they hand me a registry with 40 container images floating around like ghosts. no owners, no scan history, some of them haven't been touched in over two years. nobody can tell me if that one came from a vendor bundle or their intern's weekend project. asked around and got the classic "it's always been like that" shrug.

part of me wants to nuke them all and call it a security win, but compliance would probably notice. reality check: what's the least soul-crushing way to tackle this!

tried pulling commit history on the Dockerfiles to find who last touched them that tells you the last editor, not the service owner, and half the authors have left. runtime inventory is more useful: kubectl get pods -A -o yaml piped through grep gets you which images are running in prod vs just sitting in the registry collecting dust.

tempted to just triage by runtime presence first anything not running in the last 90 days is a candidate for archiving. then sort the active ones by critical CVE count and start there.

anyone survived this and come out with a process that doesn't take 6 months?

we just flipped the switch from MPLS to a full internet-based WAN setup across 15 sites. MPLS was predictable, now everything feels variable.

latency spikes randomly, packet loss during peak hours, routing paths shifting between providers. with MPLS we knew exactly how traffic would behave. now it depends on upstream conditions we don’t control.

tried tweaking BGP timers and QoS but jitter is killing VoIP calls. some apps timeout constantly, others just slow down depending on time of day.

biggest difference so far is losing deterministic paths. instead of engineering around known behavior, we’re reacting to whatever the internet does.

what hit you first on similar migrations and how you stabilized it.

anyone got this close to MPLS-level reliability or is that just not realistic anymore?