Skip to content

ajeetraina/kubezilla

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

6 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

KubeZilla πŸ¦–

The autonomous Kubernetes SRE you can actually trust to act β€” because it's caged.

Detect β†’ Diagnose β†’ Plan β†’ Remediate β†’ Verify. Fully autonomous. Every action runs inside a kernel-isolated Agent Sandbox β€” never with cluster-admin on your nodes.

Go Report Card License Go Reference CI Discord

Quickstart Β· What it does Β· Architecture Β· Safe Autonomy Β· Roadmap


πŸ¦– Goal

Diagnosing a broken cluster is only half the job β€” someone still has to fix it, by hand, often at 3am. True autonomy means letting an agent close that loop: detect the problem, reason about the root cause, apply the fix, and confirm it worked.

The thing standing in the way is trust. You do not want an LLM holding cluster-admin, free-handing kubectl delete against prod.

KubeZilla makes autonomy safe. It runs the full SRE loop on its own, but every diagnostic command and every line of LLM-generated remediation executes inside a gVisor/Kata-isolated Agent Sandbox with a scoped, time-boxed ServiceAccount, a dry-run gate, a full audit trail, and automatic rollback. The blast radius is the sandbox β€” not your node.

Reason freely. Act minimally. The model sees everything; the executor can touch almost nothing.


✨ What KubeZilla does

  • πŸ” Detects & diagnoses β€” read-only analyzers scan pods, deployments, events and more, then a pluggable LLM ranks the most likely root cause with a confidence score.
  • πŸ› οΈ Remediates autonomously β€” turns the diagnosis into a typed remediation plan (not free-text shell), then applies it and verifies the result.
  • πŸ”’ Acts inside a sandbox β€” every action runs kernel-isolated (gVisor/Kata) with ephemeral, least-privilege credentials that expire in minutes. KubeZilla's own identity is read-mostly and never touches your workloads directly.
  • ↩️ Rolls back automatically β€” every action ships its own undo; if the fix doesn't verify, KubeZilla reverts it and escalates. No rollback, no apply.
  • 🎚️ Stays in your control β€” dial autonomy from "diagnose only" to "fully autonomous," with policy guardrails and human approval gates.
  • 🧾 Leaves an audit trail β€” every decision (signals β†’ hypothesis β†’ plan β†’ action β†’ result) is recorded and replayable.
  • 🧠 Works with your model β€” Claude (default), OpenAI, Gemini, or a local Ollama. Never locked in.
  • βš™οΈ CLI and GitOps-native β€” a one-command CLI to start in 60 seconds, plus CRDs and an operator for declarative, in-cluster autonomy.

πŸš€ Quickstart

# Install
go install github.com/ajeetraina/kubezilla/cmd/kubezilla@latest

# Point at your cluster + pick a model (Claude by default)
export ANTHROPIC_API_KEY=sk-ant-...
export KUBEZILLA_MODEL=claude-opus-4-8

# 1. Scan β€” a read-only diagnosis of your cluster
kubezilla analyze

# 2. Let it propose a fix β€” dry-run, nothing touches the cluster yet
kubezilla diagnose --namespace payments

# 3. Full autonomous loop, sandboxed, with an approval gate before apply
kubezilla agent run --namespace payments --autonomy assisted

Example:

πŸ¦– KubeZilla β€” scanning namespace "payments"

  ● CrashLoopBackOff  payments/checkout-7f9c   (restarts: 142)
    └─ root cause: liveness probe hits :8080/health, container listens on :3000
    └─ confidence: 0.93

  Proposed remediation (sandboxed, dry-run):
    patch deployment/checkout  .spec...livenessProbe.httpGet.port  8080 β†’ 3000

  Sandbox:  gvisor Β· sa/kubezilla-checkout-remediator (TTL 5m, verbs: get,patch on deployments/checkout)
  Verify:   rollout healthy AND 0 restarts in 120s, else auto-rollback

  Approve? [y/N]

Don't have a cluster? kubezilla demo spins up a broken workload in kind so you can watch KubeZilla fix it end-to-end.


🧠 How it works

        β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
        β”‚                        KubeZilla Agent                        β”‚
        β”‚   observe β†’ reason (LLM) β†’ plan β†’ POLICY GATE β†’ act β†’ verify   β”‚
        β””β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                β”‚ read-only                      β”‚ every action
                β–Ό                                β–Ό
        β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”                β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
        β”‚  Analyzers    β”‚                β”‚   Agent Sandbox (SIG)    β”‚
        β”‚ (k8s, events, β”‚                β”‚  gVisor / Kata isolation β”‚
        β”‚  metrics)     β”‚                β”‚  scoped SA Β· TTL Β· audit β”‚
        β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜                β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
  1. Observe β€” analyzers scan resources, events, and metrics (read-only).
  2. Reason β€” a pluggable LLM correlates signals into a ranked root-cause hypothesis.
  3. Plan β€” KubeZilla emits a structured, typed RemediationPlan (not free-text shell).
  4. Policy gate β€” OPA/Rego + autonomy level decide: auto-apply, require approval, or refuse.
  5. Act β€” the plan executes inside an Agent Sandbox with a minimal, time-boxed ServiceAccount.
  6. Verify β€” success criteria are checked; on failure KubeZilla auto-rolls-back and escalates.

Full design: docs/architecture.md Β· safety model: docs/safe-autonomy.md.


🎚️ Autonomy levels

KubeZilla never makes you choose between "useless" and "terrifying." Dial it in:

Level Behavior Use it for
observe Diagnose only β€” never mutates First day on a new cluster
assisted Propose + apply on approval (default) Prod, with a human in the loop
auto-safe Auto-apply allow-listed low-risk fixes Restarts, probe fixes, HPA nudges
autonomous Full loop within policy budget Dev/staging, blue-green, on-call relief

πŸ“¦ Install (Operator / GitOps)

helm repo add kubezilla https://ajeetraina.github.io/kubezilla
helm install kubezilla kubezilla/kubezilla -n kubezilla-system --create-namespace
apiVersion: agents.kubezilla.dev/v1alpha1
kind: Agent
metadata:
  name: payments-sre
spec:
  scope:
    namespaces: ["payments"]
  autonomy: assisted
  model: claude-opus-4-8
  sandbox:
    runtime: gvisor          # or kata
    ttlSeconds: 300
  policyRef: payments-guardrails

πŸ—ΊοΈ Roadmap

KubeZilla is built in the open and aims for CNCF Sandbox donation. See ROADMAP.md.

🀝 Contributing

We ❀️ contributors β€” good first issues are labeled and mentored. Read CONTRIBUTING.md and our Code of Conduct.

πŸ“„ License

Apache 2.0 β€” see LICENSE.

Built for the Kubernetes community. πŸ¦– Tame the chaos.

About

πŸ¦– The autonomous (and caged) Kubernetes SRE β€” detect, diagnose, plan & remediate autonomously, with every action run inside a kernel-isolated Agent Sandbox (gVisor/Kata). k8sgpt diagnoses; KubeZilla acts, safely.

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

0 stars

Watchers

1 watching

Forks

Packages

 
 
 

Contributors

Languages