KubeZilla acts on production clusters, so we take security seriously — it's the whole point of the project. See docs/safe-autonomy.md for the architecture.
Please do not open a public issue for security vulnerabilities.
Email security@kubezilla.dev with:
- a description of the issue,
- steps to reproduce,
- the affected version (
kubezilla version), - impact assessment if you have one.
We aim to acknowledge within 48 hours and to ship a fix or mitigation promptly, crediting you (if you wish) in the release notes.
During the v0.x pre-1.0 phase, only the latest minor release receives security
fixes.
- KubeZilla's own identity is read-mostly; it cannot mutate workloads directly.
- All remediation runs with ephemeral, least-privilege ServiceAccounts inside a kernel-isolated Agent Sandbox (gVisor/Kata).
- The model emits typed plans, never shell.
- Every mutating action ships a rollback; failed verification auto-reverts.
kube-systemandkubezilla-systemare protected namespaces by default.