Security overview

9 min

overview kubegrade is designed from the ground up to ensure that enterprise‑grade security, compliance, and scalability are built into every layer of our platform with strong emphasis on least privilege access human in the loop approvals gitops based change execution auditability support for private/on prem/hybrid deployments this document outlines kubegrade’s infrastructure design, security practices, and compliance posture for deployment‑specific architecture details, refer to our architecture section how we handle your data to achieve enterprise grade security control & data plane separation kubegrade follows a strict separation of concerns between the control plane and the data plane control plane (kubegrade‑managed) handles authentication, user management, licensing, configuration, scheduling, agent orchestration, and alerting data plane (deployment‑dependent) connects to your kubernetes clusters and infrastructure, executes discovery and upgrade checks, and stores operational metadata, either in a shared or isolated environment depending on the deployment model details for each deployment model are available in multi‑tenant saas single‑tenant saas bring‑your‑own‑cloud (byoc) / private deployment collection kubegrade’s connectors and agents only access cluster metadata, configuration state, logs, and upgrade‑related signals required to assess the health and posture of your environments data collected is used solely to power recommendations, upgrade planning, and incident visibility that you have explicitly enabled all communication between kubegrade and your infrastructure uses encrypted connections (https/tls) for enterprise customers, kubegrade supports running agents and mcp‑connected services entirely within your own cloud or network perimeter, so sensitive systems do not need to be directly exposed to kubegrade’s control plane compliance kubegrade can support enterprise security and compliance requirements such as soc 2 and iso 27001, and we are able to share details of our current certifications and roadmap under nda kubegrade will sign ndas and/or dpas where appropriate while kubegrade collects operational metadata and logs to drive upgrade planning and monitoring, we acknowledge that personal data may be processed in some environments where this occurs, it is used only for the purpose of delivering kubegrade’s kubernetes operations capabilities internal use of saas applications at kubegrade is vetted to ensure confidential company and customer information is handled in line with our security and privacy policies organizational security and privacy practices kubegrade’s team follows industry best practices to protect the platform and our customers’ data kubegrade engages independent third parties to perform regular penetration tests of the platform processing of collected data is conducted on secure infrastructure hosted with leading cloud providers (for example, aws), configured according to security best practices kubegrade employees receive privacy and security training during onboarding and on a recurring basis, and must acknowledge our security policies access to production systems is protected with strong authentication (including multi‑factor authentication and sso where applicable), based on least‑privilege access and periodic access review data collected by kubegrade the following information may be processed and stored by kubegrade collected data details purpose of collection cluster metadata cluster names, kubernetes versions, node group identifiers, labels to inventory clusters and node groups and support version‑aware analysis and recommendations configuration metadata manifests, helm values, add‑on and controller versions, upgrade history to analyse configuration, detect drift, validate upgrade paths, and generate remediation plans/prs operational metrics status of workloads, node health, upgrade status, high‑level performance to track upgrade progress, detect common failure modes, and surface slo‑relevant signals aggregated statistics aggregated counts, error rates, rollout outcomes to improve recommendations, run safety checks, and support reporting on reliability over time logs / events (optional) selected logs and events relevant to upgrades and troubleshooting to enable diagnostics, runbooks, and ai‑assisted incident analysis (opt‑in and scope‑controlled) user actions & pr data upgrade plans, approvals, comments, generated pull requests to provide audit trails, provenance for ai‑generated changes, and workflow history integration credentials tokens and keys for git, cloud, and kubernetes integrations to securely connect kubegrade to your repositories and clusters, using least‑privilege access data access & encryption all connections from kubegrade to your clusters, clouds, and git providers use least‑privilege, read‑only or narrowly scoped credentials wherever possible, and all traffic is encrypted with tls kubegrade supports multiple layers of encryption content‑level encryption for sensitive data such as credentials and secrets at‑rest encryption for all data stored within kubegrade’s services encryption details content encryption sensitive fields (for example, integration credentials and secret material) are encrypted using strong, industry‑standard algorithms (such as aes‑256‑gcm) before storage at‑rest encryption all data stored in databases and object storage is encrypted at rest using cloud‑provider‑managed encryption, adding a second layer of protection in case underlying storage is accessed retention kubegrade retains operational data only as long as necessary to provide the service (for example, while a cluster or integration is configured in kubegrade) or as required by contractual agreements and applicable law certain transient artefacts (like detailed logs) may have shorter retention periods configurable for enterprise customers scalability & reliability scalable engine / worker pool kubegrade’s analysis and automation engine scales elastically with workload, provisioning additional workers under load (for example, during large fleet scans or multi‑cluster upgrades) and reducing capacity during idle periods this distributed architecture provides resilience against individual node failures high‑performance and reliable scheduling kubegrade’s job scheduling and orchestration layer is designed for safe, reliable execution of cluster‑level tasks ensures that upgrade and analysis tasks are scheduled without duplication and with clear idempotency guarantees retries failed work where appropriate to maintain coverage of critical workflows while respecting rate limits and provider‑specific constraints