What is Zelyo?¶
Zelyo is your Digital SRE and Security Engineer powered by Agentic AI that does the job of a full-time site reliability and security engineer. It autonomously observes your cluster, reasons about security findings and anomalies using LLMs, and acts by opening GitOps PRs with production-ready fixes โ all with read-only cluster access.
The Zelyo Operator is a self-hosted Kubernetes Operator that allows you to manage and automate the lifecycle of Zelyo within your cluster.
Bring your own LLM API keys (OpenRouter, OpenAI, Anthropic, Azure, Ollama) โ optimized for minimal token usage.
Key Features¶
Security Scanning¶
RBAC audit, image vulnerabilities, PodSecurity violations, secrets exposure, and network policy gaps.
Compliance¶
CIS Benchmarks, NSA/CISA hardening, PCI-DSS, SOC2, and HIPAA compliance mapping with automated checks.
Supply Chain Security¶
SBOM analysis, image signature verification (Cosign/Notary), and base image CVE tracking.
Real-Time Monitoring¶
24/7 Kubernetes events, pod logs, node conditions, and network telemetry with anomaly detection.
Agentic AI Remediation¶
LLM-powered diagnosis with structured JSON fix plans, risk scoring, and production-ready GitOps PRs via GitHub App.
Cost Optimization¶
Resource rightsizing, idle workload detection, and spot-readiness assessment to reduce cloud spend.
Config Drift Detection¶
Compares live cluster state against your GitOps repo manifests and auto-generates reconciliation PRs.
Runtime Threat Detection¶
Suspicious exec detection, privilege escalation, filesystem anomalies, and lateral movement detection.
Multi-Cluster Federation¶
Aggregate views, cross-cluster correlation, and centralized policy management across all your clusters.
Dual Operating Modes¶
| Mode | When | Behavior |
|---|---|---|
| Audit Mode (default) | No GitOps repo onboarded | Detects, diagnoses, and sends alerts โ zero cluster modifications |
| Protect Mode | GitOps repo onboarded | Full autonomous remediation โ generates fixes, opens PRs via GitHub App |
Architecture¶
graph TB
subgraph "Kubernetes Cluster โ Read-Only Access"
Events[K8s Events]
Logs[Pod Logs]
Nodes[Node Conditions]
Net[Network Telemetry]
Metrics[Resource Metrics]
end
subgraph "Zelyo โ The Digital SRE"
subgraph "Observe"
Watcher[Real-Time Watcher]
Scanner[Security Scanner]
CostEng[Cost Optimizer]
end
subgraph "Reason"
AnomalyDet[Anomaly Detector]
Correlator[Incident Correlator]
Compliance[Compliance Engine]
DriftDet[Drift Detector]
LLM["LLM Reasoner โ BYO Keys"]
end
subgraph "Act"
Remediation[Remediation Engine]
GitOps[GitHub App Engine]
Notify[Notifier]
end
end
subgraph "Integrations"
GitRepo[Your GitOps Repo]
Alerts["Slack ยท Teams ยท PagerDuty"]
Prom["Prometheus ยท Grafana"]
end
Events & Logs & Nodes & Net & Metrics --> Watcher
Watcher --> AnomalyDet & Scanner & CostEng
Scanner --> DriftDet & Compliance
AnomalyDet & Scanner & CostEng & DriftDet & Compliance --> Correlator
Correlator --> LLM
LLM --> Remediation
Remediation -->|Protect Mode| GitOps
Remediation -->|Audit Mode| Notify
GitOps --> GitRepo
Notify --> Alerts
Watcher --> PromQuick Install¶
# Create namespace and LLM secret
kubectl create namespace zelyo-system
kubectl create secret generic zelyo-llm \
--namespace zelyo-system \
--from-literal=api-key=<YOUR_API_KEY>
# Install from OCI registry
helm install zelyo-operator oci://ghcr.io/zelyo-ai/charts/zelyo-operator \
--namespace zelyo-system \
--set config.llm.provider=openrouter \
--set config.llm.model=anthropic/claude-sonnet-4-20250514 \
--set config.llm.apiKeySecret=zelyo-llm
Created with โค๏ธ by Zelyo AI