Turn any signal into a CRD - Aggregate structured signals from any tool (security, compliance, performance, operations, cost) into unified Observation CRDs
zen-watcher is a Kubernetes operator that aggregates structured signals from any tool (security, compliance, performance, operations, cost) into unified Observation CRDs. Lightweight, standalone, and useful on its own.
Built by operators, for operators. After spending hours manually correlating events from multiple tools during incidents, we realized operators need a single source of truth for all events, in a format they already understand: CRDs.
Collect from logs, webhooks, ConfigMaps, CRDs, and Kubernetes events - all via YAML configuration
20+ Prometheus metrics, 6 pre-built Grafana dashboards, structured logging, and health probes
SHA-256 content fingerprinting, per-source rate limiting, and time-bucketed aggregation
Zero secrets in core, zero egress traffic, zero external dependencies - all data in Kubernetes-native CRDs
Non-privileged containers, read-only filesystem, minimal footprint (~29MB image, <10m CPU, <50MB RAM)
Add any new source with a simple YAML configuration using the Ingester CRD. No code required!
helm repo add kube-zen https://kube-zen.github.io/helm-charts helm repo update
helm install zen-watcher kube-zen/zen-watcher \ --namespace zen-system \ --create-namespace
kubectl apply -f examples/ingesters/trivy-informer.yaml kubectl get ingesters
Ready to aggregate your Kubernetes events? Check out the documentation and start using zen-watcher today.