Change Management

Clotho

Enterprise change management for Kubernetes. Approval workflows, scheduled deployments, and complete audit trails. Built natively for OpenShift.

Learn More Get Started

Overview

Clotho brings enterprise-grade change management practices to OpenShift environments. Organizations running production workloads need controlled change processes; approval workflows, risk assessment, scheduled maintenance windows, and complete audit trails. Clotho implements these controls as native Kubernetes resources, integrating seamlessly with existing GitOps pipelines and cluster operations.

The operator intercepts resource creation in managed namespaces, routing changes through configurable approval workflows before they reach the cluster. With risk-based auto-approval, multi-step approval gates, tamper-proof signatures, and S3 archival, Clotho provides the governance infrastructure that enterprises require for compliance, security, and operational safety—without sacrificing the velocity that Kubernetes enables.

Features

Multi-Step Approval Workflows

Define sequential approval gates requiring sign-off from multiple teams, such as platform, security, and operations. Each step can have its own approver set, timeout, and escalation rules. All decisions are recorded with timestamps, user attribution, and justification.

Risk-Based Auto-Approval

Not every change needs a full review. Emergency changes auto-approve for rapid incident response. Standard and low-risk changes can be automatically approved. Normal and high-risk changes route through full workflows. Configure the matrix to match your organization's risk tolerance.

Scheduled Deployments

Approve changes now, deploy them later. Set planned start and end times for maintenance windows. Changes automatically transition from Scheduled to Implementing when the window opens, and expire if the window closes without completion—preventing stale changes from deploying unexpectedly.

Tamper Detection

Every approved resource receives HMAC-SHA256 signatures stored as annotations. Subsequent modifications are validated against these signatures. Unauthorized changes are blocked by the admission webhook. Approved updates can bypass re-approval when signatures match, preventing approval fatigue.

Compliance Archival

Approved manifests are automatically archived to S3-compatible storage (AWS S3, MinIO, etc.) before deployment. Combined with the complete audit trail of approvals and decisions, this provides the evidence chain that auditors and compliance teams require.

OpenShift Console Integration

A native console plugin provides real-time visibility into change requests, approval workflows, and scheduled deployments. Approvers can review manifest diffs, approve or deny directly from the UI, and track the complete lifecycle of every change through an intuitive timeline view.

Use Cases

Production Change Control

Prevent unauthorized deployments or changes. Clotho intercepts all resource creation in managed namespaces, ensuring that every Deployment, StatefulSet, ConfigMap, and Ingress passes through your approval process before it reaches the cluster. Reduce incidents caused by unreviewed changes.
Maintenance Window Enforcement

Coordinate deployments across teams with scheduled change windows. Approve changes during business hours, deploy them during maintenance windows. Clotho automatically handles the timing, transitioning changes from Scheduled to Implementing when the window opens—no manual intervention required.
Multi-Team Governance

Large organizations need multiple teams to sign off on changes—platform engineering validates infrastructure, security reviews for vulnerabilities, operations confirms readiness. Clotho's multi-step workflows model this process natively, with each team having their own approval gate and approver set.

Custom Resources

Change

The top-level resource representing a coordinated set of infrastructure modifications. Defines the change category (Standard, Normal, Emergency), risk level (Low, Medium, High), planned time window, and references to the manifests being deployed. Orchestrates the complete lifecycle from creation through approval to implementation.
ManifestRequest

An individual Kubernetes manifest requiring approval before application. Contains the YAML/JSON content to deploy, expiration time, and optional service account for least-privilege deployment. Tracks validation signatures and archive URLs after approval.
ApprovalWorkflow

Orchestrates a sequence of approval steps that must complete before a change can proceed. Aggregates step statuses to determine overall workflow state—all steps approved means the workflow completes; any step denied means the workflow is rejected. Supports both inline step definitions and references to reusable steps.
ApprovalStep

A single approval gate within a workflow. References an ApproverSet defining who can approve, supports configurable timeouts for auto-denial, and tracks the current state (Pending, Approved, Denied, Skipped). Records the user who made the decision and when.
ApproverSet

Defines groups of users authorized to approve requests. Uses standard Kubernetes RBAC subject syntax: Users, Groups, and ServiceAccounts. Integrates with OpenShift's user and group APIs for membership validation. Enables flexible approval policies matching your organization's structure.

Example Workflow

Here's a typical workflow for deploying a new microservice through Clotho. The change is created with a scheduled time window, routed through a multi-step approval workflow, and automatically deployed when the maintenance window opens.

# 1. Create a Change with scheduled deployment window
  oc apply -f - <<EOF
  apiVersion: clotho.cosmosdevops.co.uk/v1alpha1
  kind: Change
  metadata:
    name: deploy-payment-service-v2
    namespace: production
  spec:
    description: "Deploy payment service v2 with new fraud detection"
    category: Normal
    riskLevel: High
    plannedStartTime: "2025-12-15T02:00:00Z"
    plannedEndTime: "2025-12-15T04:00:00Z"
    manifestRequests:
      - name: payment-service-deployment
  EOF

  # 2. Platform team approves via ApprovalEvent
  oc apply -f - <<EOF
  apiVersion: clotho.cosmosdevops.co.uk/v1alpha1
  kind: ApprovalEvent
  metadata:
    name: platform-approval-payment
    namespace: production
  spec:
    targetStep: platform-review
    decision: approve
    comment: "Reviewed resource requests and replica count. LGTM."
  EOF

  # 3. Security team approves
  oc apply -f - <<EOF
  apiVersion: clotho.cosmosdevops.co.uk/v1alpha1
  kind: ApprovalEvent
  metadata:
    name: security-approval-payment
    namespace: production
  spec:
    targetStep: security-review
    decision: approve
    comment: "Container image scanned, no CVEs. Approved."
  EOF

  # 4. Monitor the change status (auto-deploys at plannedStartTime)
  oc get change deploy-payment-service-v2 -n production -w

Bring Enterprise Change Management to Your Cluster

Stop deploying blind. Clotho gives you the approval workflows, audit trails, and scheduled deployments that enterprise operations require; without leaving the OpenShift ecosystem.

Get Started

Overview

Features

Multi-Step Approval Workflows

Risk-Based Auto-Approval

Scheduled Deployments

Tamper Detection

Compliance Archival

OpenShift Console Integration

Use Cases

Production Change Control

Maintenance Window Enforcement

Multi-Team Governance

Custom Resources

Change

ManifestRequest

ApprovalWorkflow

ApprovalStep

ApproverSet

Example Workflow

Bring Enterprise Change Management to Your Cluster