A safety envelope you can audit in the source.

Set cloud.enabled=false and CHA runs entirely in your cluster with zero external dependency. The K8s-native value (probes, fixers, ticketing) is unchanged. Verifiable in helm template output.

No vendor SaaS. No telemetry exfiltration. CHA runs the same way in EU sovereign clouds, FedRAMP-trackable workloads, and on-prem regulated environments as it does on public EKS / GKE / AKS.

Every M1 / M2 cloud probe uses workload-identity-scoped read-only IAM. Cloud-resource mutation is deliberately deferred to M4 with a separate signed-approval envelope. Read the IAM policies in the Helm chart.

The OSS fixer set is exactly five named actions: StaleErrorPods, StuckJobsWithBadSecretRef, StuckRSPods, StuckCertificateRequests, TLSSecretMismatch. Each fixer is opt-in via Helm flag. Protected namespaces are allowlisted out by default.

AI-tier fix proposals require human approval via signed-JWT URLs delivered to Slack or ticket. The approval-server enforces signature, expiry, and one-time-use. Without the click, nothing mutates.

Run --dry-run to log every fix CHA would have applied without applying it. The fix log is identical to production mode minus the mutation. Use this in your eval cycle before flipping fixers on.

Apache-2.0 source. Helm-rendered RBAC visible before install. DriftReport CRs are first-class audit objects. Loki / OTLP sinks for compliance pipelines (paid).

IRSA on EKS, Workload Identity on GKE, AAD Workload Identity on AKS. No long-lived cloud credentials in CHA. Same IAM your cluster already uses — same audit trail.