Governance-First KubeVirt VM Management Platform

KubeVirt Shepherd, also referred to as kv-shepherd or kubevirt-shepherd, is an open-source, governance-first management platform for KubeVirt virtual machines. It provides self-service VM lifecycle management with structured approval workflows, dual-layer RBAC, environment-scoped role bindings, and full audit trails across multiple Kubernetes/KubeVirt clusters. The project is released under Apache 2.0 at https://github.com/kv-shepherd/shepherd.

KubeVirt provides the core capability of running virtual machines on Kubernetes. Shepherd focuses on the operating model around those VMs: who can request them, who approves the change, how platform permissions are enforced, which clusters are available, and where the audit trail lives. Shepherd does not replace KubeVirt — it adds the governance layer required to operate KubeVirt in regulated, multi-team environments.

Yes, for teams that want VM governance without coupling to a specific commercial platform stack. Shepherd ships with native multi-cluster management (no RHACM required), built-in approval workflows, a request-approve-deliver self-service portal, platform-native audit trails, and zero vendor lock-in. It is Apache 2.0 licensed and runs on any Kubernetes distribution that meets the supported KubeVirt and Kubernetes baselines.

Shepherd is currently Alpha (current published prerelease: v0.1.1-alpha.8). The core governance paths — approval workflows, RBAC, audit trails, and VM lifecycle management — have been validated through internal production use in a financial-services Kubernetes/KubeVirt environment. The Alpha label is intentionally conservative while broader external feedback is gathered across different KubeVirt versions, storage classes, auth providers, and organization models.

You can explore the live online demo at https://demo.kv-shepherd.io without any installation. For self-hosting, four deployment paths are officially supported: (1) Helm chart for Kubernetes-native installs from kv-shepherd/helm-charts (recommended); (2) Docker Compose using published GHCR release images for VPS or production hosts; (3) local development from source via ./start-dev.sh; (4) Docker Compose source-build mode when you want to build images from a checkout. See docs/DEPLOYMENT.md for the full guide and security checklist.

Shepherd applies its approval workflow and audit trail to the full VM lifecycle: create, modify, power (start, stop, restart), delete, manifest export, and VNC/serial console entrypoints. Admin catalogs cover clusters, namespaces, templates, instance sizes, auth providers, rate limits, roles, and users.

Shepherd uses a Go backend (Gin, Ent and sqlc hybrid persistence, River Queue for PostgreSQL-native async execution), a single PostgreSQL 18 data store (no Redis, no external message queue), and a React 19 plus Next.js 16 web UI. The KubeVirt provider is aligned with KubeVirt v1.8.x and Kubernetes v1.34.x. Building from source requires Go 1.25.10 or newer and Node.js 22 or newer.

Shepherd ships with an Auth Provider Plugin SDK and supports LDAP, OIDC, and custom integrations. Sessions, login routes, and trust boundaries are treated as first-class security concerns and are continuously hardened — see CHANGELOG entries under the auth and security categories.

Yes. KubeVirt Shepherd is released under the Apache License 2.0 and developed in the open at https://github.com/kv-shepherd/shepherd. There is no paid tier and no vendor lock-in. Community channels include Discord (https://discord.gg/9P2wtpPMUe), GitHub Issues, and GitHub Discussions.