← Back to the blog
KubeBolt is Apache 2.0, open source first
KubeBolt

We Built KubeBolt Open Source First

Open source isn't just a go-to-market for infrastructure tools — it's a covenant with your users. Why we shipped KubeBolt as Apache 2.0 and what we promise stays that way.

  • Open source

We shipped KubeBolt as open source before we shipped a single paid feature. Not as a growth hack, and not because “open source is good marketing” — but because for infrastructure tools specifically, anything else is a bad deal for the people who’d run it. This is the reasoning, and the promises that come with it.

Closed infrastructure is a bet you can lose

When you adopt a closed infrastructure product, you’re not just buying software — you’re betting your operations on a roadmap and a license you don’t control. That bet has gone badly, publicly, more than once:

  • In 2023, HashiCorp relicensed Terraform and its other tools from MPL to the Business Source License. Tools the community had built on for a decade were suddenly non-open. The community forked Terraform into OpenTofu within weeks.
  • In 2021, Elastic moved Elasticsearch off Apache 2.0 to the SSPL. AWS forked it into OpenSearch.

The lesson isn’t “those companies are evil.” It’s that when the license can change under you, your infrastructure has a single point of failure that has nothing to do with your code. For something as load-bearing as how you operate your cluster, that risk is unacceptable — and it’s exactly the risk we didn’t want to ask anyone to take.

Our promise

So here’s the explicit part. The KubeBolt agent is Apache 2.0, and the OSS feature set stays open. Concretely:

  • The things that ship in OSS today — the Insights Engine, 30+ resource views, the write-ops surface (set image, scale, drain, apply, with RBAC and audit), multi-cluster, the AI Copilotdon’t get moved behind a paywall later. Open features stay open.
  • The license doesn’t quietly become “open-ish.” Apache 2.0 means you can run it, fork it, and depend on it without asking us.

A promise is only worth the specifics behind it, which is why we draw the line clearly rather than leaving “what’s free forever” vague.

Where the line actually is: Copilot vs Autopilot

Open core only works if the split is honest. Ours follows the level of autonomy:

  • Copilot (Kobi) is OSS. The assistant that reads your cluster, finds root cause, and executes the fix you approve is in the open-source product. Human-in-the-loop resolution is not a premium feature.
  • Autopilot is the commercial layer. Fully autonomous remediation — the system that wakes on its own, acts within guardrails, and writes the postmortem without a human in the loop — is where KubeBolt Cloud earns its keep, along with the hosted, multi-region operation that running unattended automation safely actually requires.

The test we hold ourselves to: an individual SRE or a small team gets a genuinely useful, complete tool for free. You pay when you want the cluster to run itself — a capability that costs us real money (LLMs, multi-region failover, the operational burden of acting without supervision) to provide.

How we monetize without taxing the community

We make money from three things, none of which take features away from OSS users:

  1. Managed operation — hosted KubeBolt Cloud so you don’t run the control plane yourself.
  2. Advanced autonomy — Autopilot and the lifecycle automation that depend on hosted infrastructure.
  3. Enterprise needs — SSO, advanced RBAC, audit, and the support that organizations require.

The OSS user isn’t a freeloader to be converted; they’re the foundation. If the free product is excellent, some fraction will grow into needs only the paid layer serves. That’s the whole model.

This pattern works — when you respect it

Open core isn’t defensible just because it’s open. The companies that got it right share a discipline: the open product is genuinely complete, and the paid layer solves a different problem rather than crippling the free one.

  • GitLab gives away an enormous amount and charges for scale, compliance, and team workflows.
  • Sentry is open and self-hostable; most teams happily pay for the hosted version anyway.
  • PostHog uses open source as a wedge, not as a hostage negotiation.

The anti-pattern is the “open core” that’s really a crippled demo — just enough to get you in the door, with every useful feature gated. That erodes the exact trust open source is supposed to build. We’d rather under-monetize the OSS edge than play that game.

Why this matters for you

If you’re evaluating infrastructure tooling, the license is part of the product. Closed tools can change the terms; a permissively licensed, forkable tool can’t be taken away from you. That’s not idealism — it’s risk management for something your production depends on.

KubeBolt is Apache 2.0, runs in under two minutes, and the code is on GitHub. Read it, run it, fork it if you ever need to. That option — the one you hopefully never have to use — is the whole point.