ZopDay can now adopt the Helm apps already running on your clusters with zero redeploy, keeping the cluster read-only. ZopNight completes IAM Import with Azure, turns 28 idle recommendations into one-click cleanups, and attributes child-resource cost more accurately through tag inheritance. Azure VM deployment reaches parity with AWS and GCP, and the Architecture Canvas gains dark mode.
New ZopDay: import the Helm apps already running on your clusters into ZopDay's project, environment, and service model, with the cluster kept strictly read-only
Improved ZopNight: Azure IAM Import now goes end-to-end, joining AWS and GCP — built-in and custom roles are translated, and anything that cannot be mapped safely is flagged
Improved ZopNight: one-click cleanup for idle resources — 28 recommendations are now one-click (6 automatic, 22 guided), with idle managed databases getting a power-only pause
Improved ZopNight: more accurate cost attribution — untagged child resources inherit their parent's tags, marked with a green inherited badge
Improved ZopNight: the Architecture Canvas now fully supports dark mode, with smoother zoom and pan on large accounts
Improved ZopDay: build and deploy services onto Azure VMs, bringing Azure to parity with AWS and GCP for VM deployments
New Internal: a public liveness endpoint lets external uptime monitors confirm each service is up (ops-only, no customer-facing change)
IAM imports for AWS and GCP now translate cloud roles automatically, flagging only the actions that genuinely need review. Azure cost-anomaly detection extends to Resource Group and Tenant levels, thirteen more orphaned and idle resources clean up automatically, and the cloud-accounts page spells out each account's permission state. ZopDay adds full AWS VM provisioning and deployment.
Improved ZopNight: automatic IAM role translation for AWS and GCP imports, flagging only the actions that could not be translated for review
New ZopNight: Azure cost-anomaly detection now runs at the Resource Group and Tenant levels, not just the Subscription level
New ZopNight: 13 new orphan and idle cleanup rules with auto-remediation across AWS and Azure, now including free and zero-cost orphans
New ZopNight: the cloud-accounts page shows each account's permission state — Probe-blocked, Write access not set up, or Read-only — with guided fixes
New ZopDay: provision a complete AWS VM environment and deploy git- or image-based services onto it, with custom domains, HTTPS, and private registries
Improved ZopNight: app-wide tooltip polish, Cost Over Time from day 1, smarter Create Override defaults, and mobile sidebar scroll locking
ZopDay now deploys to VMs as a first-class target alongside Kubernetes: push code, the image builds, and the service runs behind a managed L4 load balancer with TLS ingress. VMs sit in private subnets with no open management ports, one VM can host many services, and the deployer now detects the environment variables a service needs during stack detection.
New ZopDay: deploy services to VMs alongside Kubernetes — push code, it builds, and runs behind a managed L4 load balancer with TLS-terminated ingress
New ZopDay: VMs run in private subnets with no external IP and no open management ports (control plane via Google IAP / AWS SSM / Azure Run-Command)
New ZopDay: one VM can host many services, custom domains attach from the UI with automatic DNS, and TLS is issued via Let's Encrypt
New ZopDay: a VM-pool detail page shows health, attached domains, live deployments, and provisioning history
Improved ZopDay: stack detection now reads the environment variables a service needs from the codebase and .env files and pre-fills the deploy wizard (Node.js, Python, Go, Java/Kotlin, Ruby, PHP)
When ZopNight can't read part of your cloud, the page that needs it now says so: Resources, Schedules, Recommendations, and Cost Reports each show a banner naming the missing access and what it would unlock, and a new View Permissions screen brings every permission ZopNight checks into one place, tracked per account, per region, and per cloud. GCP IAM import goes end-to-end, one-click storage-lifecycle remediation lands across all three clouds, and ZopDay gets a live Observability tab per service.
New ZopNight: per-page permission banners on Resources, Schedules, Recommendations, and Cost Reports name the specific access that's missing and the resources it would unlock
New ZopNight: a View Permissions screen brings every permission ZopNight checks into one place, grouped by feature and tracked per account, per region, and per cloud, so a partial setup is visible instead of rolled up to one status
New ZopNight: GCP IAM import end-to-end (mirroring AWS): one Cloud Asset Inventory call returns the project's IAM policy, service accounts are filtered out, and Google Group members can optionally be resolved via Cloud Identity
New ZopNight: GCP onboarding gets a dedicated BigQuery cost-export step, also offered as a one-click fix when GCP cost data is missing after onboarding
New ZopNight: one-click storage-lifecycle remediation across all three clouds: move GCS buckets, S3 buckets, and Azure storage accounts to colder tiers at 30 and 90 days. Transitions are lossless (no delete), with an Adopt / Replace toggle and full Restore
New ZopDay: a live Observability tab on the service drawer: replica count, restarts, per-replica CPU / memory, HPA targets, scoped events, and a multi-replica log button, with progressive loading per card
Every ZopDay surface (projects, environments, deployments, provisioning, spaces, and remediation) is now gated by the same permission engine that protects ZopNight. Buttons a user can't use are disabled with a clear tooltip, and restricted pages show a single access screen instead of leaking structure. The Overrides page now paginates and sorts at scale, and IAM import cleanly separates linked from newly imported users.
New ZopDay: role-based access control across every surface, using the same permission engine as ZopNight; restricted mutations are disabled with an Ask your admin tooltip and restricted pages show a single Access restricted screen. No org-side reconfiguration required
Improved ZopNight: the Overrides page under a schedule group now paginates and sorts server-side, so the full list pages through regardless of size
Improved ZopNight: Manage IAM now distinguishes linked existing users from newly imported users, with a new Roles section and a jump into Roles
Improved ZopNight & ZopDay: removed the redundant manual Sync buttons now that discovery is fully automatic (a Refresh control remains on the Resources page)
ZopNight discovery now covers AWS IAM users, groups, roles, and policies alongside cloud resources, searchable on the Inventory page. ZopDay deploys get materially more reliable: Settings values now actually reach running pods, private-registry image pulls work on every cluster including bring-your-own, and the deploy wizard rejects invalid Dockerfiles before submit.
New ZopNight: import AWS IAM users, groups, roles, and policies into discovery, retaining their role and permission shape and searchable on the Inventory page next to compute and storage (GCP and Azure IAM next)
Improved ZopDay: Settings values (env vars, replicas, port, liveness path, CPU / memory caps) now reliably apply to the running service instead of being dropped at install
Improved ZopDay: private-registry image pulls now work on every cluster, including bring-your-own clusters with no cloud identity tied to a registry
Improved ZopDay: Azure AKS clusters bind the org's default registry at provision time, so the first deployment doesn't fail on an image pull
ZopDay can now view, edit, and create 20+ Kubernetes resource kinds directly, in a schema-driven form or raw YAML, with a side-by-side diff before any change is applied and per-action RBAC. Live pod logs stream in a terminal viewer with JSON level coloring. ZopNight adds a per-account cloud spend breakdown on the dashboard and a much cleaner architecture canvas for Kubernetes.
New ZopDay: view, edit, and create 20+ Kubernetes resource kinds (Deployments, StatefulSets, Pods, Services, ConfigMaps, Ingresses, HPAs, PVCs, CronJobs, NetworkPolicies, PDBs, and more) via a schema-driven form or raw YAML, with a side-by-side diff confirmation before any change, per-action access control, and per-cluster write rate limits; cluster-scoped destructive actions are blocked outright
New ZopDay: live pod logs in a dark terminal viewer with structured JSON level coloring, per-pod toggle chips, a Jump to live button, and a 5,000-line buffer, on Deployments, StatefulSets, DaemonSets, ReplicaSets, and Jobs
Improved ZopNight: Cloud Spend Portfolio: expand each provider card on the dashboard into per-cloud-account rows, with a two-layer donut, to spot which account is driving spend without leaving the page
Improved ZopNight: a cleaner Kubernetes architecture canvas showing cluster -> node pool -> nodes by default, filtering out ~85% of metadata nodes and removing duplicate node VMs
Improved ZopNight: Blast Radius opens faster with a standardized risk score and clear low / medium / high / critical tiers, and ownership counts are accurate on large orgs
Improved ZopNight: Azure AKS clusters using Entra ID + Azure RBAC no longer need kubeconfig changes; all three AKS auth modes are supported
Improved ZopNight: dashboard polish: Monthly savings renamed to Potential savings, and Cost Flow callouts respect your org currency preference
Kubernetes scheduling now works at the namespace boundary across EKS, GKE, and AKS: stop scales workloads to zero, suspends CronJobs, and saves the full state to replay on start. Auto-remediation gains a Resize action with five new right-size rules, and the platform now records true peak and trough metrics so bursty workloads aren't smoothed away into unsafe rightsizing.
New Namespace-level start / stop across EKS, GKE, and AKS: stop scales Deployments and StatefulSets to zero, suspends CronJobs, and snapshots replicas, HPA, and PDB to replay on start; system namespaces are protected at both discovery and execution
New Auto-remediation adds Resize, five new right-size rules: AWS Lambda memory, AWS EC2 instance type, AWS EBS IOPS / throughput, GCP machine type, and Azure VM SKU
Improved The Use existing VPC wizard now explains why a VPC is unselectable (needs at least one subnet and one NAT gateway) and offers a one-click Create new VPC instead
Improved Provisioner cluster jobs complete about 5 minutes faster by chaining quick steps within a single cycle
Before acting on a recommendation, open a Blast Radius overlay on the architecture canvas to see every connected resource (attached volumes, load balancers, downstream replicas, triggers, and owning teams or schedules) with a 0-100 risk score. Auto-remediation adds delete as a fourth action across nine more resource types, every certified recommendation now has a working Remediate button, and ZopDay's Connect to Space works on datastores you brought yourself.
New Blast Radius: preview the full impact of a recommendation on the architecture canvas (connected volumes, load balancers, replicas, triggers, and owning teams and schedules) with a 0-100 risk score weighted by environment, number of connections, ownership, and active schedules
New Auto-remediation adds delete as a fourth action across nine more types: EBS volumes and snapshots, GCP and Azure disks and snapshots, CloudWatch alarms, Elastic IPs, Azure Recovery vaults, and GCP Workbench instances (deletes are permanent and route to an admin for approval)
New ZopDay: Connect to Space now works on any datastore you already have, not just those ZopDay provisioned: pick a secret from AWS Secrets Manager, GCP Secret Manager, or Azure Key Vault, or paste credentials; ZopDay never deletes a cloud resource you brought in
Improved Every recommendation drawer now has one primary action in one place: Remediate for auto-remediable and schedule recs, Open in Console for advisory recs
Improved 44 remediation how-to instructions corrected across AWS, GCP, and Azure against current vendor documentation
ZopDay now provisions the right networking primitive automatically when connecting a datastore across VPCs: AWS and GCP peering, and Private Service Connect for Cloud SQL. The Event Readiness wizard shows a live current-vs-event cost preview, a round of autoscaler, Cost Flow, and dashboard polish lands, and six rightsizing rules that were still estimating savings now price against live cloud rates.
New ZopDay: cross-VPC datastore connectivity provisions the correct primitive automatically: AWS cross-region VPC peering, GCP VPC peering with custom-route exchange, and Private Service Connect for Cloud SQL
New ZopNight: a live cost preview in the Event Readiness wizard: current cost vs estimated event cost, per hour and per window, matching exactly what gets persisted
Improved ZopNight: the Autoscaler form is clearer: an explicit Autopilot / Manual choice, a directory-style resource picker, a single-toast Save & apply, Retry on failed policies, and per-field validation that never disables Next silently
Improved ZopNight: Event Readiness adds a scaled-up time-impact tile, real-delta cost, and clearer policy badges in place of confusing text suffixes
Improved ZopNight: Cost Flow (Sankey) polish: top-N rollups with click-to-expand, an always-on Unattributed highlight, and an auto-derived Insights strip above the chart
Improved ZopNight: dashboard widget polish across Budget Health, Upcoming Actions, Schedule Execution, and Tag / Team Cost
Improved ZopNight: Kubernetes activity events (warnings and pod restarts) are now fetched on EKS and AKS, not just GKE
ZopNight introduces end-to-end auto-remediation. Click Remediate on a cost recommendation and the platform checks live cloud state, optionally routes to an admin for approval, performs the action, and validates the result, with 20 rules certified end-to-end on real AWS, GCP, and Azure. This release also adds 123 Kubernetes workload recommendations and names the exact target SKU on every rightsizing recommendation, pricing savings against live cloud rates.
New Auto-Remediation: click Remediate on a recommendation to stop compute, scale a service to zero, or pause it, with a live precondition check, optional admin approval, and result validation (20 rules certified across AWS, GCP, and Azure; errors grouped into clear categories)
New 123 Kubernetes workload recommendations across EKS, GKE, and AKS covering reliability (missing requests / limits, single replica without an HPA, missing probes), security (privileged or root containers, missing TLS), idle and orphaned workloads, and rightsizing
Improved Every rightsizing recommendation now names a concrete target SKU (downsize to m5.large, step db.t3.medium -> db.t3.small) and prices savings as current minus target from live cloud rates. If a target isn't priceable in the region, the recommendation is skipped rather than shown with a guessed number
Improved Live per-container metrics extended to the Deployments, StatefulSets, DaemonSets, and ReplicaSets detail drawers
Improved ZopDay: Add Existing clusters (EKS, GKE, AKS) now work end-to-end for component installs, datastore connections, and database provisioning
Improved ZopDay: cluster reachability is now persisted and gates actions: a definitively unreachable cluster disables Sync, Connect Datastore, and Install, while transient blips are retried silently
Improved ZopDay: database creation now runs inside your own cluster, so master credentials never leave it and ZopDay needs no outside network path to your datastore (MySQL, PostgreSQL)
Cost Reports gains a business denominator. Pin a metric like Monthly Active Users, API Requests, Completed Transactions, or Signups, and the Cost Over Time chart adds a second axis showing cost per unit, so you can finally answer whether a rising bill means you're growing or getting less efficient. Feed the metric by CSV upload or a daily pull from your own HTTPS endpoint. Live per-container CPU and memory charts also land on every Kubernetes detail page.
New Unit economics in Cost Reports: overlay cost per Monthly Active User, Daily Active User, API request, completed transaction, or signup, org-wide or scoped to a single team
New Feed unit metrics by CSV upload (date,value) or a daily authenticated pull from your own HTTPS endpoint, with a Test fetch button to verify connectivity before the daily sync runs
New Live per-container CPU and memory bar charts on every pod, deployment, daemonset, statefulset, and replicaset detail drawer, with the configured request and limit overlaid as reference lines
Improved ZopDay: the home page loads faster on large orgs: project stats now load in a single batched call instead of one request per project
Get release notes in your inbox.
We ship every two weeks. Subscribe to receive a short summary of what's new, no marketing, just the changelog in email form.