CloudNatix logo

User Guide

Cluster Controller Components

List of Components

The following table summaries the Cluster Controller components that are installed on users' clusters.

authtokenrefresherStore and update a k8s secret containing the API access token
clusteragentOperator for VPA and namespace federation
cluster-rightscaler-agentAgent that performing Spot rebalancing
cluster-watcherCollect cluster/workload data and push to Global Controller
connect-agentProvide the secure session functionality
kube-prometheus-stackKube Prometheus
vpaForked version of Vertical Pod Autoscaler

The installation of vpa, kube-prometheus-stack, and cluster-rightscaler-agent are optional.

Components in Details


Auth Token Refresher creates and updates an access token used to make API calls to CloudNatix Global Controller.

The access token is stored as a K8s secret (access-token-secret) and used by other Cluster Controller components such as connect-agent.


Cluster Agent works as an operator for VPA and provides the following functionalities:

  • Automatically creates a VPA for every workload with dry-run mode so that recommendations can be generated.
  • Provides an easy way to manage the VPA mode with a workload annotation.
  • Provides additional functionality that controls the VPA mode (e.g., do not allow pod eviction during midnight).
  • Provides Prometheus metrics that are not available from OSS (e.g., pod eviction rate, saving predicted).

Cluster Agent is also responsible for namespace federation and RBAC management. When a user creates a federated namespace in Global Controller, Cluster Agent creates a corresponding namespace in the cluster.


Cluster Rightscaler Agent performs Spot rebalancing so that the optimal number of On-demand nodes and Spot nodes are kept in the cluster. It monitors the cluster and triggers pod eviction and node drain if pods running on On-demand nodes can be moved to Spot nodes (and Cluster Autoscaler scales down the On-demand nodes).

Please see "Spot Optimization and Rebalancing" to know more details.


Cluster Watcher collects the cluster/workload data and push to Global Controller. The information Cluster Watcher collects includes:

  • Metadata of the cluster and workloads from K8s API server
  • Performance related metrics from Prometheus
  • Compute instance metadata from CSP (e.g., EC2 instance metadata from AWS)

Please note that it does not collect any application data or sensitive data.


Connect Agent establishes a persistent connection to Global Controller to provide the secure zero trust access to Kubernetes clusters.

Please see "Secure Session and RBAC Management" for details.


This installs the following components from Kube Prometheus:

  • The Prometheus Operator
  • Prometheus
  • Prometheus node-exporter
  • kube-state-metrics

These are used by Cluster Watcher to collect performance metrics.


This is a forked version of Vertical Pod Autoscaler.

The additional features added to VPA include:

  • Support of "Manual" mode where users can adjust the resource requests of workloads without modifying the actual spec of the workloads.
  • Automatic capping of recommendations based on node capacity
  • Automatic adjustments to startup probes
  • Improved recommendations algorithm for avoiding startup failures.

Prometheus Metrics

clusteragent exposes the following Prometheus:

cloudnatix_vpaAutopilot mode for workloads
cloudnatix_vpa_recommendationRecommended resource requests for workloads
cloudnatix_workload_resourceConfigured resource requests/limits for workloads
cloudnatix_workload_monthly_spendMonthly spend of workloads
cloudnatix_workload_monthly_projected_savingProjected monthly saving of workloads
cloudnatix_pod_eviction_by_vpaNumber of pod evictions by VPA

Grafana dashboards are availble from the following URLs:

CLUI & Keyboard Shortcuts
Updating CloudNatix Cluster Controller