User Guide
Cluster Controller Components
List of Components
The following table summaries the Cluster Controller components that are installed on users' clusters.
| Name | Description |
|---|---|
authtokenrefresher | Store and update a k8s secret containing the API access token |
clusteragent | Operator for VPA and namespace federation |
cluster-rightscaler-agent | Agent that performing Spot rebalancing |
cluster-watcher | Collect cluster/workload data and push to Global Controller |
connect-agent | Provide the secure session functionality |
kube-prometheus-stack | Kube Prometheus |
vpa | Forked version of Vertical Pod Autoscaler |
The installation of vpa, kube-prometheus-stack, and cluster-rightscaler-agent are optional.
Components in Details
authtokenrefresher
Auth Token Refresher creates and updates an access token used to make API calls to CloudNatix Global Controller.
The access token is stored as a K8s secret (access-token-secret) and used by other Cluster Controller components such as connect-agent.
clusteragent
Cluster Agent works as an operator for VPA and provides the following functionalities:
- Automatically creates a VPA for every workload with dry-run mode so that recommendations can be generated.
- Provides an easy way to manage the VPA mode with a workload annotation.
- Provides additional functionality that controls the VPA mode (e.g., do not allow pod eviction during midnight).
- Provides Prometheus metrics that are not available from OSS (e.g., pod eviction rate, saving predicted).
Cluster Agent is also responsible for namespace federation and RBAC management. When a user creates a federated namespace in Global Controller, Cluster Agent creates a corresponding namespace in the cluster.
cluster-rightscaler-agent
Cluster Rightscaler Agent performs Spot rebalancing so that the optimal number of On-demand nodes and Spot nodes are kept in the cluster. It monitors the cluster and triggers pod eviction and node drain if pods running on On-demand nodes can be moved to Spot nodes (and Cluster Autoscaler scales down the On-demand nodes).
Please see "Spot Optimization and Rebalancing" to know more details.
cluster-watcher
Cluster Watcher collects the cluster/workload data and push to Global Controller. The information Cluster Watcher collects includes:
- Metadata of the cluster and workloads from K8s API server
- Performance related metrics from Prometheus
- Compute instance metadata from CSP (e.g., EC2 instance metadata from AWS)
Please note that it does not collect any application data or sensitive data.
connect-agent
Connect Agent establishes a persistent connection to Global Controller to provide the secure zero trust access to Kubernetes clusters.
Please see "Secure Session and RBAC Management" for details.
kube-prometheus-stack
This installs the following components from Kube Prometheus:
- The Prometheus Operator
- Prometheus
- Prometheus node-exporter
kube-state-metrics
These are used by Cluster Watcher to collect performance metrics.
vpa
This is a forked version of Vertical Pod Autoscaler.
The additional features added to VPA include:
- Support of "Manual" mode where users can adjust the resource requests of workloads without modifying the actual spec of the workloads.
- Automatic capping of recommendations based on node capacity
- Automatic adjustments to startup probes
- Improved recommendations algorithm for avoiding startup failures.
Prometheus Metrics
clusteragent exposes the following Prometheus:
| Name | Description |
|---|---|
cloudnatix_vpa | Autopilot mode for workloads |
cloudnatix_vpa_recommendation | Recommended resource requests for workloads |
cloudnatix_workload_resource | Configured resource requests/limits for workloads |
cloudnatix_workload_monthly_spend | Monthly spend of workloads |
cloudnatix_workload_monthly_projected_saving | Projected monthly saving of workloads |
cloudnatix_pod_eviction_by_vpa | Number of pod evictions by VPA |
Grafana dashboards are availble from the following URLs: