Skip to main content

Clusters

What is a Cluster

A cluster in OpsWorker represents a connected Kubernetes cluster that OpsWorker can investigate. Each cluster has an OpsWorker Kubernetes Agent installed and belongs to a workspace.

OpsWorker supports all major Kubernetes distributions:

  • Amazon EKS
  • Google GKE
  • Azure AKS
  • Self-hosted Kubernetes (kubeadm, k3s, Rancher, OpenShift)

Connection Model

OpsWorker uses an outbound-only connection model. The Kubernetes Agent inside your cluster initiates all communication — OpsWorker never connects inbound to your cluster.

sequenceDiagram
    participant Agent as K8s Agent (your cluster)
    participant SQS as AWS SQS
    participant OW as OpsWorker Cloud

    Agent->>SQS: Poll for commands (outbound HTTPS)
    OW->>SQS: Send investigation commands
    Agent->>SQS: Return collected data (outbound HTTPS)
    SQS->>OW: Deliver results

This means:

  • No inbound ports need to be opened on your cluster
  • No VPN or tunneling is required
  • No credentials for your cluster are stored in OpsWorker's cloud
  • Communication is encrypted via TLS over standard HTTPS (port 443)

Cluster Authentication

Each cluster is authenticated using a cluster token — a unique identifier generated when you add a cluster in the OpsWorker portal. This token is provided to the agent during Helm installation and authenticates all communication between the agent and OpsWorker.

Per-Cluster Integrations

Integrations are configured at the cluster level. Each cluster can have different integrations enabled:

  • Alert sources — Prometheus AlertManager, Grafana Alerting, Datadog
  • Observability — Grafana MCP (for dashboard/metric queries)
  • Code — GitHub, GitLab (for change correlation)

Cluster Status

The portal displays the connection status for each cluster:

StatusMeaning
ConnectedAgent is running and communicating with OpsWorker
DisconnectedNo communication from agent (check agent pod)
PendingCluster added but agent not yet installed

Next Steps