DevZero Logo
DevZero

About the read-only operator

Everything you need to know about DevZero’s zxporter read-only operator.

About the Read-Only Operator

The DevZero read-only operator is a lightweight Kubernetes operator that links your Kubernetes cluster to the DevZero platform. It unlocks real-time insights into cost efficiency and enables you to optimize your infrastructure for cost savings. This guide covers what the operator does, how it works, and why it's a key part of your optimization workflow.

What is the DevZero Operator?

The DevZero zxporter operator is an open-source, read-only component that connects your Kubernetes cluster to the DevZero platform in a secure and efficient way. Its core responsibilities include:

  • Collecting metadata and resource usage for analysis
  • Powering real-time visibility into cluster utilization and cost
  • Enabling automated recommendations to optimize workloads

To get a list of the components it installs, see here.

Key benefits:

  • Read-only by design: It adheres to the principle of least privilege. It can't modify workloads or cluster settings.
  • Fully open-source: Hosted on GitHub, DevZero’s zxporter repo is publicly available so teams can audit or contribute as needed.
  • Actively maintained: We release regular updates to improve functionality and security.
  • Easily uninstallable: You can remove the operator and all associated resources with a single command.

What Data Does the DevZero Operator Access?

To provide actionable insights, the operator reads a minimal set of non-sensitive data. Specifically, it collects:

  • Cluster resources such as nodes, pods, and deployments
  • Select metadata from pods, deployments, daemon sets, and stateful sets
  • CPU, memory, and storage consumption data to identify underutilization

At any point, a user can modify what the DevZero operator collects.

How DevZero Handles Sensitive Data

Security is built into everything we do:

  • No access to secrets: The operator does not read secrets, config maps, or environment variables.
  • Sanitization by default: We automatically filter out known sensitive fields (e.g., passwords, tokens, keys) before analysis.
  • Secure by default: All data is transmitted over encrypted channels.
  • Certified compliance: DevZero is SOC 2 Type II compliant, with strong practices in place for data protection and auditability.

How the zxporter Operator Works and How to Use It

Step 1: Connect Your Cluster to DevZero

To get started, deploy the DevZero zxporter operator into your Kubernetes cluster. This lightweight, read-only operator enables secure communication between your cluster and the DevZero platform to power cost visibility and optimization insights.

Authentication is handled using scoped credentials tied to your organization. All communication is secured over encrypted channels, and no network-level changes (like firewalls or VPNs) are required. zxporter operates entirely at the application layer.

Step 2: View Cost and Optimization Insights

Once connected, DevZero analyzes your cluster’s resource usage and generates real-time insights via the platform dashboard. You can access:

  • Savings Opportunities: Identify underutilized workloads and get recommendations for requests/limit tuning.
  • Utilization Reports: See CPU, memory, and storage consumption across nodes and workloads.
  • Cluster Efficiency Scores: Measure how effectively your cluster resources are being used.

Step 3: Monitor Ongoing Usage and Apply Recommendations

zxporter continuously syncs non-sensitive resource metadata to keep insights up to date. You can use these insights to:

  • Automatically or manually implement optimization recommendations
  • Track historical utilization trends
  • Report on efficiency improvements over time