Skip to content

Nais Control plane

The NAIS control plane consist of two primary components, Fasit and naisd. Fasit and naisd communicate asynchronously via a pub/sub.

All components involved rely on Google Cloud's Identity and Access Management when communicating with each other.


Fasit is the primary configuration database for all clusters. It runs in a separate cluster in a separate project in a separate GCP organization where only NAIS personnel have access. All features, such as deployment or monitoring, are configured for each environment individually in fasit.


Naisd is a component that runs in each cluster and is responsible for applying and installing components.

How does it work?

When a feature is configured in fasit, it is ready to be applied to a cluster. Fasit sends a message with configuration and deployment instructions to a pub/sub-topic specific to the relevant cluster.

Each cluster has its own instance of naisd, and this instance is only allowed to subscribe to messages from the pub/sub-topic dedicated to that cluster. When the configuration is applied, naisd sends a status message to a central status topic. All instances of naisd are allowed to write status messages to this topic, but none are allowed to read from it.

Fasit reads all statuses from all clusters and use this information to give a complete overview of the entire ecosystem.

Last update: November 29, 2023
Created: November 29, 2023