DEV Community: Simone Morellato

Sveltos Quick Start

Simone Morellato — Thu, 25 Sep 2025 03:40:53 +0000

In this post, we’ll walk through how to set up Sveltos, create a vCluster, and register it with Sveltos. By the end, you’ll have a working setup where you can manage a vCluster just like any other cluster in your fleet.

Prerequisites

Install sveltosctl CLI

curl -L https://github.com/projectsveltos/sveltosctl/releases/latest/download/sveltosctl-darwin-amd64 -o sveltosctl
chmod +x sveltosctl
sudo mv sveltosctl /usr/local/bin/

This tool will help us generate manifests for cluster registration and interact with Sveltos.

Install Helm (if not already installed) Follow Helm installation docs.

Step 1: Deploy Sveltos

Install Sveltos in the management cluster:

helm repo update && helm upgrade --install sveltos projectsveltos/projectsveltos --namespace projectsveltos --create-namespace

Verify deployment:

helm list -n projectsveltos
kubectl get pods -n projectsveltos

At this point, Sveltos CRDs and the controller should be active in your cluster.

Step 2: Deploy the Dashboard (Optional)

For visualization and management through UI:

helm install sveltos-dashboard projectsveltos/sveltos-dashboard -n projectsveltos
helm list -n projectsveltos
kubectl port-forward service/dashboard -n projectsveltos 8080:80

Access the dashboard at: http://localhost:8080/login

Create an admin service account and token:

kubectl create sa platform-admin -n default
kubectl create clusterrolebinding platform-admin-access --clusterrole cluster-admin --serviceaccount default:platform-admin
kubectl create token platform-admin -n default --duration=24h

Use the token to log into the dashboard.

Step 3: Create a vCluster

Create a new virtual cluster:

vcluster create my-vcluster --namespace my-team

Disconnect once created:

vcluster disconnect

Step 4: Register vCluster with Sveltos

Here’s where the integration happens.

Generate a SveltosCluster manifest for the vCluster:

sveltosctl register cluster   --namespace=monitoring   --cluster=vcluster   --pullmode   --labels=environment=production,tier=backend   > sveltoscluster_registration.yaml

This creates the YAML that describes your vCluster as a managed entity in Sveltos.

Connect to the vCluster:

vcluster connect my-vcluster --namespace my-team

Apply the registration YAML inside the vCluster:

kubectl apply -f sveltoscluster_registration.yaml

✅ And that’s it! 🎉 Your vCluster is now registered with Sveltos.

What’s Next?

With your vCluster registered, you can now:

Apply ClusterProfiles to define policies and workloads.
Use drift detection to ensure your vCluster stays compliant.
Manage add-ons (like monitoring stacks) consistently across environments.

Instead of treating vClusters as temporary or “disposable,” you’ve elevated them to first-class citizens in your multi-cluster strategy.

Registering a vCluster Kubernetes clusters with Sveltos: A Quick Start Guide

Simone Morellato — Fri, 12 Sep 2025 03:53:45 +0000

Modern Kubernetes environments are rarely static. Teams spin up clusters for testing, staging, and production workloads. Sometimes these clusters are physical, sometimes managed by cloud providers, and increasingly, they’re virtual clusters (vClusters).

If you’ve ever wanted to manage multiple clusters—including vClusters with a consistent approach, Sveltos can help. Sveltos is a powerful open-source project that simplifies cluster lifecycle management, configuration drift detection, and workload deployment across fleets of clusters.

Prerequisites

Install sveltosctl CLI

curl -L https://github.com/projectsveltos/sveltosctl/releases/latest/download/sveltosctl-darwin-amd64 -o sveltosctl
chmod +x sveltosctl
sudo mv sveltosctl /usr/local/bin/

This tool will help us generate manifests for cluster registration and interact with Sveltos.

Install Helm (if not already installed) Follow Helm installation docs.

Step 1: Deploy Sveltos

Install Sveltos in the management cluster:

helm repo add projectsveltos https://projectsveltos.github.io/helm-charts && \
helm repo update && \
helm upgrade --install sveltos projectsveltos/projectsveltos --namespace projectsveltos --create-namespace

Verify deployment:

helm list -n projectsveltos
kubectl get pods -n projectsveltos

At this point, Sveltos CRDs and the controller should be active in your cluster.

Step 2: Deploy the Dashboard (Optional)

For visualization and management through UI:

helm install sveltos-dashboard projectsveltos/sveltos-dashboard -n projectsveltos
helm list -n projectsveltos
kubectl port-forward service/dashboard -n projectsveltos 8080:80

Access the dashboard at: http://localhost:8080/login

Create an admin service account and token:

kubectl create sa platform-admin -n default
kubectl create clusterrolebinding platform-admin-access --clusterrole cluster-admin --serviceaccount default:platform-admin
kubectl create token platform-admin -n default --duration=24h

Use the token to log into the dashboard.

Step 3: Create a vCluster

Create a new virtual cluster:

vcluster create my-vcluster --namespace my-team

Disconnect once created:

vcluster disconnect

Step 4: Register vCluster with Sveltos

Here’s where the integration happens.

Generate a SveltosCluster manifest for the vCluster:

sveltosctl register cluster   --namespace=monitoring   --cluster=vcluster   --pullmode   --labels=environment=production,tier=backend   > sveltoscluster_registration.yaml

This creates the YAML that describes your vCluster as a managed entity in Sveltos.

Connect to the vCluster:

vcluster connect my-vcluster --namespace my-team

Apply the registration YAML inside the vCluster:

kubectl apply -f sveltoscluster_registration.yaml

✅ And that’s it! 🎉 Your vCluster is now registered with Sveltos.

What’s Next?

With your vCluster registered, you can now:

Apply ClusterProfiles to define policies and workloads.
Use drift detection to ensure your vCluster stays compliant.
Manage add-ons (like monitoring stacks) consistently across environments.

Instead of treating vClusters as temporary or “disposable,” you’ve elevated them to first-class citizens in your multi-cluster strategy.

Sveltos vs Terraform: Friends, Not Rivals, in the Cloud-Native World

Simone Morellato — Fri, 05 Sep 2025 16:02:36 +0000

Introduction

When you’re managing modern infrastructure, chances are you’ve encountered Terraform. It’s the industry-standard tool for provisioning and managing infrastructure across clouds.

But what happens once you’ve stood up your Kubernetes clusters? You still need to manage add-ons, policies, and application lifecycles across potentially dozens—or hundreds—of clusters. That’s where Sveltos comes in.

In this post, we’ll explore how Sveltos and Terraform compare, their key differences, and why they’re actually complementary tools rather than competitors.

Terraform at a Glance

Terraform, by HashiCorp, is designed to provision and manage infrastructure through a declarative model. You describe resources in HCL (HashiCorp Configuration Language), run terraform apply, and Terraform ensures those resources exist.

Typical Terraform responsibilities include:

Creating Kubernetes clusters (EKS, GKE, AKS).
Provisioning VMs, networking, databases, IAM roles.
Managing multi-cloud environments with a unified language.

It’s infrastructure plumbing—the foundational layer you need before workloads can run.

Sveltos at a Glance

Sveltos is a Kubernetes-native controller that automates add-on and configuration management across multiple clusters. Instead of worrying about how to bootstrap Prometheus, Istio, or policy engines into every new cluster, you let Sveltos handle it.

Key Sveltos capabilities include:

Deploying Helm charts, YAML manifests, or GitOps-managed resources across clusters.
Continuously reconciling declared state (no “drift” until your next CLI run).
Targeting clusters dynamically using labels or cluster events.
Multi-tenancy and RBAC-aware distribution of add-ons.

In short: Terraform builds the cluster, Sveltos keeps it running the way you want.

Similarities Between Sveltos and Terraform

At first glance, Sveltos and Terraform seem similar. Both are:

Declarative: You describe the desired state, and the tool ensures reality matches it.
Multi-cluster aware: Both can operate across many clusters/environments.
Automation-friendly: Each can be embedded in CI/CD pipelines or GitOps workflows.
Extensible: Terraform through providers, Sveltos through templates and Kubernetes-native integrations.

These shared principles can sometimes make them look like competitors. But the details reveal a different story.

Key Differences

Aspect	Scveltos	Terraform
Primary Focus	Kubernetes add-ons, manifests, Helm charts, and policies	Cloud infrastructure (VMs, networks, IAM, clusters)
Execution Model	Runs as a controller inside Kubernetes, continuously reconciling	CLI-based, executes when you run `apply`
State Management	Uses Kubernetes API (etcd) as the source of truth	Requires a state file (local or remote backend)
GitOps Alignment	Natively integrates with Argo CD and Flux	Needs external tooling (Atlantis, Argo plugins)
Scope	Application/config lifecycle in K8s	Infrastructure lifecycle across clouds
Real-time Updates	Reacts automatically to cluster labels, resource changes, or events	Must be triggered manually (CI/CD pipeline or CLI)

So while both use declarative models, Terraform’s natural home is in infrastructure provisioning, while Sveltos shines in ongoing Kubernetes cluster management.

A Real-World Workflow: Better Together

Here’s where things get exciting: Sveltos and Terraform are not mutually exclusive—they’re perfect partners.

Imagine you’re setting up a new environment for your engineering team:

Terraform phase:
- Provision a new EKS cluster.
- Configure networking, IAM roles, and storage.
- Output cluster credentials.
Sveltos phase:
- Detect the new cluster automatically (via Cluster API or registration).
- Apply a ClusterProfile that installs:
  - Prometheus & Grafana for monitoring.
  - Kyverno for policy enforcement.
  - Fluent Bit for logging.
- Keep these add-ons up to date as versions evolve.

The result? Terraform gets the cluster online, Sveltos keeps it healthy and consistently configured.

Conclusion

Terraform and Sveltos address different but complementary layers of the cloud-native stack. Terraform is your builder—it lays down the infrastructure foundations. Sveltos is your caretaker—it ensures Kubernetes clusters remain properly configured, consistent, and secure over time.

If you’re already using Terraform, you don’t need to replace it with Sveltos. Instead, think of Sveltos as the natural next step for multi-cluster Kubernetes environments. Together, they give you the power to manage both where your clusters run and how they run.

✨ Want to try it out? You can:

⭐ Star the project on GitHub: sveltos-addon-controller
💬 Visit the Website

What are the benefits of using Sveltos versus the traditional ArgoCD/Flux GitOps flow?

Simone Morellato — Sun, 13 Jul 2025 17:36:08 +0000

A common GitOps workflow looks like this:

Create your new cluster
Add it as a new target in your GitOps repo
Install ArgoCD or Flux on the cluster (via CI/CD or prebuilt image)
The GitOps controller begins syncing
🎉 Your cluster is now bootstrapped

This works, but Sveltos offers significant advantages that improve this flow — especially at scale.

🔄 1. Cluster Lifecycle Awareness

ArgoCD/Flux:

Requires manual registration of each new cluster.
Not aware of when new clusters are created.

Sveltos:

Watches the management cluster (via Cluster API).
Automatically discovers and registers new clusters.
No manual onboarding needed — everything is event-driven.

⚙️ 2. Push-Based vs Pull-Based Model

ArgoCD/Flux:

Pull-based model: each cluster must pull from Git.
Requires network, CNI, and GitOps controller to already be working.

Sveltos:

Push-based model from management cluster.
Can apply workloads even if the cluster is bare and empty.
Ideal for bootstrapping core components (CNI, CSI, etc.).

🌐 3. Declarative Targeting with ClusterProfile

ArgoCD/Flux:

Targeting clusters involves naming them or templating paths.
Config must be manually updated per cluster.

Sveltos:

Uses ClusterProfile + ClusterSelector to apply config to matching clusters.
Label-driven targeting (e.g., env=prod, region=us-east) is native.
Zero additional config for new clusters if they match a selector.

🧩 4. Works With ArgoCD/Flux — Not Against Them

You don't have to choose!

Sveltos can install and configure ArgoCD/Flux into your clusters as part of a ClusterProfile.

Use Sveltos to bootstrap infra-level components.
Then hand off to ArgoCD/Flux for app-level GitOps.

Best of both worlds.

🚀 5. Fast, Scalable Multi-Cluster Rollouts

Update a ClusterProfile → change rolls out to all matching clusters.
Supports drift detection and reconciliation.
Ideal for managing 10s to 100s of clusters with consistent and declarative policies.

🛠️ 6. Simplified CI/CD Flow

Traditional GitOps flow:

CI/CD provisions cluster
CI/CD installs GitOps controller
GitOps controller bootstraps cluster

With Sveltos:

CI/CD provisions cluster
Sveltos detects it and pushes configuration

Fewer moving parts = less surface for failure

✅ Comparison Table

Feature	ArgoCD/Flux Only	Sveltos
Auto cluster discovery	❌ Manual	✅ Yes
Works without in-cluster agent	❌ No	✅ Yes
Ideal for bootstrapping infra	⚠️ Fragile	✅ Robust
Push model support	❌ No	✅ Yes
Per-cluster targeting	Manual	Declarative via selectors
Scaling to 100s of clusters	Painful	✅ Designed for it

🙌 Final Thoughts

If you're working with:

Many clusters (fleet, edge, dev/test, multi-region)
Dynamic cluster lifecycles
A need for fast, reliable infra-level bootstrapping

Then Sveltos is the better fit for managing infrastructure GitOps workflows. ArgoCD/Flux are still great — but Sveltos complements and enhances them beautifully.

💬 Community & Contributions Welcome!

We’d love your feedback, questions, and contributions:

Useful Links:

Website: https://sveltos.projectsveltos.io/
GitHub Repository: https://github.com/projectsveltos
Join our Slack Community: https://projectsveltos.slack.com/
Documentation: https://projectsveltos.github.io/sveltos/latest/

How to Install Wiz with Sveltos: A Smarter Way to Automate Multi-Cluster Security on AKS

Simone Morellato — Sun, 13 Jul 2025 03:09:17 +0000

What this post is about

Learn how to install the Wiz admission controller across multiple AKS clusters using Sveltos. Automate deployments, enhance security posture, and simplify multi-cluster management.

Introduction

If you're managing Kubernetes clusters at scale, especially on Azure Kubernetes Service (AKS) you already know that deploying tools like Wiz across every environment can become a tedious, error-prone chore. Manually configuring CRDs, syncing admission controllers, and verifying consistency across dozens of clusters isn’t just inefficient—it’s risky.

That’s where Sveltos comes in. Built for declarative, GitOps-style multi-cluster management, Sveltos makes it seamless to deploy the Wiz admission controller to any number of clusters with minimal effort. In this post, we’ll walk you through how to install Wiz with Sveltos, using AKS as the target platform, and show you why this method is fast becoming a best practice for DevOps and platform teams.

Why Automate Wiz Deployment Across AKS Clusters?

Manually installing the Wiz admission controller on every AKS cluster involves repeating the same steps: applying CRDs, creating Kubernetes resources, managing versions, and monitoring rollouts. This quickly becomes unsustainable.

Here’s why automation matters:

Scale: Enterprise environments often run dozens or even hundreds of AKS clusters. Manual steps don't scale.
Security: Inconsistent installations leave gaps in your security posture.
Time-saving: Automating with Sveltos reduces operational toil.
Reliability: Declarative state ensures all clusters stay in sync—always.

According to a 2024 CNCF report, 65% of organizations now operate multiple Kubernetes clusters and over half of those cite add-on management as a key pain point. Sveltos directly addresses that.

What Is Sveltos?

Sveltos is an open-source Kubernetes controller that enables automated deployment of resources—like Helm charts, YAML manifests, and CRDs—across multiple clusters. Unlike tools like ArgoCD and Flux, which focus on single-cluster GitOps, Sveltos excels at multi-cluster, label-based resource targeting.

Key features:

Works alongside Cluster API or Sveltos-managed clusters
Declarative resource sync using ClusterProfile
Target clusters using label selectors
Native support for CRDs, Helm, and Kustomize
Observability via ClusterSummary and ClusterReport

Step-by-Step: Installing Wiz Admission Controller Across All Clusters

Label All Target Clusters Ensure each cluster you want to target has a label. Example:

metadata:
  labels:
    security: enabled

Create a HelmChart Resource Sveltos can deploy Helm charts across all matching clusters.

apiVersion: config.projectsveltos.io/v1beta1
kind: ClusterProfile
metadata:
  name: wiz-sensor-installer
spec:
  syncMode: Continuous
  helmCharts:
    - chartVersion: 3.10.4
      releaseName: wiz-admission-controller
      releaseNamespace: wiz
      chartName: wiz-sec/wiz-admission-controller
      repositoryURL: https://wiz-sec.github.io/charts
      repositoryName: wiz-sec
      helmChartAction: Install
      values: |
        wizApiToken:
          clientId: test123
          clientToken: foobar
  clusterSelector:
    matchLabels:
      env: fv

Replace latest with an actual version (e.g., 1.0.5) if you want deterministic installs.

Apply the ClusterProfile

kubectl apply -f clusterprofile-wiz.yaml

Sveltos will now:

Discover all clusters labeled security=enabled
Install the wiz-sensor chart into each one
Monitor the rollout and status via ClusterSummary and ClusterReport

Monitor Rollout Check if Wiz is installed properly:

kubectl get clustersummaries kubectl get clusterreports

These cmds will tell you:

Whether the chart installed correctly
If any resources failed
Version consistency

How Sveltos Compares to Other Tools

Sveltos fills the multi-cluster automation gap left by other GitOps tools. It’s GitOps-complementary, not GitOps-competitive.

Conclusion: Make Security Deployment Scalable with Sveltos

Installing Wiz across AKS clusters doesn’t have to be a manual process filled with copy-paste YAML and scheduling nightmares. With Sveltos, you can deploy the Wiz admission controller once—and let it scale declaratively across every cluster that matches your intent.

If you’re running multiple AKS clusters and care about automation, consistency, and security, this workflow is a game-changer.

Get started today:

⭐ Star the project on GitHub: https://sveltos.projectsveltos.io/

Key Takeaways

Automating Wiz installation across AKS clusters saves time and reduces errors.
Sveltos uses declarative, label-based targeting for smart, scalable deployment.
ClusterProfiles and ConfigMaps bundle and sync resources dynamically.
Tools like ArgoCD or Flux lack native multi-cluster capabilities.
Sveltos is purpose-built to streamline security deployments across Kubernetes fleets.

Animation Plugin for draw.io Documentation & Deep Dive

Simone Morellato — Sat, 28 Jun 2025 04:38:59 +0000

Special thanks to Colin

Special thanks to my dear friend Colin for his great video that inspired and guided this documentation. Colin's thorough exploration and hands-on testing were crucial for uncovering the Animation.js plugin's capabilities. Props to Colin for making this all possible.

As a content creator, you're always looking for ways to make your diagrams and visual aids more engaging and impactful. Enter the Animation.js plugin for draw.io, a hidden gem that can transform your static diagrams into dynamic, animated masterpieces.

In this comprehensive post, we'll dive deep into this powerful yet undocumented feature, uncover its secrets, and equip you with the knowledge to bring your diagrams to life.

Discovering the Animation.js Plugin

The Animation.js plugin is a built-in feature of draw.io, the popular diagramming and visual collaboration platform. However, finding information on how to use this plugin can be a real challenge. This guide is designed to be the most comprehensive documentation for Animation.js available.

The existence of Animation.js is not widely known, and the official draw.io docs offer little guidance. Colin explored the codebase and experimented with features to unlock practical usage. Those lessons are shared here.

Setting the Stage: Activating the Animation.js Plugin

To enable the Animation.js plugin in draw.io:

Go to the Extras menu and select Plugins
In the Plugins window, find Animation.js and ensure it is enabled
If not listed, click Add and select it from the dropdown
Restart draw.io if required

With the plugin activated, you're ready for animated diagrams.

Animating Your Diagram Elements

Open the Animations window (under the Extras menu)
Select an element, pick an animation (fade-in, wipe-in, flow for arrows, etc.), and add it to your animation steps
Important: Every element you want visible must have an animation. Unanimated elements will be invisible in playback and export

This can be tedious, but scripting and planning help.

Previewing and Applying Your Animations

Preview your animation steps in the Animations window
Unanimated elements are set to full transparency, which can look abrupt. Try alternative backgrounds or fades for smoother effects
Don’t forget: You must click Apply for your changes to take effect. There is no visual cue if you forget, so save or apply often

Exporting and Sharing Animated Diagrams

To export your animated diagram:

Go to File > Export As > URL
The animation data is encoded in the generated URL
Very important: Manually add p=anim to the query string for animations to play

Example:

https://viewer.diagrams.net/?your_diagram_url&p=anim

If you skip this, the animation won't play.

Animating Text Elements

For advanced effects, animate each line of text separately
Put each line into its own text box, stack them if needed, and animate each in sequence for full control
Every text box must be animated to appear in the final export

Plugin Limitations & Community Contributions

Opacity handling, export parameters, and sparse documentation are known quirks
With only a handful of contributors, there’s lots of room to improve. Jump in if you can code — even small improvements help the community

Key Functions & Developer Reference

Plugin initialization: Adds menu item, actions, and Animation window UI
Animation window: Text area for scripting, preview, copy, and apply controls
Step script syntax: show, hide, fade, flow, wait actions per element

Functions

animateCells
mapCell
run
stop
AnimationWindow
toggleFlowAnim

Common Step Commands

Command	Effect
`show CELL [fade]`	Show a cell, optionally with fade-in effect
`hide CELL`	Fade out a cell
`flow CELL start/stop`	Start or stop a flow animation on a cell
`wait MS`	Wait for `MS` milliseconds between steps

Replace CELL with the cell’s ID.

Unleash Your Animated Creativity

Animation.js for draw.io is more than a curiosity. It's a toolkit for creating engaging visualizations. Check out Colin’s demos, experiment, and consider contributing to keep the tool improving.

Many thanks again to Colin, my dear friend, for making this all possible.

Are you trying to manage AI Workloads on Kubernetes at Scale? Maybe deploying complex AI stacks such as Kubeflow and KServe? Here is how Sveltos Enables Multi-Cluster, GitOps-driven MLOps https://ppaolo.substack.com/p/managing-ai-workloads-on-kubernetes

Simone Morellato — Thu, 08 May 2025 16:56:33 +0000

The Complete Guide to Kubernetes Add-ons: Categories, Use Cases, and Emerging Trends

Simone Morellato — Fri, 02 May 2025 18:42:22 +0000

Kubernetes add-ons are essential components that extend and enhance the capabilities of a Kubernetes cluster. From networking to security, observability to developer experience, choosing the right set of add-ons is key to building robust, scalable, and maintainable Kubernetes cluster.

This guide goes beyond listing popular tools. It provides a structured framework to help you understand:

The functional categories of Kubernetes add-ons
Real-world use cases for each type
How different add-ons interact and depend on each other
Trends shaping the ecosystem
And finally—how Sveltos helps you manage it all at scale

📚 Taxonomy of Kubernetes Add-ons

Most resources offer lists of Kubernetes add-ons without a clear rationale for how they fit into a cluster’s architecture. We group Kubernetes add-ons into five strategic categories based on functionality and target audience:

Category	Description	Primary Users
Foundational	Core cluster capabilities like networking, DNS, and storage.	Cluster admins, SREs
Operational	Monitoring, logging, autoscaling, policy enforcement.	SREs, platform engineers
Security	Authentication, RBAC, runtime security, network policies.	Security teams, DevOps
Developer-focused	Tools for local development, debugging, and deployment automation.	Developers, platform teams
Emerging/Niche	AI/ML ops, cost optimization, eBPF observability, GitOps integrations.	Innovators, modern teams

🧱 Foundational Add-ons

These add-ons are often required for a Kubernetes cluster to function reliably at scale.

Category	Examples	Use Case
Networking	Calico, Cilium (eBPF-based), Flannel	Choosing a CNI that supports network policies for multi-tenant clusters
DNS & Service Discovery	CoreDNS	Internal service-to-service communication
Storage Provisioners	EBS CSI, OpenEBS	Dynamic volume provisioning for stateful applications
Ingress Controllers	NGINX, Traefik, Istio ingress gateway	Managing external access to services over HTTP/S

⚙️ Operational Add-ons

These improve observability, automation, and reliability.

Category	Examples	Use Case
Monitoring & Logging	Prometheus, Grafana, Loki, Fluent Bit	Monitoring application SLIs, alerting on infrastructure issues
Autoscalers	Cluster Autoscaler, KEDA, HPA/VPA	Dynamically scaling workloads based on demand
Policy Management	Kyverno, Gatekeeper (OPA)	Enforcing naming conventions, security policies
Backup & Restore	Velero, Stash	Disaster recovery of applications and resources

🔐 Security Add-ons

Security should be embedded at every layer of the Kubernetes stack.

Category	Examples	Use Case
Authentication & Authorization	Dex, Keycloak, RBAC policies	Control who can access the cluster and what actions they can perform based on identity and roles
Network Security	Calico network policies, Cilium Hubble	Enforce fine-grained traffic controls between pods and namespaces to prevent lateral movement
Runtime Security	Falco, Sysdig Secure	Detect and respond to anomalous behavior or security threats at runtime (e.g., unexpected process launches)
Image Scanning	Trivy, Clair	Prevent deploying containers with known vulnerabilities (CVEs) by scanning images before runtime

👨‍💻 Developer-Focused Add-ons

These improve the developer experience, speed up debugging, and support CI/CD workflows.

Category	Examples	Use Case
Package Management	Helm	Simplify and standardize application deployment using versioned, reusable charts
Local Dev & Iteration	Tilt, Skaffold	Accelerate the inner dev loop by syncing code changes directly to running containers
GitOps & CI/CD	Argo CD, Flux	Enable automated, declarative delivery pipelines using Git as the source of truth
Cluster Visualization	K9s, Lens	Explore, monitor, and debug Kubernetes clusters with an intuitive interface and minimal config

🧠 Emerging & Niche Add-ons

Stay ahead of the curve with these cutting-edge tools.

Category	Examples	Use Case
AI/ML Workload Management	Kubeflow, Volcano	Orchestrate, scale, and manage machine learning workloads on Kubernetes clusters
eBPF-based Observability	Pixie, Cilium Hubble	Gain real-time, low-overhead visibility into application and network behavior using eBPF
Cost Optimization	Kubecost, CAST AI	Monitor, manage, and reduce infrastructure costs across Kubernetes environments
Developer Portals	Backstage	Centralize service catalogs, docs, and tooling to improve developer productivity and self-service
Policy-as-Code	OPAL (Open Policy Agent Live), Rego-based custom policies	Define and enforce infrastructure and application policies as code for compliance and security automation

Interdependencies Between Add-ons

In a real-world Kubernetes environment, no add-on operates in isolation. Many tools rely on others to function correctly, and failing to understand these dependencies can lead to broken deployments or subtle misconfigurations. Sveltos can help manage these relationships, but it's important to know how the pieces fit together.

Here are some common and critical interdependencies:

Monitoring depends on networking: Tools like Prometheus rely on a functioning CNI to reach and scrape metrics endpoints across the cluster.
Policy enforcement may rely on service discovery: Gatekeeper and other policy engines often evaluate service configurations, so they depend on accurate discovery data from tools like CoreDNS.
GitOps needs secrets management and CI: Tools like Argo CD integrate with secret management solutions (e.g., Vault, Sealed Secrets) and often rely on CI systems to trigger deployments based on code or config changes.

Sveltos addresses this challenge with explicit dependency ordering, ensuring that add-ons are applied in the correct sequence across clusters.

This is achieved through ClusterProfile and AddonConfiguration CRDs, where dependencies can be implicitly modeled by defining ordering constraints. Sveltos evaluates these configurations and enforces a deterministic rollout sequence. When an add-on references another resource—either directly or through required CRDs—Sveltos ensures the prerequisite components are present and ready before proceeding with the dependent deployment. This reduces race conditions and installation failures, especially in multi-cluster setups or when performing large-scale rollouts.

Additionally, Sveltos continuously monitors the readiness of dependencies. If a prerequisite fails or is delayed, dependent add-ons are automatically deferred and retried once conditions are met. This intelligent orchestration minimizes operational overhead and enhances the resilience of the overall add-on management pipeline.

📈 Add-on Ecosystem Trends

The Kubernetes ecosystem is evolving rapidly. As new challenges emerge—like multi-cluster management, cost control, and AI workloads—so do the tools and patterns designed to address them.

Trend	Description	Impact
Rise of eBPF	Tools like Cilium and Pixie leverage eBPF for kernel-level observability and networking	Enables high-performance, low-overhead monitoring and fine-grained traffic control
Shift to GitOps	Git becomes the single source of truth for infra and app delivery	Tools like Argo CD and Flux improve auditability and repeatability through Git-centric workflows
Zero-trust security	Perimeter-based models give way to identity-driven access and policy	Add-ons focus on runtime enforcement, service-level identity, and fine-grained access control
Platform engineering focus	Internal platforms simplify complexity and boost developer productivity	Tools like Backstage define golden paths and enable standardized, self-service environments
AI/ML integration	Kubernetes increasingly powers ML model development and inference	Kubeflow and Volcano support scalable training, tuning, and deployment of ML workloads

Kubernetes Add-ons Overview

Category	Add-ons	Use Case
🧱 Foundational Add-ons	Networking: Calico, Cilium (eBPF-based), Flannel	Choosing a CNI that supports network policies for multi-tenant clusters
	DNS & Service Discovery: CoreDNS	Internal service-to-service communication
	Storage Provisioners: CSI drivers (EBS CSI, OpenEBS)	Dynamic volume provisioning for stateful applications
	Ingress Controllers: NGINX, Traefik, Istio	Managing external access to services over HTTP/S
⚙️ Operational Add-ons	Monitoring & Logging: Prometheus, Grafana, Loki, Fluent Bit	Monitoring application SLIs, alerting on infrastructure issues
	Autoscalers: Cluster Autoscaler, KEDA, HPA/VPA	Dynamically scaling workloads based on demand
	Policy Management: Kyverno, Gatekeeper (OPA)	Enforcing naming conventions, security policies
	Backup & Restore: Velero, Stash	Disaster recovery of applications and resources
🔐 Security Add-ons	Authentication & Authorization: Dex, Keycloak, RBAC policies	Securing access to the cluster via authentication and authorization controls
	Network Security: Calico network policies, Cilium Hubble	Defining and enforcing secure network communication policies
	Runtime Security: Falco, Sysdig Secure	Monitoring and protecting running workloads
	Image Scanning: Trivy, Clair	Prevent deploying containers with known CVEs
👨‍💻 Developer Add-ons	Helm	The de facto package manager for Kubernetes
	Tilt, Skaffold	Local development and rapid iteration
	Argo CD, Flux	GitOps tools for continuous delivery
	K9s, Lens	Cluster visualization and debugging
		Allowing developers to test services locally with minimal config
🧠 Emerging & Niche	AI/ML Management: Kubeflow, Volcano	Managing machine learning workloads in Kubernetes
	eBPF-based Observability: Pixie, Cilium Hubble	High-performance networking and observability using eBPF
	Cost Optimization: Kubecost, CAST AI	Tracking and optimizing cloud-native infrastructure cost
	Developer Portals: Backstage	Building internal developer platforms and service catalogs
	Policy-as-Code: OPAL, Rego-based policies	Declarative, code-driven policy enforcement

🛠️ How Sveltos Simplifies Kubernetes Add-on Management

Managing Kubernetes add-ons at scale is challenging—especially across multiple clusters, environments, and teams. That’s where Sveltos comes in: an open-source Kubernetes add-on lifecycle manager purpose-built to automate, secure, and govern the deployment of add-ons in a GitOps-native way.

🔍 What Is Sveltos?

Sveltos is a Kubernetes controller that:

Declaratively deploys and manages add-ons (Helm charts, Kustomize templates, YAMLs) across multiple clusters.
Enables dynamic add-on targeting using Kubernetes-style label/field selectors.
Offers GitOps integration, watching Git repositories and applying configuration changes automatically.
Provides real-time cluster profiling, so you can tailor add-ons to specific cluster capabilities or labels.
Supports event-driven updates, reacting to changes in cluster state, metrics, or external signals.

📦 Sveltos Features for Add-on Management

Feature	Benefit
Multi-cluster support	Deploy the same (or different) add-ons across tens, hundreds, or thousands of clusters.
GitOps-native	Use Git as the single source of truth for all add-on configurations.
Declarative lifecycle	Manage add-ons via CRDs like `Addon`, `AddonConfiguration`, and `ClusterProfile`.
Fine-grained targeting	Use cluster labels/fields to apply the right add-ons to the right clusters.
Conflict-free updates	Ensures safe rolling updates and handles retries and failures.
Policy-aware	Combine with tools like Kyverno or Gatekeeper to enforce compliance.
Insightful diagnostics	See applied add-ons, errors, and history via status fields and metrics.
Helm/Kustomize integration	Supports Helm charts and Kustomize overlays for flexible deployment strategies.
Webhook-free architecture	No webhooks required; simplifies setup and increases resilience.
Dependency ordering	Define explicit ordering between add-ons to satisfy install-time dependencies.
Drift detection	Detects and optionally remediates drift from the declared configuration.
Dry-run support	Preview changes to validate impact before deployment.
Multi-tenancy aware	Designed for environments with multiple teams managing separate clusters.

🔁 Real-world Use Cases

Use Case	Description
Deploying Monitoring Stack at Scale	Automatically roll out Prometheus, Grafana, and exporters to all production clusters labeled `env=prod`
Dynamic Add-on Selection	Apply a CSI storage driver only to clusters running in AWS by targeting clusters with `cloud=aws`
Multi-Tenant SaaS Platforms	Isolate tenant-specific add-ons using cluster labels and profiles, while maintaining a common base set
GitOps + Policy	Combine GitOps with Sveltos and Kyverno to declaratively deploy add-ons and enforce compliance

Sveltos `dependsOn` Deep Dive: Add-on Dependency Management

A common challenge with add-on management is ensuring that dependencies are deployed in the correct order. Sveltos solves this with the dependsOn field in ClusterProfile CRs, allowing one ClusterProfile to depend on others.

📌 Example: Deploying Kyverno + Admission Policies

---
apiVersion: config.projectsveltos.io/v1beta1
kind: ClusterProfile
metadata:
  name: kyverno-admission-policies
spec:
  clusterSelector:
    matchLabels:
      env: production
  dependsOn:
  - kyverno
  policyRefs:
  - kind: ConfigMap
    name: disallow-latest-tag
    namespace: default
  - kind: ConfigMap
    name: restrict-wildcard-verbs
    namespace: default
---
apiVersion: config.projectsveltos.io/v1beta1
kind: ClusterProfile
metadata:
  name: kyverno
spec:
  helmCharts:
  - chartName: kyverno/kyverno
    chartVersion: v3.3.3
    helmChartAction: Install
    releaseName: kyverno-latest
    releaseNamespace: kyverno
    repositoryName: kyverno
    repositoryURL: https://kyverno.github.io/kyverno/

🔍 Explanation

kyverno installs the Kyverno Helm chart.
kyverno-admission-policies depends on kyverno, ensuring Kyverno is fully deployed before applying admission control policies.
💡 kyverno has no clusterSelector, so it is not deployed on its own—it is deployed only when referenced by another ClusterProfile that targets specific clusters.

🔄 Recursive Resolution: Let Sveltos Handle Complex Trees

Sveltos can handle deep dependency trees automatically.

Example:

whoami depends on traefik, which depends on cert-manager.
You only define a ClusterProfile for whoami.
Sveltos ensures all transitive dependencies are deployed in the correct order—no manual sequencing required.

♻️ Dependency Deduplication: Smart, Resource-Efficient Deployment

Sveltos ensures shared dependencies are deployed only once per cluster, even when multiple ClusterProfiles declare the same dependency.

Example Scenario

frontend-app-1 depends on backend-service-1, which depends on postgresql.
Later, frontend-app-2 is deployed, which also depends on postgresql.

✅ Sveltos Behavior

Detects that postgresql is already deployed.
Skips redeploying it.
Keeps it alive until all dependents are removed.
When the last dependent (frontend-app-2) is removed, postgresql is also cleaned up—ensuring optimal resource usage and correctness.

Ready to simplify multi-cluster Kubernetes management?

Check out Sveltos at Sveltos.projectsveltos.io and see how it can transform your DevOps workflows.

Your Kubernetes clusters deserve to stay clean. Your platform deserves full control. Now you can have both.

Simone Morellato — Sat, 26 Apr 2025 02:28:49 +0000

Introducing Agentless Mode for Sveltos: Clean Clusters, Zero Footprint

Imagine offering Kubernetes clusters to your customers—fully managed, highly available, and production-ready—without ever needing to install a single controller or CRD inside their environments.

No sidecars.
No leftover objects.
No risk of interference.

Just clean, application-focused clusters.

That’s the dream for any company delivering Kubernetes as a service (KaaS).

With our latest update to Sveltos, that dream just became reality.

A Major Update: Sveltos Agentless Mode

Today, we’re excited to introduce a major enhancement to Sveltos Agentless Mode—a smarter, safer way to deliver centralized management, configuration drift detection, and event monitoring without leaving a trace on managed clusters.

Why This Matters: Clean Clusters, Happier Customers

In conversations with platform engineers, infrastructure leads, and cloud-native architects, we kept hearing the same challenge:

“We want to keep our managed clusters clean. Our customers expect their clusters to be untouched by our tooling.”

It’s a valid expectation.

As more companies offer Kubernetes platforms to internal teams or external customers, the demand for invisible control planes is rising.

Security-conscious users don’t want third-party agents lingering in their environments.

Ops teams want to minimize blast radius.

Compliance teams want clear boundaries between app code and platform tooling.

We listened and reimagined how Sveltos works under the hood.

What’s New: Agentless Mode, Reinvented

With this release, Sveltos now deploys its drift detection and event monitoring components entirely within the management cluster.

For every managed cluster, a dedicated set of agents runs in the central control plane, collecting events and watching for configuration drift.

Nothing is deployed into the managed cluster itself.

Here’s what this looks like:

No CRDs or Custom Resources
No Deployments, Sidecars, or Daemons in Managed Clusters
Full Visibility
Control From a Single Management Cluster

This new agentless architecture is now the default when you set Sveltos to manage external clusters.

It’s clean, efficient, and fully production-ready.

How This Helps You

Whether you're running dozens or hundreds of clusters, this update makes your life easier in several ways:

Clean Clusters: Give your customers fully isolated environments with no control plane footprint. Ideal for multi-tenant KaaS platforms and regulated industries.
Lower Operational Risk: No need to troubleshoot agents in every cluster. All Sveltos logic runs centrally.
Better Performance and Observability: You still get real-time event monitoring and drift detection—with fewer moving parts.
Smarter Scaling: As you onboard more clusters, management cost and complexity remain low.

One early adopter, a platform engineer at a fast-growing SaaS provider, put it this way:

“With the new agentless mode, we can finally give our internal teams clean Kubernetes clusters. And the Sveltos control plane still gives us everything we need to keep configurations in check.”

Built for Your Platform Engineering Stack

This improvement is a perfect fit if you’re:

Delivering Kubernetes-as-a-Service to customers or teams
Managing edge, IoT, or regulated clusters where access must be minimal
Looking to reduce operational overhead while improving observability

And if you've spent time managing large Kubernetes environments even enterprise-grade platforms like Red Hat OpenShift you know how easy it is for clusters to become bloated with dozens of small operators. Each operator typically handles a very specific task: watching one resource and creating or updating another.

In medium-sized clusters, you often end up with a sprawling ecosystem of tiny operators, many of them third-party, each introducing a little more operational overhead, more complexity, and more surface area for potential issues.

We saw this first-hand. It’s powerful, but it can also become difficult to maintain and audit over time.

Sveltos offers a smarter alternative.

Instead of scattering responsibility across many small operators, you can now define clear, centralized rules in Sveltos:

👉 "When you see this resource, update that other resource."

You replace a patchwork of operators with a single, unified control plane you fully own and understand.
Sveltos watches the cluster, reacts to events, and keeps configurations aligned without ever touching the managed clusters directly in agentless mode.

The benefits are huge:

✅ Simplify your operational footprint
✅ Retain full control over cluster behaviors
✅ Minimize third-party dependencies
✅ Scale confidently without adding management complexity

You still get all the Sveltos features you love — ClusterProfiles, drift detection, configuration snapshots, event-driven automation — but now, with even greater precision, security, and elegance.

In short:

You move from managing dozens of tiny, specialized operators to managing one powerful, flexible Sveltos control plane.
Cleaner clusters. Happier customers. Stronger platforms.

Try It Today

The new agentless mode is available now in the latest version of Sveltos.

It’s open source, production-ready, and designed to scale with your platform needs.

👉 Ready to try it out? Visit the installation guide and choose Mode 2.

🙌 Star us on GitHub: https://github.com/projectsveltos/addon-controller

Contributions welcome — file issues, request features, or drop us an email at support@projectsveltos.io

🎥 Join us for a live demo on April 29th: LinkedIn Live

🔧 Best Tools to Deploy Kubernetes Add-ons

Simone Morellato — Wed, 23 Apr 2025 18:20:29 +0000

1. Sveltos

🔹 Best for: Multi-cluster, event-driven, and templated add-on management
Sveltos is purpose-built for managing Kubernetes add-ons at scale. It supports:
• Multi-cluster orchestration
• Event-based deployments
• Support for Helm, Kustomize, raw YAML
• Multi-tenant environments
✅ Lightweight, GitOps-friendly, and very flexible

⸻

2. Flux

🔹 Best for: GitOps-based continuous delivery
• Applies desired state directly from Git
• Great for Helm, Kustomize, and CRDs
• Works well for both apps and add-ons
✅ Strong ecosystem, mature GitOps approach

⸻

3. Argo CD

🔹 Best for: Visual GitOps and app-centric workflows
• GitOps controller with UI and CLI
• Supports Helm, Kustomize, plain YAML
• Strong sync and drift detection
✅ Visual interface, great for teams managing many services

⸻

4. Helm

🔹 Best for: Templated deployments with strong community support
• Package manager for Kubernetes
• Massive chart ecosystem (e.g., Prometheus, NGINX)
• Easy upgrades and rollbacks
✅ Quick to get started, highly configurable

⸻

5. kpt (by Google)

🔹 Best for: Config-as-data pipelines (YAML-first approach)
• Focuses on packaging, customizing, and validating Kubernetes configs
• Works well with Git workflows and CI/CD
✅ Structured YAML management, good for platform teams

⸻

6. Cluster API Add-on Providers

🔹 Best for: Declarative, infrastructure-aware add-on management
• Works in tandem with Cluster API (CAPI)
• Ideal if you already use CAPI to manage cluster lifecycles
✅ Deep integration with cluster provisioning

⸻

7. Operator Framework / OLM (Operator Lifecycle Manager)

🔹 Best for: Complex lifecycle management (CRDs, stateful services)
• Enables installation, update, and lifecycle management of Operators
• More than just deployment—it handles upgrade paths and dependency trees
✅ Powerful for complex or stateful add-ons like databases

🚀 Which One Should You Use?

What if I need a tool to add monitoring across 100 clusters?

If your goal is to add and manage monitoring (e.g., Prometheus, Grafana, Loki, etc.) across 100 Kubernetes clusters, then your solution needs to be:
• Multi-cluster aware
• Scalable and repeatable
• GitOps-compatible (ideally)
• Able to handle templated or dynamic configurations

⸻

🔍 Top Tooling Options for This Use Case

🥇 Sveltos

Best for: Scalable, event-driven multi-cluster add-on management

✅ Handles:
• 100+ clusters with ease
• Templating and customization for Prometheus per cluster
• Centralized or decentralized deployment models
• GitOps support (via CRDs or integrating with Flux/Argo)

💡 Use Case: Automatically deploy Prometheus to new clusters when they register, with cluster-specific alerting rules and scrape configs.

⸻

🥈 Flux + Cluster API + Helm

Best for: GitOps-first approach with Helm charts

✅ Handles:
• Large-scale deployments via Git repositories
• Git as the source of truth
• Automates provisioning via Cluster API + add-on Helm chart install

🛠️ Use a Flux HelmRelease to deploy Prometheus and customize values per cluster using Kustomize overlays.

⸻

🥉 Argo CD + App of Apps Pattern

Best for: Teams needing a UI, RBAC, and GitOps

✅ Good if:
• You want to see deployment status cluster-by-cluster
• You need to deploy Prometheus and related tools with specific RBAC per team/cluster

🧠 You’d use an “App of Apps” structure where one central Argo app deploys other apps (e.g., Prometheus per cluster) from Git.

⸻

🧩 Honorable Mentions

Rancher Fleet: Built for GitOps at large scale, great for 1000+ clusters. Prometheus bundles available.
Anthos Config Management: If you’re on Google Cloud and need policy + config sync.
Crossplane: If you’re provisioning infra + Kubernetes add-ons together.

✅ Recommendation Summary

Discovering European Open Source Projects at KubeCon London

Simone Morellato — Thu, 03 Apr 2025 07:55:44 +0000

This week, I had the opportunity to attend KubeCon London, and it was an eye-opening experience. The European Kubernetes community is thriving, and I was particularly impressed by four open-source projects developed by European and Italian companies that caught my attention. Each solves different challenges in the Kubernetes ecosystem, and what's even more fascinating is how they can work together.

The Four Projects I Discovered

vCluster (by Loft Labs - Germany)

At the Loft Labs booth, I got an in-depth demo of vCluster, which creates virtual Kubernetes clusters that run inside a namespace of a host cluster. Each virtual cluster has its own control plane but shares worker nodes with the host. The German engineering team explained how they've optimized it for development environments, making it incredibly fast to provision new clusters. What impressed me most was how it enables teams to have their own isolated control planes while efficiently using shared infrastructure.

Capsule (by Clastix - Italy)

Next, I attended a talk by the Italian team at Clastix who developed Capsule. This multi-tenancy framework manages namespaces as "tenants" within a single Kubernetes cluster. Their approach is lightweight but powerful, using a Tenant CRD to group namespaces and applying various policies for isolation. The Italian engineers demonstrated how it's perfect for organizations that want to share a cluster among multiple teams without the overhead of managing separate clusters.

Kamaji (by Clastix - Italy)

Another Italian project that caught my eye was Kamaji also by Clastix. Their booth had an interesting demo showing how Kamaji runs tenant Kubernetes clusters' control planes as pods in a management cluster, connected to dedicated worker nodes. The team explained how they designed it for organizations that need true cluster isolation (like managed Kubernetes providers) but want more cost-efficient control planes. Their architecture makes it scalable to hundreds of tenant clusters.

Project Sveltos (by Sveltos - italy)

The final project I discovered was Sveltos, developed by Gianluca Mardente in the Italy. Their presentation showed how it manages Kubernetes cluster configuration across multiple clusters using a declarative approach. It was fascinating to see how their controller can push configurations, Helm charts, and add-ons to registered clusters while ensuring consistency across environments.

How These Projects Can Work Together

What really got me excited was realizing these tools aren't mutually exclusive—they can complement each other in powerful ways. During a dinner discussion with representatives from all four projects, they highlighted several integration scenarios:

vCluster + Sveltos

Companies today use vCluster to create isolated environments for development teams, while Sveltos ensures each virtual cluster gets consistent configurations.

Capsule + Sveltos

Adriano Pezzuto from the Capsule team and Gianluca Mardente from Sveltos team demonstrated how Capsule could handle multi-tenancy within a shared cluster, while Sveltos applies standardized tools or policies across tenant namespaces.

Kamaji + Sveltos

Perhaps the most powerful combination I saw was using Kamaji to run tenant clusters with dedicated control planes while Sveltos handles consistent configuration across all of them. This would make running hundreds of fully isolated clusters much more manageable.

All Together

The highlight was realizing that companies are already building platforms using all four tools: Kamaji for production tenant clusters, vCluster for dev environments, Capsule for staging, and Sveltos orchestrating everything.

What I Learned

This KubeCon experience showed me how the European Kubernetes community is driving innovation in multi-tenancy and cluster management.

I came away with a much deeper understanding of how to design multi-tenant Kubernetes platforms that balance isolation, efficiency, and manageability.

What's your Kubernetes setup like? Have you experimented with any of these tools?

Crossplane vs. Sveltos: A Kubernetes API Extension Comparison

Simone Morellato — Sat, 22 Feb 2025 01:32:04 +0000

Crossplane vs. Sveltos: A Kubernetes API Extension Comparison

Crossplane and Sveltos both extend the Kubernetes API using Custom Resource Definitions (CRDs) to manage resources declaratively. However, they target different domains:

Crossplane focuses on infrastructure provisioning (e.g., databases, VMs, storage) by enabling Kubernetes-native management of cloud resources across providers.
Sveltos focuses on Kubernetes add-on and application management by enabling declarative deployment and lifecycle management of add-ons across multiple clusters.

Key Differences

Feature	Crossplane	Sveltos
Purpose	Manages cloud infrastructure (e.g., databases, storage, compute)	Manages Kubernetes add-ons and applications across clusters
API Extension	Extends Kubernetes API to provision cloud resources using CRDs	Extends Kubernetes API to deploy and manage add-ons using CRDs
Multi-Cluster	Works with multiple cloud providers but does not directly handle multi-cluster add-on deployment	Specifically designed for multi-cluster add-on and application deployment
Lifecycle Management	Manages cloud resource lifecycle (e.g., creating, updating, deleting cloud resources)	Automates deployment, updates, and pruning of Kubernetes add-ons
Declarative Model	Uses CRDs to define and manage cloud resources declaratively	Uses CRDs to define and manage add-on policies declaratively
Primary Use Case	Kubernetes-native Infrastructure as Code (IaC)	Kubernetes-native add-on/application management

Summary

If you need Kubernetes-native infrastructure provisioning, Crossplane is the right tool.
If you need multi-cluster Kubernetes add-on and application management, Sveltos is the better choice.

DEV Community: Simone Morellato

Sveltos Quick Start

Prerequisites

Step 1: Deploy Sveltos

Step 2: Deploy the Dashboard (Optional)

Step 3: Create a vCluster

Step 4: Register vCluster with Sveltos

What’s Next?

Registering a vCluster Kubernetes clusters with Sveltos: A Quick Start Guide

Prerequisites

Step 1: Deploy Sveltos

Step 2: Deploy the Dashboard (Optional)

Step 3: Create a vCluster

Step 4: Register vCluster with Sveltos

What’s Next?

Sveltos vs Terraform: Friends, Not Rivals, in the Cloud-Native World

Introduction

Terraform at a Glance

Sveltos at a Glance

Similarities Between Sveltos and Terraform

Key Differences

A Real-World Workflow: Better Together

Conclusion

What are the benefits of using Sveltos versus the traditional ArgoCD/Flux GitOps flow?

🔄 1. Cluster Lifecycle Awareness

⚙️ 2. Push-Based vs Pull-Based Model

🌐 3. Declarative Targeting with ClusterProfile

🧩 4. Works With ArgoCD/Flux — Not Against Them

🚀 5. Fast, Scalable Multi-Cluster Rollouts

🛠️ 6. Simplified CI/CD Flow

✅ Comparison Table

🙌 Final Thoughts

💬 Community & Contributions Welcome!

How to Install Wiz with Sveltos: A Smarter Way to Automate Multi-Cluster Security on AKS

What this post is about

Introduction

Why Automate Wiz Deployment Across AKS Clusters?

What Is Sveltos?

Step-by-Step: Installing Wiz Admission Controller Across All Clusters

How Sveltos Compares to Other Tools

Conclusion: Make Security Deployment Scalable with Sveltos

Key Takeaways

Animation Plugin for draw.io Documentation & Deep Dive

Special thanks to Colin

Discovering the Animation.js Plugin

Setting the Stage: Activating the Animation.js Plugin

Animating Your Diagram Elements

Previewing and Applying Your Animations

Exporting and Sharing Animated Diagrams

Animating Text Elements

Plugin Limitations & Community Contributions

Key Functions & Developer Reference

Functions

Common Step Commands

Unleash Your Animated Creativity

Are you trying to manage AI Workloads on Kubernetes at Scale? Maybe deploying complex AI stacks such as Kubeflow and KServe? Here is how Sveltos Enables Multi-Cluster, GitOps-driven MLOps https://ppaolo.substack.com/p/managing-ai-workloads-on-kubernetes

The Complete Guide to Kubernetes Add-ons: Categories, Use Cases, and Emerging Trends

📚 Taxonomy of Kubernetes Add-ons

🧱 Foundational Add-ons

⚙️ Operational Add-ons

🔐 Security Add-ons

👨‍💻 Developer-Focused Add-ons

🧠 Emerging & Niche Add-ons

Interdependencies Between Add-ons

📈 Add-on Ecosystem Trends

Kubernetes Add-ons Overview

🛠️ How Sveltos Simplifies Kubernetes Add-on Management

🔍 What Is Sveltos?

📦 Sveltos Features for Add-on Management

🔁 Real-world Use Cases

Sveltos dependsOn Deep Dive: Add-on Dependency Management

📌 Example: Deploying Kyverno + Admission Policies

🔍 Explanation

🔄 Recursive Resolution: Let Sveltos Handle Complex Trees

♻️ Dependency Deduplication: Smart, Resource-Efficient Deployment

Example Scenario

✅ Sveltos Behavior

Ready to simplify multi-cluster Kubernetes management?

Your Kubernetes clusters deserve to stay clean. Your platform deserves full control. Now you can have both.

Introducing Agentless Mode for Sveltos: Clean Clusters, Zero Footprint

Sveltos `dependsOn` Deep Dive: Add-on Dependency Management