A hands-on guide to implementing a secure hub-and-spoke GitOps architecture on Kubernetes using Sveltos Addon Controller's agent-based pull model. Covers the risks of traditional centralized hub setups (credential exposure, blast radius, network access requirements), explains how Sveltos addresses these with a pull-based approach where spoke clusters initiate outbound connections to the hub, and walks through a complete setup including installing Sveltos via Helm, registering clusters in both push and pull modes, deploying cert-manager via ClusterProfile, and configuring the optional dashboard. Authentication differences between push (credential rotation) and pull (isolation + kill-switch via ServiceAccount deletion) modes are compared, with guidance on improving security further using short-lived tokens and access monitoring.
Table of contents
Hands-on guide to scalable multi-cluster GitOps with Sveltos using a secure hub-and-spoke, agent-based architectureIntroductionHub and Spoke — From Risky to UsableExisting Solutions and Their ChallengesSveltos Addon ControllerHands-On SetupGet Artem Lajko ’s stories in your inboxHow Authentication WorksBonus: Sveltos DashboardWrapping UpFinal ThoughtsSupport the Project with a Star!Addiotional RessourcesContact InformationSort: