Sveltos is a set of Kubernetes controllers that run in a management cluster. From that central control‑plane it installs, updates, and deletes Kubernetes add‑ons and applications across any number of managed clusters. The project extends Cluster API and supports declarative, multi‑tenant, and GitOps workflows at scale.
Install the following locally before running the quick‑start demo:
Clone the add‑on controller repository and launch the scripted environment:
$ git clone https://github.com/projectsveltos/addon-controller && cd addon-controller/
$ make quickstart
The script creates:
sveltos-management)clusterapi-workload) provisioned by Cluster API (Docker provider)Wait a few minutes for all pods to reach Running.
$ kind get clusters
clusterapi-workload
sveltos-management
$ kubectl config set-context kind-sveltos-management
$ kind export kubeconfig --name sveltos-management
$ kubectl get clusters --show-labels
NAME PHASE VERSION LABELS
clusterapi-workload Provisioned v1.32.0 env=fv,sveltos-agent=present
Sveltos supports two deployment modes and both Helm and Kustomize installers.
| Mode | Agents run | Foot‑print on managed clusters |
|---|---|---|
| Mode 1 (local agents) | Inside each managed cluster | Two lightweight deployments: sveltos-agent (optional) and drift-detection-manager |
| Mode 2 (central agents) | Inside the management cluster | No Sveltos resources installed on managed clusters |
Mode 1:
$ kubectl apply -f https://raw.githubusercontent.com/projectsveltos/sveltos/v0.57.2/manifest/manifest.yaml
$ kubectl apply -f https://raw.githubusercontent.com/projectsveltos/sveltos/v0.57.2/manifest/default-instances.yaml
Mode 2:
$ kubectl apply -f https://raw.githubusercontent.com/projectsveltos/sveltos/v0.57.2/manifest/agents_in_mgmt_cluster_manifest.yaml
$ kubectl apply -f https://raw.githubusercontent.com/projectsveltos/sveltos/v0.57.2/manifest/default-instances.yaml
Note Both manifests install Sveltos in the
projectsveltosnamespace.
Add the chart repository and refresh indices:
$ helm repo add projectsveltos https://projectsveltos.github.io/helm-charts
$ helm repo update
Install Mode 1:
$ helm install projectsveltos projectsveltos/projectsveltos \
-n projectsveltos --create-namespace
Install Mode 2:
$ helm install projectsveltos projectsveltos/projectsveltos \
-n projectsveltos --create-namespace \
--set agent.managementCluster=true
CRD upgrades Helm will not auto‑upgrade CRDs. Update them manually:
$ kubectl apply -f https://raw.githubusercontent.com/projectsveltos/sveltos/v0.57.2/manifest/crds/sveltos_crds.yaml
Mode 1:
$ kustomize build \
https://github.com/projectsveltos/sveltos.git//kustomize/base?ref=v0.57.2 | kubectl apply -f -
$ kubectl apply -f https://raw.githubusercontent.com/projectsveltos/sveltos/v0.57.2/manifest/default-instances.yaml
Mode 2:
$ kustomize build \
https://github.com/projectsveltos/sveltos.git//kustomize/overlays/agentless-mode?ref=v0.57.2 | kubectl apply -f -
$ kubectl apply -f https://raw.githubusercontent.com/projectsveltos/sveltos/v0.57.2/manifest/default-instances.yaml
The following ClusterProfile installs Kyverno in every cluster labeled env=fv.
apiVersion: config.projectsveltos.io/v1beta1
kind: ClusterProfile
metadata:
name: deploy-kyverno
spec:
clusterSelector:
matchLabels:
env: fv
syncMode: Continuous
helmCharts:
- repositoryURL: https://kyverno.github.io/kyverno/
repositoryName: kyverno
chartName: kyverno/kyverno
chartVersion: v3.3.7
releaseName: kyverno-latest
releaseNamespace: kyverno
helmChartAction: Install
Apply:
$ kubectl apply -f clusterprofile_kyverno.yaml
Switch to the workload context and confirm pods are running:
$ kubectl config set-context kind-clusterapi-workload
$ kind export kubeconfig --name clusterapi-workload
$ kubectl get pods -n kyverno
Create the resource definitions (here: an nginx Deployment and Service):
# nginx_deploy.yaml
apiVersion: v1
kind: Namespace
metadata:
name: dev
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: dev
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: dev
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIP
Store the file in a ConfigMap:
$ kubectl create configmap nginx --from-file=nginx_deploy.yaml
Reference that ConfigMap from a ClusterProfile:
apiVersion: config.projectsveltos.io/v1beta1
kind: ClusterProfile
metadata:
name: nginx-deploy
spec:
clusterSelector:
matchLabels:
env: fv
syncMode: Continuous
policyRefs:
- name: nginx
namespace: default
kind: ConfigMap
Apply it:
$ kubectl apply -f clusterprofile_nginx.yaml
Sveltos can point at Flux‑managed GitRepository, OCIRepository, or Bucket objects and apply individual paths. Example:
apiVersion: config.projectsveltos.io/v1beta1
kind: ClusterProfile
metadata:
name: flux-system
spec:
clusterSelector:
matchLabels:
env: fv
syncMode: Continuous
kustomizationRefs:
- namespace: flux-system
name: flux-system
kind: GitRepository
path: ./helloWorld/
targetNamespace: eng
For additional template mechanisms see the Carvel ytt and Jsonnet extensions (links preserved in original docs).
When clusters cannot reach public registries you can patch the agent and drift‑detection manager deployments via Helm values.
addonController:
driftDetectionManagerPatchConfigMap:
data:
patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: drift-detection-manager
spec:
template:
spec:
imagePullSecrets:
- name: my-registry-secret
containers:
- name: manager
image: registry.company.io/projectsveltos/drift-detection-manager:dev
classifierManager:
agentPatchConfigMap:
data:
image-patch: |-
- op: replace
path: /spec/template/spec/containers/0/image
value: registry.company.io/projectsveltos/sveltos-agent:dev
- op: add
path: /spec/template/spec/imagePullSecrets
value:
- name: my-registry-secret
Provide the patched values file when installing the chart:
$ helm install projectsveltos projectsveltos/projectsveltos \
-n projectsveltos --create-namespace -f custom_values.yaml
manifest/sveltosctl_manifest.yaml (requires a PersistentVolume)# List add‑ons per cluster
$ sveltosctl show addons
# Filter by selector
$ sveltosctl show addons --namespace default --clusterprofile deploy-kyverno
# List arbitrary resources in managed clusters
$ sveltosctl show resources --kind=Pod --namespace=nginx
# Show which clusters match a ClusterProfile and where ConfigMaps are applied
$ sveltosctl show usage
# Display RBAC rights granted to tenant admins
$ sveltosctl show admin-rbac
Set spec.syncMode: DryRun in a ClusterProfile to simulate all operations. After reconciliation, inspect results:
$ sveltosctl show dryrun --raw-diff
Dry‑run reports include object‑level actions (Install/Upgrade/Delete) and Helm value diffs.
Snapshot CRD with a cron‑style schedule and storage path.sveltosctl snapshot diff to compare two timestamps.$ sveltosctl snapshot rollback --snapshot=hourly --sample=2023-08-26:05:00:00
Enable in a ClusterProfile to surface divergences between desired and live state. Detected drifts are exposed via Prometheus metrics and sveltosctl show dryrun.
Install via manifest or Helm chart, then expose the dashboard Service. Authenticate with a Kubernetes service‑account token. See install commands in section How to install Sveltos dashboard of the original docs.
With Prometheus and Grafana installed on the management cluster, import the JSON dashboard at: https://raw.githubusercontent.com/projectsveltos/sveltos/main/docs/assets/sveltosgrafanadashboard.json
Key metrics include cluster connectivity, reconcile counts, drift totals, and histogram buckets for deployment durations.
Sveltos collects minimal anonymised data (versions, counts of managed objects). Disable with:
# Helm
helm install projectsveltos projectsveltos/projectsveltos \
-n projectsveltos --create-namespace \
--set telemetry.disabled=true
# Manifest deployments
--disable-telemetry=true # flag on addon‑controller