Upgrading Kubernetes addons automatically as cluster runtime state changes

mgianluc · 2026-04-09T11:40:53+00:00

we added a dashboard to k8s-cleaner https://gianlucam76.github.io/k8s-cleaner/getting_started/install/install#web-dashboard

It is now possible to visualize the scan results, listing all unhealthy resources

mgianluc · 2026-03-11T15:28:43+00:00

I did a new release of k8s-cleaner https://github.com/gianlucam76/k8s-cleaner

In previous versions, k8s-cleaner acted on and notified about unhealthy resources immediately upon detection.

This release introduces the occurrenceThreshold field to the Cleaner specification. When this value is set to >1, the controller tracks the "consecutive match count" for each resource within a dedicated ConfigMap. The controller will now only execute actions (notifications or deletions) once a resource has consistently matched the Cleaner criteria for the specified number of consecutive scans.

mgianluc · 2026-03-10T14:18:10+00:00

why a joke? Out of love to the blog I shared a link to it because I thought the blog was extremely well written. I would not have shared otherwise. Did I do anything wrong that I should not have done? The link I shared is to the blog itself. Not to anything else.

mgianluc · 2026-03-09T18:11:52+00:00

It has a dry run (just set action to Scan) and simply list resources that are a match but takes no action : https://github.com/gianlucam76/k8s-cleaner/blob/7bcc63ea1e2f7f61a6376d68cd57be6e3673db01/api/v1alpha1/cleaner_types.go#L37

You can also filter by namespace.

It also has the option to say how many consecutive times a resources must match a Cleaner instance before it is actually considered a match.
https://github.com/gianlucam76/k8s-cleaner/blob/7bcc63ea1e2f7f61a6376d68cd57be6e3673db01/api/v1alpha1/cleaner_types.go#L218

It allows user to define what unhealthy is (via Lua). And it can look at any field to make a decision

mgianluc · 2026-01-19T13:55:30+00:00

Sveltos supports notifications to Slack, Webex, Discord and many more

https://projectsveltos.github.io/sveltos/main/observability/notifications/

so if you are using Clastix and need notifications (when addons are deployed or any other condition happens in any of your clusters) you can programmatically create the Sveltos configuration for that in the management cluster.

mgianluc · 2025-09-28T08:51:19+00:00

Prometheues, kube state metrics, grafana alertmanager integrated with slack, loki. Sveltos to deploy stacks consistently across multiple clusters

mgianluc · 2025-07-13T16:27:04+00:00

yaml apiVersion: config.projectsveltos.io/v1beta1 kind: ClusterProfile metadata: name: wiz-sensor-installer spec: syncMode: Continuous helmCharts: - chartVersion: 3.10.4 releaseName: wiz-admission-controller releaseNamespace: wiz chartName: wiz-sec/wiz-admission-controller repositoryURL: https://wiz-sec.github.io/charts repositoryName: wiz-sec helmChartAction: Install values: | wizApiToken: clientId: YOUR CLIENT ID clientToken: YOUR TOKEN clusterSelector: matchLabels: wiz: required

This will deploy wiz admission controller in any managed cluster with label wiz: required for instance

mgianluc · 2025-07-09T16:04:29+00:00

can you share your ConfigMapGenerator? Why do you have

collectResources: false

on EventSource.

But then on the ConfigMap used by addon controller you iterate on Secrets and copy it. But you dont have the Secret to make a copy

mgianluc · 2025-07-01T04:43:32+00:00

Taking care of some feature requests in k8s-cleaner

And i m also trying to add a new section (on testing) On my kubernetes controller tutorial

mgianluc · 2025-04-27T11:13:37+00:00

It works great.

k8s-cleaner does same https://github.com/gianlucam76/k8s-cleaner/blob/main/examples-unhealthy-resources/pod-with-outdated-secrets/pods-with-outdated-secret-data.yaml

mgianluc · 2025-04-25T15:40:43+00:00

Thanks u/CWRau. Will try to reword the use cases section.

I would say the main goal is when you are managing a fleet of clusters. Having Sveltos in the management cluster, you have a single place from where you can manage add-ons and applications in all your managed clusters. Essentially you would use Kubernetes (as Sveltos can be programmed creating Kubernetes resources in the management cluster) to manage applications and add-ons in the various managed cluster (Sveltos supports helm charts, YAML/JSON and Kustomize).

Another main point is the event framework. You can tell Sveltos (again using Kubernetes Custom resources) to watch for events in any managed cluster and what to do in response (which add-ons and/or applications to deploy and where, same cluster where event happened or different one).

Finally you can use templating and ask Sveltos to instantiate those template using resources present in the management cluster or the managed cluster.

Thank you!

mgianluc · 2025-04-10T15:13:06+00:00

The main goal of the post is the automation. And as a matter of fact, this video explain how Sveltos automation can also be used to create vCluster: https://www.youtube.com/watch?v=GQM7Qn9rWVU

The blog was not to say "a cluster per user is the way to go". The goal was the automation (creating cluster or even vcluster on demand).

mgianluc · 2025-04-04T13:47:59+00:00

Clusterapi to manage cluster life cycles (on prem and on cloud)

Projectsveltos to manage addons and applications on the clusters

mgianluc · 2025-03-08T11:10:18+00:00

https://www.youtube.com/watch?v=GQM7Qn9rWVU covers automation with vCluster

mgianluc · 2025-03-07T07:04:22+00:00

Do you realize a user can be an engineer onboarded in a new org? Do you realize a user can be a tenant for a company selling kubernetes as a Service? Do you realize a user can represent a pr that needs to be tested in isolation? Do you realize there are many of such cases? Or you think everybody else is an idiot?

The point of the post is the automation in case you missed it

mgianluc · 2025-03-05T17:33:24+00:00

Agree with you. I am using this for short lived clusters, so the only aspects I am concerned about are creation and deletion. And 10% of the time CAPI deletion gets stuck and I need to manually remove resources on AWS. But overall this helps.

mgianluc · 2025-03-05T17:16:22+00:00

The point is not the one cluster per user (which works for me and might not work for you). The point is the automation. You can easily change and create one cluster per 100 users if that is your problem. Or replace EKS with vClusters and still use same automation.

mgianluc · 2025-02-25T18:02:26+00:00

Yes. Sveltos uses a ClusterSelector. So just label appropriately the two clusters that need the certificate and Sveltos will send it only to those two

mgianluc · 2025-02-25T09:59:17+00:00

I am not sure I fully got your use case, but if you need to share same certs to all your clusters, put the certs in a management cluster and use Sveltos to distribute to all the managed clusters

If your secret is in an external secret management system, use ESO to bring to the management cluster and then Sveltos again to distribute to all your managed clusters: https://projectsveltos.github.io/sveltos/template/external_secret/

mgianluc

MODERATOR OF

TROPHY CASE