██FR█████ █INTELL███████████

How to Install Wiz with Sveltos: A Smarter Way to Automate Multi-Cluster Security on AKS


This content originally appeared on DEV Community and was authored by Simone Morellato

What this post is about

Learn how to install the Wiz admission controller across multiple AKS clusters using Sveltos. Automate deployments, enhance security posture, and simplify multi-cluster management.

Introduction

If you’re managing Kubernetes clusters at scale—especially on Azure Kubernetes Service (AKS) you already know that deploying tools like Wiz across every environment can become a tedious, error-prone chore. Manually configuring CRDs, syncing admission controllers, and verifying consistency across dozens of clusters isn’t just inefficient—it’s risky.

That’s where Sveltos comes in. Built for declarative, GitOps-style multi-cluster management, Sveltos makes it seamless to deploy the Wiz admission controller to any number of clusters with minimal effort. In this post, we’ll walk you through how to install Wiz with Sveltos, using AKS as the target platform, and show you why this method is fast becoming a best practice for DevOps and platform teams.

Why Automate Wiz Deployment Across AKS Clusters?

Manually installing the Wiz admission controller on every AKS cluster involves repeating the same steps: applying CRDs, creating Kubernetes resources, managing versions, and monitoring rollouts. This quickly becomes unsustainable.

Here’s why automation matters:

  • Scale: Enterprise environments often run dozens or even hundreds of AKS clusters. Manual steps don’t scale.
  • Security: Inconsistent installations leave gaps in your security posture.
  • Time-saving: Automating with Sveltos reduces operational toil.
  • Reliability: Declarative state ensures all clusters stay in sync—always.

According to a 2024 CNCF report, 65% of organizations now operate multiple Kubernetes clusters and over half of those cite add-on management as a key pain point. Sveltos directly addresses that.

What Is Sveltos?

Sveltos is an open-source Kubernetes controller that enables automated deployment of resources—like Helm charts, YAML manifests, and CRDs—across multiple clusters. Unlike tools like ArgoCD and Flux, which focus on single-cluster GitOps, Sveltos excels at multi-cluster, label-based resource targeting.

Key features:

  • Works alongside Cluster API or Sveltos-managed clusters
  • Declarative resource sync using ClusterProfile
  • Target clusters using label selectors
  • Native support for CRDs, Helm, and Kustomize
  • Observability via ClusterSummary and ClusterReport

Step-by-Step: Installing Wiz Admission Controller Across All Clusters

  1. Label All Target Clusters Ensure each cluster you want to target has a label. Example: 
metadata:
  labels:
    security: enabled
  1. Create a HelmChart Resource Sveltos can deploy Helm charts across all matching clusters. 
apiVersion: config.projectsveltos.io/v1beta1
kind: ClusterProfile
metadata:
  name: wiz-sensor-installer
spec:
  syncMode: Continuous
  helmCharts:
    - chartVersion: latest
      releaseName: wiz-sensor
      releaseNamespace: wiz-sensor
      chartName: wiz-sec/wiz-sensor
      repositoryURL: https://wiz-sec.github.io/charts
      options:
        installOptions:
          createNamespace: true
      repositoryName: wiz-sec
      helmChartAction: Install
  clusterSelector:
    matchLabels:
      security: enabled

Replace latest with an actual version (e.g., 1.0.5) if you want deterministic installs.

  1. Apply the ClusterProfile

kubectl apply -f clusterprofile-wiz.yaml

Sveltos will now:

  • Discover all clusters labeled security=enabled
  • Install the wiz-sensor chart into each one
  • Monitor the rollout and status via ClusterSummary and ClusterReport
  1. Monitor Rollout Check if Wiz is installed properly:

kubectl get clustersummaries
kubectl get clusterreports

These cmds will tell you:

  • Whether the chart installed correctly
  • If any resources failed
  • Version consistency

How Sveltos Compares to Other Tools

Sveltos fills the multi-cluster automation gap left by other GitOps tools. It’s GitOps-complementary, not GitOps-competitive.

Conclusion: Make Security Deployment Scalable with Sveltos

Installing Wiz across AKS clusters doesn’t have to be a manual process filled with copy-paste YAML and scheduling nightmares. With Sveltos, you can deploy the Wiz admission controller once—and let it scale declaratively across every cluster that matches your intent.

If you’re running multiple AKS clusters and care about automation, consistency, and security, this workflow is a game-changer.

Get started today:

⭐ Star the project on GitHub: https://sveltos.projectsveltos.io/

Key Takeaways

  • Automating Wiz installation across AKS clusters saves time and reduces errors.
  • Sveltos uses declarative, label-based targeting for smart, scalable deployment.
  • ClusterProfiles and ConfigMaps bundle and sync resources dynamically.
  • Tools like ArgoCD or Flux lack native multi-cluster capabilities.
  • Sveltos is purpose-built to streamline security deployments across Kubernetes fleets.


This content originally appeared on DEV Community and was authored by Simone Morellato