When hub-and-spoke GitOps becomes a security risk at scale

Hub and Spoke is a common GitOps model. It works well when you manage a few clusters. But when you scale to 100 or 1000 clusters the model starts to break.

In many setups the hub stores powerful cluster credentials and pushes changes to every cluster. If the hub is compromised the whole fleet is at risk. The hub can also become a bottleneck and a single point of failure. In edge or regulated environments inbound access from hub to cluster is often not even possible.

This talk compares Argo CD and Sveltos and explains the difference between push and pull models. The speakers show how an agent based pull approach reduces risk, removes central superuser credentials and scales more safely. A live demo proves it in practice.