Kustomize

tip

kubectl comes with kustomize but standalone kustomize is more up to date with more core features.

Base config + Overlays

base/* + overlay/prod/*

Cmds

kustomize version --short

Setup

kustomize init

./dir/
  kustomization.yaml # has the resources and overrides
  ./sub-dir/
    kustomization.yaml
...

kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources: # includes below resources
  - deployment.yaml
  - service.yaml

labels:
  - pairs:
      app: my-app
      environment: production
    includeSelectors: true   # optional, defaults to false
    includeTemplates: true   # optional, defaults to false
    fields:                  # optional, to customize label application
      - metadata.labels
      - spec.selector.matchLabels

kustomizing
kustomize build dir/ | k apply|delete -f -

# OR

k kustomiza dir/ # to stdout

k apply -k dir/
k delete -k dir/ # to delete kustomize-created resources

Kustomize auto upgrade
# Below will auto upgrade deprecated transformers
kustomize edit fix
# like commonLabels to labels

Transformers

All transformers
namePrefix: prod-
nameSuffix: -v1
commonAnnotations:
  environment: production
commonLabels:
  tier: backend
replicas:
  - name: my-deployment
    count: 3
images:
  - name: my-app
    newName: new-app
    newTag: v2.0.1
configMapGenerator:
  - name: app-config
    literals:
      - key1=value1
      - key2=value2
secretGenerator:
  - name: app-secret
    literals:
      - username=admin
      - password=secret

Image Transformers

Replaces given image name with the newName in all resources.

Image Transformer Example
images:
  - name: nginx
    newName: my-registry/nginx
    newTag: 1.15.4
  - name: busybox
    newName: my-registry/busybox

Patches

JSON 6902 Patch

kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1
kind: Kustomization

resources:
  - deployment.yaml

patches:
  - # path: path-file.yaml # if given, the patch can move here
  - target:
      kind: Deployment
      name: my-app
    patch: |-
      - op: add # there's also remove
        path: /spec/template/spec/containers/0/env
        value:
          - name: ENVIRONMENT
            value: production
      - op: replace
        path: /spec/template/spec/containers/0/image
        value: nginx:1.21
      - op: add
        path: /spec/template/spec/containers/- # <<<< add at the end
        value:
          - name: ENVIRONMENT
            value: production

Strategic Merge Patch

To delete: set the key to null.

kustomization.yaml
patches:
  - # replicate-patch.yaml # if given, the patch can move here
    patch: |-
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: my-app
      spec:
        template:
          spec:
            containers:
              - name: app
                image: nginx:1.21
              - $patch: delete # to delete an item from array
                image: postgres

Overlays

kustomize/
├── base/
│   ├── deployment.yaml
│   ├── service.yaml
│   └── kustomization.yaml
│
└── overlays/
    ├── dev/
    │   ├── kustomization.yaml
    │   └── patch-deployment.yaml
    │
    └── prod/
        ├── kustomization.yaml
        └── patch-deployment.yaml
        └── grafana-depl.yaml # << Just for prod

overlays/prod/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1
kind: Kustomization

resources: # Reference to the base
  - ../../base
  - grafana-depl.yaml # for prod only

patchesStrategicMerge: # old style patching path
  - patch-deployment.yaml

patches: # new style patching w or w/o path
  - path: patch-deployment.yaml
    target: # not needed if patch-deployment.yaml specifies it
      kind: Deployment
      name: my-app
  - kind: Deployment
    name: my-app
    patchType: JSON6902 # must be specified for non-strategic merge patches
    patch: |-
    - op: replace
      path: /spec/replicas
      value: 2

# Optional: Add dev-specific ConfigMap or Secret generators
configMapGenerator:
  - name: app-config
    literals:
      - LOG_LEVEL=debug
      - FEATURE_FLAG=true

# Optional: name prefix/suffix for namespacing resources
nameSuffix: -dev

Components

kustomize/
├── base/
│   ├── kustomization.yaml
│   ├── namespace.yaml
│   └── ...
├── overlays/
│   ├── dev/
│   │   ├── kustomization.yaml
│   │   ├── patch-deployment.yaml
│   │   ├── configmap-dev.yaml
│   │   └── ...
└── components/
    ├── metrics-server/
    │   ├── kustomization.yaml
    │   ├── deployment.yaml
    │   └── service.yaml
    ├── ingress-nginx/
    │   ├── kustomization.yaml
    │   ├── deployment.yaml
    │   └── configmap.yaml
    └── ...

component/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component # old name was Kustomization

resources:
  - deployment.yaml
  - service.yaml

namespace: kube-system

commonLabels:
  app.kubernetes.io/component: metrics-server

patches: # "patches" modifies existing while "resources" add new ones
  - patch: api-patch.yaml

Usage: overlay/dev/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
  - ../../base

components:
  - ../../components/metrics-server

Cmds​

Setup​

Transformers​

Image Transformers​

Patches​

JSON 6902 Patch​

Strategic Merge Patch​

Overlays​

Components​