Kustomize — kustomization.yaml
If you like this project, consider supporting me on Buy Me a Coffee ☕️
☸️ Kustomize — Template-Free Kubernetes Configuration
Description / Описание:
Kustomize is a template-free configuration management tool for Kubernetes, built directly into kubectl. It uses a base and overlay pattern to customize Kubernetes manifests without modifying the originals. Instead of Go templates (like Helm), Kustomize applies declarative patches, strategic merges, and generators to produce environment-specific configurations. It is ideal for managing multi-environment deployments (dev/staging/prod) from a single set of base manifests.
[!NOTE] Current Status: Kustomize is a CNCF project and is integrated into
kubectl(viakubectl apply -k). It is widely used as a simpler alternative to Helm when templating is not needed. StandalonekustomizeCLI provides additional features over thekubectlbuilt-in version. Alternatives: Helm (full package management with templating), Timoni (CUE-based), cdk8s (programmatic). / Текущий статус: Kustomize — проект CNCF, встроен вkubectl. Альтернативы: Helm, Timoni, cdk8s.
Basic Structure
# Minimal kustomization.yaml / Минимальный kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
commonLabels:
app: demoBase & Overlay Pattern
Directory Structure / Структура директорий
base/
├── kustomization.yaml
├── deployment.yaml
└── service.yaml
overlays/
├── dev/
│ └── kustomization.yaml
├── staging/
│ └── kustomization.yaml
└── prod/
└── kustomization.yaml[!TIP] The base contains shared resources. Each overlay customizes the base for a specific environment without modifying the originals. / Base содержит общие ресурсы. Каждый overlay настраивает base под конкретное окружение без изменения оригиналов.
base/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
commonLabels:
app: myappoverlays/dev/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
namePrefix: dev-
replicas:
- name: myapp
count: 1
images:
- name: myapp
newTag: devoverlays/prod/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
namePrefix: prod-
replicas:
- name: myapp
count: 3
images:
- name: myapp
newTag: v1.2.3
configMapGenerator:
- name: app-config
literals:
- MODE=production
- LOG_LEVEL=info[!IMPORTANT] The
basesfield is deprecated in newer Kustomize versions. Useresourcesinstead to reference base directories. / Полеbasesустарело. Используйтеresourcesдля ссылки на base-директории.
Strategic Merge Patches
# overlays/prod/kustomization.yaml
patchesStrategicMerge:
- patch-resources.yaml
- patch-env.yamlpatch-resources.yaml (Strategic Merge) / Патч ресурсов
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
spec:
template:
spec:
containers:
- name: myapp
resources:
requests:
cpu: 500m
memory: 512Mi
limits:
cpu: 1000m
memory: 1GiJSON Patches
# overlays/prod/kustomization.yaml
patchesJson6902:
- target:
group: apps
version: v1
kind: Deployment
name: myapp
patch: |-
- op: replace
path: /spec/replicas
value: 5
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: NEW_VAR
value: "production"ConfigMap & Secret Generators
ConfigMap from literals / ConfigMap из значений
configMapGenerator:
- name: app-config
literals:
- MODE=prod
- LOG_LEVEL=info
- MAX_CONNECTIONS=100ConfigMap from files / ConfigMap из файлов
configMapGenerator:
- name: app-config
files:
- config.properties
- application.yamlSecret from literals / Secret из значений
secretGenerator:
- name: app-secret
literals:
- DB_PASSWORD=<PASSWORD>
- API_KEY=<SECRET_KEY>Secret from files / Secret из файлов
secretGenerator:
- name: tls-secret
files:
- tls.crt=cert.pem
- tls.key=key.pem
type: kubernetes.io/tls[!NOTE] Kustomize automatically appends a hash suffix to generated ConfigMaps and Secrets, ensuring rolling updates on content changes. Use
generatorOptions.disableNameSuffixHash: trueto disable this. / Kustomize автоматически добавляет хеш-суффикс к сгенерированным ConfigMap/Secret. ИспользуйтеgeneratorOptions.disableNameSuffixHash: trueдля отключения.
Image Tag Replacement
# Replace image tags / Замена тегов образов
images:
- name: nginx
newName: nginx
newTag: 1.21.0
- name: myapp
newName: <REGISTRY_URL>/myapp
newTag: v1.2.3# Digest replacement (immutable) / Замена digest (неизменяемый)
images:
- name: myapp
digest: sha256:1234567890abcdef...[!TIP] Using
digestinstead ofnewTagensures immutable deployments — the exact image is pinned regardless of tag changes. / ИспользованиеdigestвместоnewTagгарантирует неизменяемые развёртывания.
Namespace & Labels
# Set namespace for all resources / Установить namespace для всех ресурсов
namespace: production
# Common labels / Общие labels
commonLabels:
app: myapp
env: prod
managed-by: kustomize
# Common annotations / Общие аннотации
commonAnnotations:
monitoring: "true"
team: platform
# Name prefix/suffix / Префикс/суффикс имени
namePrefix: prod-
nameSuffix: -v2Common Commands
# Render kustomization / Рендер kustomization
kubectl kustomize ./overlays/prod
# Apply kustomization / Применить kustomization
kubectl apply -k ./overlays/prod
# Diff before apply / Разница перед применением
kubectl diff -k ./overlays/prod
# Delete resources / Удалить ресурсы
kubectl delete -k ./overlays/prod
# Build to file / Сохранить в файл
kubectl kustomize ./overlays/prod > rendered.yaml[!WARNING]
kubectl delete -kwill delete all resources defined in the kustomization. Double-check the overlay path before running in production. /kubectl delete -kудалит все ресурсы. Проверяйте путь overlay перед запуском в продакшене.
Troubleshooting
# Validate kustomization.yaml / Проверка kustomization.yaml
kubectl kustomize ./overlays/prod --enable-alpha-plugins
# Debug resource generation / Отладка генерации ресурсов
kubectl kustomize ./overlays/prod --load-restrictor=LoadRestrictionsNone
# Common errors / Часто встречающиеся ошибки:
# - "accumulating resources: ..." → Check base path is correct / Проверьте путь к base
# - "no matches for kind ..." → Ensure resources exist in base / Ресурсы должны быть в base
# - "multiple matches for ..." → Patches target must be unique / Цель патча уникальна
# View all resources / Просмотр всех ресурсов
kubectl kustomize ./overlays/prod | grep -E "^(kind|metadata):"Common Issues Quick Reference / Краткий справочник проблем
| Error / Ошибка | Cause / Причина | Fix / Решение |
|---|---|---|
accumulating resources |
Incorrect base path | Verify relative path to base directory / Проверить относительный путь |
no matches for kind |
Resource missing in base | Add resource to base kustomization.yaml / Добавить в base |
multiple matches |
Ambiguous patch target | Ensure unique name + kind in patch target / Уникальный name + kind |
must be a file |
Wrong path format | Use relative paths, not absolute / Относительные пути |
Documentation Links
- Kustomize Official Documentation: https://kustomize.io/
- Kustomize GitHub Repository: https://github.com/kubernetes-sigs/kustomize
- Kustomize API Reference: https://kubectl.docs.kubernetes.io/references/kustomize/
- kubectl apply -k Documentation: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization/
- Kustomize Examples: https://github.com/kubernetes-sigs/kustomize/tree/master/examples