IT Get in touch

Kustomize: declarative Kubernetes configuration without templates

Kustomize 1.0 (July 2018) by Google (Jeff Regan, Phillip Wittrock): template-free Kubernetes manifest customization with patches, overlays, bases. Integrated in kubectl since 2019. Alternative to Helm for configuration.

Open Source
Open Source KustomizeKubernetesGoogleConfigurationkubectlOpen Source
Linux Services & Systems

Linux Services & Systems

Domains, hosting, PEC, email infrastructure, network services and Linux systems. Assistance and management of Open Source infrastructure.

Discover →

Template or not template?

Managing multi-environment (dev/staging/prod) Kubernetes configurations requires YAML transformations. Two philosophies:

  • Template-based — Helm uses Go templates with {{ .Values.foo }}: powerful but pollutes YAML
  • Template-free — always-valid YAML manifests, modifications via patches and overlays

Kustomize follows the second path.

The release

Kustomize is developed at Google by Jeff Regan and Phillip Wittrock. The first 1.0.x branch is published in mid 2018 (1.0.8 on 30 September 2018). Written in Go, Apache 2.0 licence. Kubernetes SIG-CLI subproject. Natively integrated in kubectl 1.14 (March 2019) as kubectl apply -k ./.

Structure

base/
  kustomization.yaml
  deployment.yaml
  service.yaml
overlays/
  dev/
    kustomization.yaml
    replica-patch.yaml
  prod/
    kustomization.yaml
    replica-patch.yaml
    ingress.yaml

kustomization.yaml in each overlay inherits base/ and applies transformations.

# overlays/prod/kustomization.yaml
bases:
  - ../../base
namespace: production
patches:
  - replica-patch.yaml
images:
  - name: app
    newTag: v2.1.0
configMapGenerator:
  - name: app-config
    envs: [config.env]

Features

  • Strategic merge patches — YAML patches with K8s semantics
  • JSON 6902 patches — RFC-standard pointed modifications
  • Common labels/annotations — added to all resources
  • Namespace prefix/suffix — for multi-tenant
  • ConfigMap/Secret generator — from files or literals
  • Image tags override — for release deploy
  • Components (more recent) — reusable modules

Integration

  • kubectl — native kubectl apply -k
  • ArgoCD — first-class kustomize support
  • Flux CD — Kustomization CRD is the primary mechanism
  • Helm + Kustomize — render Helm, kustomize patch on top (“post-render” pattern)

Kustomize vs Helm

KustomizeHelm
TemplatesNoYes (Go templates)
Always valid YAMLYesNo (mixed template)
Package distributionNoYes (chart repository)
Release managementNoYes (helm upgrade, rollback)
Logic complexityLowHigh

In practice they coexist: Helm to distribute third-party software (cert-manager, Prometheus), Kustomize for internal team configuration.

In the Italian context

Kustomize is very widespread in Italian Kubernetes clusters:

  • GitOps with ArgoCD/Flux based on Kustomize overlays
  • Separate multi-environment dev/test/prod
  • Multi-tenant with namespace prefix
  • Digital PA — PSN projects with declarative manifests
  • Banking / telco — regulatory configurations versioned in Git

References: Kustomize 1.0 branch (2018, 1.0.8 on 30 September 2018). Google (SIG-CLI Kubernetes). Jeff Regan, Phillip Wittrock. Apache 2.0 licence. Integrated in kubectl 1.14 (March 2019) as kubectl apply -k.

Need support? Under attack? Service Status
Need support? Under attack? Service Status