IT Get in touch

Kustomize: declarative Kubernetes configuration without templates

Kustomize 1.0 (July 2018) by Google (Jeff Regan, Phillip Wittrock): template-free Kubernetes manifest customization with patches, overlays, bases. Planned for integration in kubectl. Alternative to Helm for configuration.

Open Source
Open Source KustomizeKubernetesGoogleConfigurationkubectlOpen Source
Linux Services & Systems

Linux Services & Systems

Domains, hosting, PEC, email infrastructure, network services and Linux systems. Open Source infrastructure support and management.

Discover →

Template or not template?

Managing multi-environment (dev/staging/prod) Kubernetes configurations requires YAML transformations. Two philosophies:

  • Template-based — Helm uses Go templates with {{ .Values.foo }}: powerful but pollutes YAML
  • Template-free — always-valid YAML manifests, modifications via patches and overlays

Kustomize follows the second path.

The release

Kustomize is developed at Google by Jeff Regan and Phillip Wittrock. The first 1.0.x branch is published in mid 2018 (1.0.8 on 30 September 2018). Written in Go, Apache 2.0 licence. Kubernetes SIG-CLI subproject. Native integration in kubectl apply -k ./ is expected in an upcoming kubectl release.

Structure

base/
  kustomization.yaml
  deployment.yaml
  service.yaml
overlays/
  dev/
    kustomization.yaml
    replica-patch.yaml
  prod/
    kustomization.yaml
    replica-patch.yaml
    ingress.yaml

kustomization.yaml in each overlay inherits base/ and applies transformations.

# overlays/prod/kustomization.yaml
bases:
  - ../../base
namespace: production
patches:
  - replica-patch.yaml
images:
  - name: app
    newTag: v2.1.0
configMapGenerator:
  - name: app-config
    envs: [config.env]

Features

  • Strategic merge patches — YAML patches with K8s semantics
  • JSON 6902 patches — RFC-standard pointed modifications
  • Common labels/annotations — added to all resources
  • Namespace prefix/suffix — for multi-tenant
  • ConfigMap/Secret generator — from files or literals
  • Image tags override — for release deploy
  • Components (more recent) — reusable modules

Integration

  • kubectl — native kubectl apply -k
  • ArgoCD — first-class kustomize support
  • Flux CD — Kustomization CRD is the primary mechanism
  • Helm + Kustomize — render Helm, kustomize patch on top (“post-render” pattern)

Kustomize vs Helm

KustomizeHelm
TemplatesNoYes (Go templates)
Always valid YAMLYesNo (mixed template)
Package distributionNoYes (chart repository)
Release managementNoYes (helm upgrade, rollback)
Logic complexityLowHigh

In practice they coexist: Helm to distribute third-party software (cert-manager, Prometheus), Kustomize for internal team configuration.

In the Italian context

Kustomize is starting to spread in Italian Kubernetes clusters for multi-environment (dev/test/prod) and multi-tenant scenarios, thanks to the readability of always-valid manifests.

References: Kustomize 1.0 branch (2018, 1.0.8 on 30 September 2018). Google (SIG-CLI Kubernetes). Jeff Regan, Phillip Wittrock. Apache 2.0 licence.

Need support? Under attack? Service Status
Need support? Under attack? Service Status