Kustomize

Rohit PagoteRohit Pagote
4 min read

Table of contents

What is Kustomize?

  • Kustomize is a Kubernetes native configuration management tool that allows to customize Kubernetes YAML manifests without modifying the original files.

  • It is similar to the Ansible which is a configuration management tool for Linux (VM).

  • Instead of duplicating YAMLs for each environment (like dev, stage, or prod), Kustomize let’s us define overlays (small changes) on top of a common base.

  • Kustomize follows a ‘template-free‘ approach, meaning it does not use placeholders like HELM charts; it works directly with standard YAML files.

Why Kustomize?

  • Managing Kubernetes YAML files can quickly become messy if we have different environments like dev, stage or prod.

  • Without Kustomize, we will end up duplicating YAML files and manually tweaking them for each environment - which is error-prone and hard to maintain.

  • Kustomize solved this by allowing to:

    • Avoid YAML duplication: Reuse the same base manifests with small environment-specific overrides (overlays).

    • Keep configuration clean and DRY: Make minimal changes without editing the original YAMLs.

    • Manage multiple environments easily: Apply different settings like replica counts, image tags, or environment variables without copying entire files.

    • Native Kubernetes support: No need to install anything extra — kubectl has Kustomize built-in (kubectl apply -k).

    • No templating language: It’s 100% YAML-based — we don’t have to learn a new syntax like Helm templates.

Difference with HELM

  • Use Kustomize if you want to customize your own Kubernetes YAML files without introducing a templating system.

  • Use Helm if you want to package, distribute, and deploy complex Kubernetes applications that can be configured with templates.

Transformers

  • In Kustomize, Transformers are built-in functions that automatically modifies the Kubernetes YAML manifests based on kustomization.yaml configuration.

  • For example, transformers can:

    • Add labels or annotations to all the resources.

    • Update image tags in Deployments.

    • Modify namespace fields across all objects.

    • Set replica counts for Deployments or StatefulSets.

    • Adjust resource names (prefix, suffix) to avoid conflicts.

  • There are total around 10-15 transformers only available by default to use by Kustomize.

How it works

  • When we define fields like commonLabels, images, namespace, etc., in kustomization.yaml, Kustomize use transformers behind the scenes to apply those changes automatically to the correct places in the manifests.

Example

commonLabels:
  app: my-app
  env: staging

namePrefix: dev-

Patches

  • In Kustomize, Patches are partial YAML snippets that modify specific fields of base Kubernetes resources - without copying or rewriting the whole file.

  • They let us to override or update certain parts (like replica counts, environment variables, image tags, etc.) in a clean, targeted way.

Types of Patches

Strategic Merge Patch

  • Most commonly used.

  • We create a partial YAML snippet that specifies only the fields we want to update.

  • Example:

      # patch-replicas.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: my-app
  spec:
    replicas: 5

    In kustomization.yaml:

      apiVersion: kustomize.config.k8s.io/v1beta1
  kind: Kustomization

  resources:
  - ../base

  patches:
  - path: patch-replicas.yaml

JSON 6902 Patches

  • More fine-grained and powerful.

  • Here we define a JSON list of operations (add, remove, replace, etc.)

  • Useful for very specific updates or when Strategic Merge doesn’t behave the way we want.

  • Example:

      - op: add
    path: /metadata/labels/app-type
    value: web-serve

    In kustomization.yaml:

      apiVersion: kustomize.config.k8s.io/v1beta1
  kind: Kustomization

  resources:
  - ../base

  patches:
  - path: add-annotation.yaml
    target:
     group: apps
     version: v1
     kind: Deployment
     name: web-app

Generators

  • In Kustomize, Generators are special tools that generate Kubernetes resources (like ConfigMaps and Secrets) from files, literals or environment variables - instead of manually writing the YAML for them.

Types of Generators

ConfigMapGenerator

  • It creates a ConfigMap from files, literals, or environment variables.

      configMapGenerator:
    - name: app-config
      literals:
        - ENV=production
        - LOG_LEVEL=debug

  configMapGenerator:
    - name: app-config
      files:
        - config.properties

SecretGenerator

  • It creates a Secret from files, literals, or environment variables.

      secretGenerator:
    - name: db-secret
      literals:
        - username=admin
        - password=secret123

  secretGenerator:
    - name: tls-secret
      files:
        - tls.crt
        - tls.key

Important Points about Generators:

  • By default, generated ConfigMaps and Secrets have a hash appended to their name (e.g., app-config-6kk8h5f7d4) to help with Kubernetes rolling updates.

  • We can disable the hash suffix using options: disableNameSuffixHash: true.

  • Generated resources are immutable — if the content changes, a new ConfigMap or Secret is generated with a new name (good for triggering Pod restarts).

0
Subscribe to my newsletter

Read articles from Rohit Pagote directly inside your inbox. Subscribe to the newsletter, and don't miss out.

KubernetesKustomize

Written by

Rohit Pagote
Rohit Pagote

I am an aspiring DevOps Engineer proficient with containers and container orchestration tools like Docker, Kubernetes along with experienced in Infrastructure as code tools and Configuration as code tools, Terraform, Ansible. Well-versed in CICD tool - Jenkins. Have hands-on experience with various AWS and Azure services. I really enjoy learning new things and connecting with people across a range of industries, so don't hesitate to reach out if you'd like to get in touch.