Skip to content
Rahul Shishodiaon GitHub LinkedIn profile

Kustomize

  • Plain YAML customization: no templating ({{ }}); patch-based overlays
  • Built into kubectl: kubectl apply -k / kubectl kustomize
  • Structure: base/ (shared) + overlays/ (env-specific patches)

kustomization.yaml 

resources:
  - nginx-depl.yaml
  - service.yaml
namespace: dev
namePrefix: dev-
commonLabels:
  env: dev
images:
  - name: nginx
    newTag: 1.25.1
patches:
  - path: replica-patch.yaml

Patches

  • Strategic merge: patches with partial YAML
  • JSON 6902: patchesJson6902 / patches with op: replace
# strategic merge patch
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-depl
spec:
  replicas: 3

Bases and overlays 

# overlays/prod/kustomization.yaml
resources:
  - ../../base
  - grafana-depl.yaml   # prod-only resource

configMapGenerator and secretGenerator

Generate ConfigMaps and Secrets from literals or files — Kustomize appends a hash suffix to the name, forcing Pod restarts on config changes.

# kustomization.yaml
configMapGenerator:
- name: app-config
  literals:
  - DB_HOST=mysql
  - DB_PORT=5432
- name: nginx-config
  files:
  - nginx.conf          # key = filename

secretGenerator:
- name: db-creds
  literals:
  - password=s3cre!
- name: tls-secret
  type: kubernetes.io/tls
  files:
  - tls.crt
  - tls.key
  • Generated name: app-config-<hash> (e.g. app-config-9t5b6m5k4k)
  • Suppress hash (not recommended): add options: {disableNameSuffixHash: true}
  • Reference by base name in your manifests; Kustomize rewrites the refs automatically
# In deployment.yaml — use base name, Kustomize updates it
envFrom:
- configMapRef:
    name: app-config   # becomes app-config-<hash> after kustomize build

Commands 

kubectl kustomize k8s/overlays/dev    # preview
kubectl apply -k k8s/overlays/dev
kustomize build k8s/overlays/dev      # if kustomize CLI installed

Helm vs Kustomize

HelmKustomize
SyntaxGo templatesPlain YAML
Package managerYesConfig only
Valid YAML before renderNoYes

Exam tips

  • Every kustomize dir needs kustomization.yaml
  • Overlay must reference base via resources: - ../../base
  • images transformer changes image tags without editing deployment YAML
  • configMapGenerator / secretGenerator appends hash — reference by base name in manifests