Kubernetes: How to Use Kustomize with Kubernetes

Architecture

From their site, Kustomize has a very wide usage:

• Kustomize helps customizing config files in a template free way.
• Kustomize provides a number of handy methods like generators to make customization easier.
• Kustomize uses patches to introduce environment specific changes on an already existing standard config file without disturbing it.

It’s a perfect tool to create environment based customizations to your k8s deployments. kustomize uses a concept of bases and overlays, where you define a base and then you create overlays which customize the configuration depending on your environment. There is a pretty cool diagram in their github:

And here is a simple directory hierarchy:

It’s also a perfect tool to be added into your CI/CD pipeline. From Workflow for off the shelf applications, here is a nice overview:

So let’s run through a couple of examples to see how it works. As a starting point, I created the following directory structure:

Container Images

First let’s try out modifying the container image version (this example is covered in customizing). As an example let’s create a simple deployment manifest:

And here is a simple kustomization to modify the tag:

Now to see how it gets parsed, we can use kubectl kustomize:

To actually apply it, we can run kubectl apply -k (vs kubectl apply -f):

That was pretty easy.

Patching

kustomize has two approaches to patching files: strategic merge patch and json 6902 patch.

Strategic Merge Patch

This is useful if you are making a lot of changes, so you can just provide a YAML file that looks like a k8s manifest file with all the resources you want to add/change. From the Patching multiple resources at once example, let’s inject a side car container into our deployment in our dev overlay. First let’s add a kustomization.yaml file into the dev overlay:

And now let’s add the patch file to specify the container we want to add:

And here is how the parsed manifest will end up looking like:

That looks good.

JSON 6902 Patch

This is good for adding/modifying one field at a time (also the parent path has to exist, so it doesn’t create sub fields, for more information check out this github feature request). Let’s say I want add a new annotation and to a serviceaccount, we could create the following patch:

Notice that I had to use ~1 to specify a forward slash / (this is covered in this github issue). And here is update kustomization.yaml to include the new patch file. Notice that I also added a target to specify which resource to modify:

And now here is the resulted manifest:

yay, that worked out as well.

ConfigGenerator

Let’s cover one more example, the configMapGenerator, this supports multiple approaches as well. I will cover two.

Using Literals to Specify Configs as Strings

There is also a nice example at ConfigMap generation and rolling updates. Let’s say I create the following in my base:

Now at the overlay kustomization:

Now I can modify the the deployment in the base to add the common configMap:

And then I added a patch in the overlay to append the environment variable (since I my sidecar proxy patch from before added up adding the container first, I had to basically append it to the second container of my deployment… 0 is the first and 1 is the second):

Parsing the config, here is what it creates:

We can see it creates a dynamic configMap name and adds it to our container accordingly… that is pretty cool :)

Using Files to Specify Configs

Another approach is to provide configuration files in the configMaps. Each file ends up being a new data entry in the configMap. Another cool example at Demo: combining config data from devops and developers. Let’s add it to our prod overlay. First let’s modify our base and add a new configMapGenerator:

Now let’s add it to our basedeployment as a volume, so each entry is added as a file under the config directory:

Now in the overlay, let’s add to our configMapGenerator:

And now generating the config here is how it looks like:

Now the container can parse all the files specified under the /etc/config directory… all in all kustomize is pretty cool :) There are actually a lot more that it does, and this was just a quick overview of some of the functions.

I hope you found just how useful Kustomize can be to your daily needs, working with K8s. Please stay tuned and subscribe for more articles and study materials on DevOps, Agile, DevSecOps and App Development.

If you’d like to learn more about Infrastructure as Code, or other modern technology approaches, Please read or other articles.

#YouAreAwesome #StayAwesome