我的书签
添加书签
移除书签Declarative Management of Kubernetes Objects Using Kustomize
Since 1.14, Kubectl also supports the management of Kubernetes objects using a kustomization file. To view Resources found in a directory containing a kustomization file, run the following command:
To apply those Resources, run with --kustomize or -k flag:
kubectl apply -k <kustomization_directory>
Install kubectl.
You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using , or you can use one of these Kubernetes playgrounds:
To check the version, enter kubectl version.
Overview of Kustomize
Kustomize is a tool for customizing Kubernetes configurations. It has the following features to manage application configuration files:
- generating resources from other sources
- setting cross-cutting fields for resources
- composing and customizing collections of resources
ConfigMap and Secret hold config or sensitive data that are used by other Kubernetes objects, such as Pods. The source of truth of ConfigMap or Secret are usually from somewhere else, such as a .properties file or a ssh key file. Kustomize has secretGenerator and configMapGenerator, which generate Secret and ConfigMap from files or literals.
configMapGenerator
To generate a ConfigMap from a file, add an entry to files list in configMapGenerator. Here is an example of generating a ConfigMap with a data item from a file content.
# Create a application.properties filecat <<EOF >application.propertiesFOO=BarEOFcat <<EOF >./kustomization.yamlconfigMapGenerator:- name: example-configmap-1files:- application.propertiesEOF
The generated ConfigMap can be checked by the following command:
kubectl kustomize ./
The generated ConfigMap is:
apiVersion: v1data:application.properties: |FOO=Barkind: ConfigMapmetadata:name: example-configmap-1-8mbdf7882g
ConfigMap can also be generated from literal key-value pairs. To generate a ConfigMap from a literal key-value pair, add an entry to literals list in configMapGenerator. Here is an example of generating a ConfigMap with a data item from a key-value pair.
cat <<EOF >./kustomization.yamlconfigMapGenerator:- name: example-configmap-2literals:- FOO=BarEOF
The generated ConfigMap can be checked by the following command:
kubectl kustomize ./
The generated ConfigMap is
apiVersion: v1data:FOO: Barkind: ConfigMapmetadata:name: example-configmap-2-g2hdhfc6tk
secretGenerator
# Create a password.txt filecat <<EOF >./password.txtusername=adminpassword=secretEOFcat <<EOF >./kustomization.yamlsecretGenerator:- name: example-secret-1files:- password.txtEOF
The generated Secret is as follows:
apiVersion: v1data:password.txt: dXNlcm5hbWU9YWRtaW4KcGFzc3dvcmQ9c2VjcmV0Cg==kind: Secretmetadata:name: example-secret-1-t2kt65hgtbtype: Opaque
To generate a Secret from a literal key-value pair, add an entry to literals list in secretGenerator. Here is an example of generating a Secret with a data item from a key-value pair.
cat <<EOF >./kustomization.yamlsecretGenerator:- name: example-secret-2literals:- username=admin- password=secretEOF
The generated Secret is as follows:
generatorOptions
The generated ConfigMaps and Secrets have a suffix appended by hashing the contents. This ensures that a new ConfigMap or Secret is generated when the content is changed. To disable the behavior of appending a suffix, one can use generatorOptions. Besides that, it is also possible to specify cross-cutting options for generated ConfigMaps and Secrets.
cat <<EOF >./kustomization.yamlconfigMapGenerator:- name: example-configmap-3literals:- FOO=BargeneratorOptions:disableNameSuffixHash: truelabels:type: generatedannotations:note: generatedEOF
Runkubectl kustomize ./ to view the generated ConfigMap:
apiVersion: v1data:FOO: Barkind: ConfigMapmetadata:annotations:note: generatedlabels:type: generatedname: example-configmap-3
It is quite common to set cross-cutting fields for all Kubernetes resources in a project. Some use cases for setting cross-cutting fields:
- setting the same namespace for all Resource
- adding the same name prefix or suffix
- adding the same set of labels
- adding the same set of annotations
Here is an example:
# Create a deployment.yamlcat <<EOF >./deployment.yamlapiVersion: apps/v1kind: Deploymentmetadata:name: nginx-deploymentlabels:app: nginxspec:selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxspec:containers:- name: nginximage: nginxEOFcat <<EOF >./kustomization.yamlnamespace: my-namespacenamePrefix: dev-nameSuffix: "-001"commonLabels:app: bingocommonAnnotations:oncallPager: 800-555-1212resources:- deployment.yamlEOF
Run kubectl kustomize ./ to view those fields are all set in the Deployment Resource:
apiVersion: apps/v1kind: Deploymentmetadata:annotations:oncallPager: 800-555-1212labels:app: bingoname: dev-nginx-deployment-001namespace: my-namespacespec:selector:matchLabels:app: bingotemplate:metadata:annotations:oncallPager: 800-555-1212labels:app: bingospec:containers:- image: nginxname: nginx
It is common to compose a set of Resources in a project and manage them inside the same file or directory. Kustomize offers composing Resources from different files and applying patches or other customization to them.
Composing
Kustomize supports composition of different resources. The resources field, in the kustomization.yaml file, defines the list of resources to include in a configuration. Set the path to a resource’s configuration file in the resources list. Here is an example for an nginx application with a Deployment and a Service.
# Create a deployment.yaml filecat <<EOF > deployment.yamlapiVersion: apps/v1kind: Deploymentmetadata:name: my-nginxspec:selector:matchLabels:run: my-nginxreplicas: 2template:metadata:labels:run: my-nginxspec:containers:- name: my-nginximage: nginxports:- containerPort: 80# Create a service.yaml filecat <<EOF > service.yamlapiVersion: v1kind: Servicemetadata:name: my-nginxlabels:run: my-nginxspec:ports:protocol: TCPselector:run: my-nginxEOF# Create a kustomization.yaml composing themcat <<EOF >./kustomization.yamlresources:- deployment.yaml- service.yamlEOF
The Resources from kubectl kustomize ./ contains both the Deployment and the Service objects.
Customizing
On top of Resources, one can apply different customizations by applying patches. Kustomize supports different patching mechanisms through patchesStrategicMerge and patchesJson6902. patchesStrategicMerge is a list of file paths. Each file should be resolved to a strategic merge patch. The names inside the patches must match Resource names that are already loaded. Small patches that do one thing are recommended. For example, create one patch for increasing the deployment replica number and another patch for setting the memory limit.
# Create a deployment.yaml filecat <<EOF > deployment.yamlapiVersion: apps/v1kind: Deploymentmetadata:name: my-nginxspec:selector:matchLabels:run: my-nginxreplicas: 2template:metadata:labels:run: my-nginxspec:containers:- name: my-nginximage: nginxports:- containerPort: 80EOF# Create a patch increase_replicas.yamlcat <<EOF > increase_replicas.yamlapiVersion: apps/v1kind: Deploymentmetadata:name: my-nginxspec:replicas: 3EOF# Create another patch set_memory.yamlcat <<EOF > set_memory.yamlapiVersion: apps/v1kind: Deploymentmetadata:name: my-nginxspec:template:spec:containers:- name: my-nginxresources:limits:memory: 512MiEOFcat <<EOF >./kustomization.yamlresources:- deployment.yamlpatchesStrategicMerge:- increase_replicas.yaml- set_memory.yamlEOF
Run kubectl kustomize ./ to view the Deployment:
apiVersion: apps/v1kind: Deploymentmetadata:name: my-nginxspec:replicas: 3selector:matchLabels:run: my-nginxtemplate:metadata:labels:run: my-nginxspec:containers:- image: nginxlimits:memory: 512Miname: my-nginxports:- containerPort: 80
# Create a deployment.yaml filecat <<EOF > deployment.yamlapiVersion: apps/v1kind: Deploymentmetadata:name: my-nginxspec:selector:matchLabels:run: my-nginxreplicas: 2template:metadata:labels:run: my-nginxspec:containers:- name: my-nginximage: nginxports:- containerPort: 80EOF# Create a json patchcat <<EOF > patch.yaml- op: replacepath: /spec/replicasvalue: 3EOF# Create a kustomization.yamlcat <<EOF >./kustomization.yamlresources:- deployment.yamlpatchesJson6902:- target:group: appsversion: v1kind: Deploymentname: my-nginxpath: patch.yamlEOF
Run kubectl kustomize ./ to see the replicas field is updated:
apiVersion: apps/v1kind: Deploymentmetadata:name: my-nginxspec:replicas: 3selector:matchLabels:run: my-nginxtemplate:metadata:labels:run: my-nginxspec:containers:- image: nginxname: my-nginxports:- containerPort: 80
In addition to patches, Kustomize also offers customizing container images or injecting field values from other objects into containers without creating patches. For example, you can change the image used inside containers by specifying the new image in images field in kustomization.yaml.
cat <<EOF > deployment.yamlapiVersion: apps/v1kind: Deploymentmetadata:name: my-nginxspec:selector:matchLabels:run: my-nginxreplicas: 2template:metadata:labels:run: my-nginxspec:containers:- name: my-nginximage: nginxports:- containerPort: 80cat <<EOF >./kustomization.yamlresources:- deployment.yamlimages:- name: nginxnewName: my.image.registry/nginxEOF
Run kubectl kustomize ./ to see that the image being used is updated:
Sometimes, the application running in a Pod may need to use configuration values from other objects. For example, a Pod from a Deployment object need to read the corresponding Service name from Env or as a command argument. Since the Service name may change as namePrefix or nameSuffix is added in the kustomization.yaml file. It is not recommended to hard code the Service name in the command argument. For this usage, Kustomize can inject the Service name into containers through vars.
# Create a deployment.yaml filecat <<EOF > deployment.yamlapiVersion: apps/v1kind: Deploymentmetadata:name: my-nginxspec:selector:matchLabels:run: my-nginxreplicas: 2template:metadata:labels:run: my-nginxspec:containers:- name: my-nginximage: nginxcommand: ["start", "--host", "\$(MY_SERVICE_NAME)"]EOF# Create a service.yaml filecat <<EOF > service.yamlapiVersion: v1kind: Servicemetadata:name: my-nginxlabels:run: my-nginxspec:ports:- port: 80protocol: TCPselector:run: my-nginxEOFcat <<EOF >./kustomization.yamlnamePrefix: dev-nameSuffix: "-001"resources:- deployment.yaml- service.yamlvars:- name: MY_SERVICE_NAMEobjref:kind: Servicename: my-nginxapiVersion: v1EOF
Run kubectl kustomize ./ to see that the Service name injected into containers is dev-my-nginx-001:
apiVersion: apps/v1kind: Deploymentmetadata:name: dev-my-nginx-001spec:replicas: 2selector:matchLabels:run: my-nginxtemplate:metadata:labels:run: my-nginxspec:containers:- command:- start- --host- dev-my-nginx-001image: nginxname: my-nginx
Kustomize has the concepts of bases and overlays. A base is a directory with a kustomization.yaml, which contains a set of resources and associated customization. A base could be either a local directory or a directory from a remote repo, as long as a kustomization.yaml is present inside. An overlay is a directory with a kustomization.yaml that refers to other kustomization directories as its bases. A base has no knowledge of an overlay and can be used in multiple overlays. An overlay may have multiple bases and it composes all resources from bases and may also have customization on top of them.
Here is an example of a base:
# Create a directory to hold the basemkdir base# Create a base/deployment.yamlcat <<EOF > base/deployment.yamlapiVersion: apps/v1kind: Deploymentmetadata:name: my-nginxspec:selector:matchLabels:run: my-nginxreplicas: 2template:metadata:labels:run: my-nginxspec:containers:- name: my-nginximage: nginxEOF# Create a base/service.yaml filecat <<EOF > base/service.yamlapiVersion: v1kind: Servicemetadata:name: my-nginxlabels:run: my-nginxspec:ports:- port: 80protocol: TCPselector:run: my-nginxEOF# Create a base/kustomization.yamlcat <<EOF > base/kustomization.yamlresources:- deployment.yaml- service.yamlEOF
This base can be used in multiple overlays. You can add different namePrefix or other cross-cutting fields in different overlays. Here are two overlays using the same base.
mkdir devcat <<EOF > dev/kustomization.yamlbases:- ../basenamePrefix: dev-EOFmkdir prodcat <<EOF > prod/kustomization.yamlbases:- ../basenamePrefix: prod-EOF
How to apply/view/delete objects using Kustomize
Use --kustomize or -k in kubectl commands to recognize Resources managed by kustomization.yaml. Note that -k should point to a kustomization directory, such as
kubectl apply -k <kustomization directory>/
Given the following kustomization.yaml,
# Create a deployment.yaml filecat <<EOF > deployment.yamlapiVersion: apps/v1kind: Deploymentmetadata:name: my-nginxspec:selector:matchLabels:run: my-nginxreplicas: 2template:metadata:labels:run: my-nginxspec:containers:- name: my-nginximage: nginxports:- containerPort: 80EOF# Create a kustomization.yamlcat <<EOF >./kustomization.yamlnamePrefix: dev-commonLabels:app: my-nginxresources:- deployment.yamlEOF
Run the following command to apply the Deployment object dev-my-nginx:
> kubectl apply -k ./deployment.apps/dev-my-nginx created
Run one of the following commands to view the Deployment object dev-my-nginx:
kubectl get -k ./
kubectl describe -k ./
Run the following command to delete the Deployment object dev-my-nginx:
> kubectl delete -k ./
What’s next
Thanks for the feedback. If you have a specific, answerable question about how to use Kubernetes, ask it on . Open an issue in the GitHub repo if you want to report a problem or .
