Difference between revisions of "Kubernetes/Kustomize"
Jump to navigation
Jump to search
Line 8: | Line 8: | ||
# Install on Linux - option2 | # Install on Linux - option2 | ||
VERSION= | VERSION=v4.1.2 | ||
VERSION=$(curl --silent "https://api.github.com/repos/kubernetes-sigs/kustomize/releases | VERSION=$(curl --silent "https://api.github.com/repos/kubernetes-sigs/kustomize/releases" | jq -r '.[].tag_name | select(. | contains("kustomize"))' | sort | tail -1 | cut -d"/" -f2); echo $VERSION | ||
curl -L https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${VERSION}/kustomize_${VERSION}_linux_amd64.tar.gz -o kustomize_${VERSION}_linux_amd64.tar.gz | curl -L https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${VERSION}/kustomize_${VERSION}_linux_amd64.tar.gz -o kustomize_${VERSION}_linux_amd64.tar.gz | ||
tar xzvf kustomize_${VERSION}_linux_amd64.tar.gz | tar xzvf kustomize_${VERSION}_linux_amd64.tar.gz | ||
sudo install ./kustomize /usr/local/bin/kustomize | sudo install ./kustomize /usr/local/bin/kustomize | ||
kustomize version --short | |||
{kustomize/ | {kustomize/v4.1.2 2021-04-15T20:38:06Z } | ||
</source> | </source> | ||
Revision as of 12:29, 8 May 2021
Kustomize
kustomize lets you customize raw, template-free YAML files for multiple purposes, leaving the original YAML untouched and usable as is.
Install
# Detects your OS and downloads kustomize binary to cwd curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash # Install on Linux - option2 VERSION=v4.1.2 VERSION=$(curl --silent "https://api.github.com/repos/kubernetes-sigs/kustomize/releases" | jq -r '.[].tag_name | select(. | contains("kustomize"))' | sort | tail -1 | cut -d"/" -f2); echo $VERSION curl -L https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${VERSION}/kustomize_${VERSION}_linux_amd64.tar.gz -o kustomize_${VERSION}_linux_amd64.tar.gz tar xzvf kustomize_${VERSION}_linux_amd64.tar.gz sudo install ./kustomize /usr/local/bin/kustomize kustomize version --short {kustomize/v4.1.2 2021-04-15T20:38:06Z }
Kustomize build workflow
- kustomize vars - use
envsubst
instead
$ kustomize build ~/target
- load universal k8s object descriptions
- read
kustomization.yaml
from target - kustomize bases (recurse 2-5)
- load and/or generate resources
- apply target's kustomization operations
- fix name references
- emit yaml
Example 101
base/kustomization.yaml | overlays/dev/kustomization.yaml | overlays/prod/kustomization.yaml |
---|---|---|
apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization commonLabels: app: sonarqube resources: - gateway.yaml - virtual-service.yaml |
apiVersion: ... kind: Kustomization patches: - gateway_patch.yaml - virtual-service_patch.yaml resources: - ../../base |
apiVersion: ... kind: Kustomization patches: - gateway_patch.yaml - virtual-service_patch.yaml resources: - ../../base |
. ├── base │ ├── gateway.yaml │ ├── kustomization.yaml │ └── virtual-service.yaml └── overlays ├── dev │ ├── gateway_patch.yaml │ ├── kustomization.yaml │ └── virtual-service_patch.yaml └── prod ├── gateway_patch.yaml ├── kustomization.yaml └── virtual-service_patch.yaml # Build kuctomized output kustomize version --short # -> {kustomize/v3.8.2 2020-08-29T17:44:01Z } kustomize build overlays/dev # apply patches kustomize build base # run common functions (as described in base/kustomize.yaml) against the whole code base
What happens?
kustomize build overlays/dev
findskustomization.yaml
, that describes:patches: [gateway_patch.yaml, virtual-service_patch.yaml]
to be used over the baseresources: [../../base]
. There are 3 type of patches: patches, patchesStrategicMerge, patchesJson6902 to choose from
overlays/dev/kustomization.yaml
cascades to the base (source of manifests to be changed) via directiveresources: ["../../base"]
- The base directory contains and runs its own
kustomization.yaml
file. - The
base/kustomization.yaml
contains common operations, eg.commonLabels, namePrefix
functions to be applied to whole code base. - Then patch file(s) are applied eg.
gateway_patch.yaml
contains enough information to identify a resource/object and apply changes.
So, what happens
# Applying patch, overlays/dev/gateway_patch.yaml apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: name: sonarqube spec: servers: - port: number: 443 name: http protocol: HTTP hosts: - sonarqube-dev.acme.com # <- override # | # | over the base # v # base/gateway.yaml apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: labels: app: sonarqube name: sonarqube spec: selector: istio: ingressgateway servers: - hosts: - sonarqube.acme.com port: name: http number: 443 protocol: HTTP # | # | results with # v apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: labels: app: sonarqube owner: piotr # <- label added by base kustomize.yaml fn name: sonarqube spec: selector: istio: ingressgateway servers: - hosts: - sonarqube-dev.acme.com # <- patch override port: name: http number: 443 protocol: HTTP
Check yourselves
# __unchanged manifest_ _base kustomization_ ___patch overlay____________ vimdiff <(cat base/gateway.yaml) <(kustomize build base) <(kustomize build overlays/dev)
Examples
Known issues
- commonLabels altering podSelector.matchLabels and Allow excluding some label selectors from commonLabels
In some settings it makes sense for commonLabels
to be included in selectors, and in some settings it doers not make sense to include them in selectors. Kustomize includes by default, and there is no way to opt out. As workaround, you can convert matchLabels
to matchExpressions
and Kustomize won't touch them. API docs
- podSelector: matchLabels: app: mongodb-backup
is equivalent with
- podSelector: matchExpressions: - key: app operator: In values: - mongodb-backup
and Kustomize will keep its hands off.
Resources
- Kustomize sig
- Glossary
- Kustomization File Fields
- Kustomize - examples kubectl.docs.kubernetes.io
- Kustomize structure_directories
- reference Good!
- inlinePatch