Kustomize Built-Ins
A list of kustomize’s built-in generators and transformers.
For each, an example is given for
-
triggering the feature via a dedicated kustomization file field (e.g. the
AnnotationsTransformeris triggered by thecommonAnnotationsfield). -
triggering the feature via the
generatorsortransformersfield (by providing a config file specifying the feature’s own configuration object).
The former method is convenient but limited in power as most of the configuration options must be defaulted. The latter method allows for complete argument specification.
AnnotationTransformer
Usage via kustomization.yaml
field name: commonAnnotations
Adds annotations (non-identifying metadata) to all resources. Like labels, these are key value pairs.
commonAnnotations:
oncallPager: 800-555-1212
Usage via transformers field
Arguments
Annotations map[string]string
FieldSpecs []config.FieldSpec
Example
apiVersion: builtin kind: AnnotationsTransformer metadata: name: not-important-to-example annotations: app: myApp greeting/morning: a string with blanks fieldSpecs: - path: metadata/annotations create: true
ConfigMapGenerator
Usage via kustomization.yaml
field name: configMapGenerator
Each entry in this list results in the creation of one ConfigMap resource (it’s a generator of n maps).
The example below creates three ConfigMaps. One with the names and contents of
the given files, one with key/value as data, and a third which sets an
annotation and label via options for that single ConfigMap.
Each configMapGenerator item accepts a parameter of
behavior: [create|replace|merge].
This allows an overlay to modify or
replace an existing configMap from the parent.
Also, each entry has an options field, that has the
same subfields as the kustomization file’s generatorOptions field.
This options field allows one to add labels and/or
annotations to the generated instance, or to individually
disable the name suffix hash for that instance.
Labels and annotations added here will not be overwritten
by the global options associated with the kustomization
file generatorOptions field. However, due to how
booleans behave, if the global generatorOptions field
specifies disableNameSuffixHash: true, this will
trump any attempt to locally override it.
# These labels are added to all configmaps and secrets.
generatorOptions:
labels:
fruit: apple
configMapGenerator:
- name: my-java-server-props
behavior: merge
files:
- application.properties
- more.properties
- name: my-java-server-env-vars
literals:
- JAVA_HOME=/opt/java/jdk
- JAVA_TOOL_OPTIONS=-agentlib:hprof
options:
disableNameSuffixHash: true
labels:
pet: dog
- name: dashboards
files:
- mydashboard.json
options:
annotations:
dashboard: "1"
labels:
app.kubernetes.io/name: "app1"
It is also possible to define a key to set a name different than the filename.
The example below creates a ConfigMap
with the name of file as myFileName.ini
while the actual filename from which the
configmap is created is whatever.ini.
configMapGenerator:
- name: app-whatever
files:
- myFileName.ini=whatever.ini
Usage via generators field
Arguments
Example
apiVersion: builtin kind: ConfigMapGenerator metadata: name: mymap envs: - devops.env - uxteam.env literals: - FRUIT=apple - VEGETABLE=carrot
ImageTagTransformer
Usage via kustomization.yaml
field name: images
Images modify the name, tags and/or digest for images without creating patches. E.g. Given this kubernetes Deployment fragment:
containers:
- name: mypostgresdb
image: postgres:8
- name: nginxapp
image: nginx:1.7.9
- name: myapp
image: my-demo-app:latest
- name: alpine-app
image: alpine:3.7
one can change the image in the following ways:
postgres:8tomy-registry/my-postgres:v1,- nginx tag
1.7.9to1.8.0, - image name
my-demo-apptomy-app, - alpine’s tag
3.7to a digest value
all with the following kustomization:
images:
- name: postgres
newName: my-registry/my-postgres
newTag: v1
- name: nginx
newTag: 1.8.0
- name: my-demo-app
newName: my-app
- name: alpine
digest: sha256:24a0c4b4a4c0eb97a1aabb8e29f18e917d05abfe1b7a7c07857230879ce7d3d3
Usage via transformers field
Arguments
ImageTag image.Image
FieldSpecs []config.FieldSpec
Example
apiVersion: builtin kind: ImageTagTransformer metadata: name: not-important-to-example imageTag: name: nginx newTag: v2
LabelTransformer
Usage via kustomization.yaml
field name: commonLabels
Adds labels to all resources and selectors
commonLabels:
someName: someValue
owner: alice
app: bingo
Usage via transformers field
Arguments
Labels map[string]string
FieldSpecs []config.FieldSpec
Example
apiVersion: builtin kind: LabelTransformer metadata: name: not-important-to-example labels: app: myApp env: production fieldSpecs: - path: metadata/labels create: true
NamespaceTransformer
Usage via kustomization.yaml
field name: namespace
Adds namespace to all resources
namespace: my-namespace
Usage via transformers field
Arguments
SetRoleBindingSubjects string
UnsetOnly bool
FieldSpecs []config.FieldSpec
unsetOnly is false by default. When true, NamespaceTransformer will only set namespace fields that are currently unset (empty string or missing). It is available in Kustomize v4.5.6+.
setRoleBindingSubjects controls NamespaceTransformer’s handling of subjects[].namespace fields within RoleBinding and ClusterRoleBinding objects. It is available in Kustomize v4.5.6+ and has three possible values:
defaultOnly(default): updates the namespaces of subjects with the name “default”.allServiceAccounts: updates the namespaces of all subjects withkind: ServiceAccount.none: no subjects updated.
Example
apiVersion: builtin kind: NamespaceTransformer metadata: name: not-important-to-example namespace: test setRoleBindingSubjects: none unsetOnly: true fieldSpecs: - path: metadata/name kind: Namespace create: true
This example will update the metadata/name field of all Namespace objects and the metadata/namespace field of all other objects (no fieldspec is required for this), if and only if they do not already have a value.
PatchesJson6902
Usage via kustomization.yaml
field name: patchesJson6902
Each entry in this list should resolve to a kubernetes object and a JSON patch that will be applied to the object. The JSON patch is documented at https://tools.ietf.org/html/rfc6902
target field points to a kubernetes object within the same kustomization by the object’s group, version, kind, name and namespace. path field is a relative file path of a JSON patch file. The content in this patch file can be either in JSON format as
[
{"op": "add", "path": "/some/new/path", "value": "value"},
{"op": "replace", "path": "/some/existing/path", "value": "new value"}
]
or in YAML format as
- op: add
path: /some/new/path
value: value
- op: replace
path: /some/existing/path
value: new value
patchesJson6902:
- target:
version: v1
kind: Deployment
name: my-deployment
path: add_init_container.yaml
- target:
version: v1
kind: Service
name: my-service
path: add_service_annotation.yaml
The patch content can be an inline string as well:
patchesJson6902:
- target:
version: v1
kind: Deployment
name: my-deployment
patch: |-
- op: add
path: /some/new/path
value: value
- op: replace
path: /some/existing/path
value: "new value"
Usage via transformers field
Arguments
Target types.PatchTarget
Path string
JsonOp string
Example
apiVersion: builtin kind: PatchJson6902Transformer metadata: name: not-important-to-example target: group: apps version: v1 kind: Deployment name: my-deploy path: jsonpatch.json
PatchesStrategicMerge
Usage via kustomization.yaml
field name: patchesStrategicMerge
Each entry in this list should be either a relative file path or an inline content resolving to a partial or complete resource definition.
The names in these (possibly partial) resource
files must match names already loaded via the
resources field. These entries are used to
patch (modify) the known resources.
Small patches that do one thing are best, e.g. modify a memory request/limit, change an env var in a ConfigMap, etc. Small patches are easy to review and easy to mix together in overlays.
patchesStrategicMerge:
- service_port_8888.yaml
- deployment_increase_replicas.yaml
- deployment_increase_memory.yaml
The patch content can be a inline string as well.
patchesStrategicMerge:
- |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
template:
spec:
containers:
- name: nginx
image: nignx:latest
Note that kustomize does not support more than one patch for the same object that contain a delete directive. To remove several fields / slice elements from an object create a single patch that performs all the needed deletions.
Usage via transformers field
Arguments
Paths []types.PatchStrategicMerge
Patches string
Example
apiVersion: builtin kind: PatchStrategicMergeTransformer metadata: name: not-important-to-example paths: - patch.yaml
PatchTransformer
Usage via kustomization.yaml
field name: patches
Each entry in this list should resolve to an Patch object, which includes a patch and a target selector. The patch can be either a strategic merge patch or a JSON patch. it can be either a patch file or an inline string. The target selects resources by group, version, kind, name, namespace, labelSelector and annotationSelector. A resource which matches all the specified fields is selected to apply the patch.
patches:
- path: patch.yaml
target:
group: apps
version: v1
kind: Deployment
name: deploy.*
labelSelector: "env=dev"
annotationSelector: "zone=west"
- patch: |-
- op: replace
path: /some/existing/path
value: new value
target:
kind: MyKind
labelSelector: "env=dev"
The name and namespace fields of the patch target selector are
automatically anchored regular expressions. This means that the value myapp
is equivalent to ^myapp$.
Usage via transformers field
Arguments
Path string
Patch string
Target *types.Selector
Example
apiVersion: builtin kind: PatchTransformer metadata: name: not-important-to-example patch: '[{"op": "replace", "path": "/spec/template/spec/containers/0/image", "value": "nginx:latest"}]' target: name: .*Deploy kind: Deployment
PrefixSuffixTransformer
Usage via kustomization.yaml
field names: namePrefix, nameSuffix
Prepends or postfixes the value to the names of all resources.
E.g. a deployment named wordpress could
become alices-wordpress or wordpress-v2
or alices-wordpress-v2.
namePrefix: alices-
nameSuffix: -v2
The suffix is appended before the content hash if the resource type is ConfigMap or Secret.
Usage via transformers field
Arguments
Prefix string
Suffix string
FieldSpecs []config.FieldSpec
Example
apiVersion: builtin kind: PrefixSuffixTransformer metadata: name: not-important-to-example prefix: baked- suffix: -pie fieldSpecs: - path: metadata/name
ReplicaCountTransformer
Usage via kustomization.yaml
field name: replicas
Replicas modified the number of replicas for a resource.
E.g. Given this kubernetes Deployment fragment:
kind: Deployment
metadata:
name: deployment-name
spec:
replicas: 3
one can change the number of replicas to 5 by adding the following to your kustomization:
replicas:
- name: deployment-name
count: 5
This field accepts a list, so many resources can be modified at the same time.
As this declaration does not take in a kind: nor a group:
it will match any group and kind that has a matching name and
that is one of:
DeploymentReplicationControllerReplicaSetStatefulSet
For more complex use cases, revert to using a patch.
Usage via transformers field
Arguments
Replica types.Replica
FieldSpecs []config.FieldSpec
Example
apiVersion: builtin kind: ReplicaCountTransformer metadata: name: not-important-to-example replica: name: myapp count: 23 fieldSpecs: - path: spec/replicas create: true kind: Deployment - path: spec/replicas create: true kind: ReplicationController
SecretGenerator
Usage via kustomization.yaml
field name: secretGenerator
Each entry in the argument list results in the creation of one Secret resource (it’s a generator of n secrets).
This works like the configMapGenerator field
described above.
secretGenerator:
- name: app-tls
files:
- secret/tls.cert
- secret/tls.key
type: "kubernetes.io/tls"
- name: app-tls-namespaced
# you can define a namespace to generate
# a secret in, defaults to: "default"
namespace: apps
files:
- tls.crt=catsecret/tls.cert
- tls.key=secret/tls.key
type: "kubernetes.io/tls"
- name: env_file_secret
envs:
- env.txt
type: Opaque
- name: secret-with-annotation
files:
- app-config.yaml
type: Opaque
options:
annotations:
app_config: "true"
labels:
app.kubernetes.io/name: "app2"
Usage via generators field
Arguments
Example
apiVersion: builtin kind: SecretGenerator metadata: name: my-secret namespace: whatever behavior: merge envs: - a.env - b.env files: - obscure=longsecret.txt literals: - FRUIT=apple - VEGETABLE=carrot
HelmChartInflationGenerator
Usage via kustomization.yaml
field name: helmCharts
Each entry in the argument list results in the pulling and rendering of a helm chart.
Each entry can have following fields:
name: The name of the chart that you want to use.repo: [Optional] The URL of the repository which contains the chart. If this is provided, the generator will try to fetch remote charts. Otherwise it will try to load local chart inchartHome.version: [Optional] Version of the chart. Will use latest version if this is omitted.releaseName: [Optional] The release name that will be set in the chart.namespace: [Optional] The namespace which will be used by--namespaceflag inhelm templatecommand.valuesFile: [Optional] A path to the values file.valuesInline: holds value mappings specified directly, rather than in a separate file.valuesMerge: specifies how to treatvaluesInlinewith respect to Values. Legal values: ‘merge’, ‘override’, ‘replace’. Defaults to ‘override’.includeCRDs: specifies if Helm should also generate CustomResourceDefinitions. Defaults to ‘false’.skipHooks: [Optional] Skips running hooks when inflating the chart. By default the inflation process used by Kustomize will render all the contents of the templates directory, which can result in output different than what you get when usinghelm install. Use this option to supress this behavior.additionalValuesFiles: [Optional] A list of local file paths to values files to be used in addition to current values file.skipTests: [Optional] Skips tests from templated outputapiVersions: [Optional] the kubernetes apiversions used for Capabilities.APIVersionsnameTemplate: [Optional] specifies the name template used to name the release
helmCharts:
- name: minecraft
repo: https://kubernetes-charts.storage.googleapis.com
version: v1.2.0
releaseName: test
namespace: testNamespace
valuesFile: values.yaml
additionalValuesFiles:
- values-file-1.yml
- values-file-2.yml
field name: helmGlobals
Stores settings affecting all entries in the related helmCharts field:
chartHome: a file path, relative to the kustomization root, to a directory containing a subdirectory for each chart to be included in the kustomization. The default value of this field is “charts”. So, for example, kustomize looks for the minecraft chart at{kustomizationRoot}/{ChartHome}/minecraft. If the chart is there at build time, kustomize will use it as found, and not check version numbers or dates. If the chart is not there, kustomize will attempt to pull it using the version number specified in the kustomization file, and put it there. To suppress the pull attempt, simply assure that the chart is already there.configHome: a value that kustomize should pass to helm via theHELM_CONFIG_HOMEenvironment variable. kustomize doesn’t attempt to read or write this directory. If omitted,{tmpDir}/helmis used, where{tmpDir}is some temporary directory created by kustomize for the benefit of helm.
helmGlobals:
chartHome: my-charts-dir
Usage via generators field
Arguments
additionalValuesFiles []string
apiVersions []string
chartHome string
configHome string
includeCRDs bool
name string
namespace string
nameTemplate string
releaseName string
repo string
skipHooks bool
valuesFile string
valuesInline map[string]interface{}
valuesMerge string
version string
skipTests bool
Example
apiVersion: builtin kind: HelmChartInflationGenerator metadata: name: myMap name: minecraft repo: https://kubernetes-charts.storage.googleapis.com version: v1.2.0 releaseName: test namespace: testNamespace valuesFile: values.yaml includeCRDs: true
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.