Master Kustomize: Simplify Kubernetes Configs with Generators and Transformers
Kustomize, built into kubectl, lets you declaratively manage Kubernetes YAML by organizing base resources, dynamically generating ConfigMaps and Secrets, applying transformers for environment‑specific tweaks, and optionally validating output, enabling a clean Base + Overlay workflow that reduces duplication and simplifies multi‑environment configuration.
Introduction
Kustomize is built‑in to kubectl (v1.14+) and provides a declarative, template‑free way to customize Kubernetes manifests via a kustomization.yaml file.
Core building blocks
1. Resources – base configuration
The resources field lists YAML files or directories that form the foundation (Deployments, Services, etc.). A common “Base + Overlay” layout places shared files in a base directory and environment‑specific overlays reference them.
# kustomization.yaml
resources:
- ../base # include all .yaml under base
# or individual files
# - ../base/deployment.yaml
# - ../base/service.yaml2. Generators – dynamic ConfigMap and Secret creation
Generators automate creation of ConfigMaps and Secrets from files, literals or environment variables.
# configmap-generator.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: ConfigMapGenerator
metadata:
name: app-config
files:
- application.properties
literals:
- LOG_LEVEL=info3. Transformers – modify resources
Transformers adjust labels, annotations, names, namespaces, image tags, or apply JSON/strategic‑merge patches.
Add/modify commonLabels or commonAnnotations Prefix or suffix names with namePrefix / nameSuffix Change namespace via namespace field or a patch file
Update container image tags with the images block
Apply complex changes with patchesJson6902 or patchesStrategicMerge Example production overlay:
# kustomization.yaml (production overlay)
namespace: production
commonLabels:
env: production
images:
- name: my-app
newTag: v1.2.0
resources:
- ../../base4. Validators (optional) – enforce policies
Validators run after all resources are generated and can enforce required labels, resource limits, or integrate with policy engines such as OPA Gatekeeper.
Require a label (e.g., owner) on every resource
Check CPU/Memory limits are within allowed ranges
Hook into external policy engines for advanced validation
Processing flow
Load base resources – read files listed in resources Run generators – create ConfigMaps, Secrets, etc.
Apply transformers – modify the resources from the previous steps
(Optional) Run validators – verify the final manifest against policies
Output – merge everything into the final YAML
Preview the result with kubectl kustomize <kustomization_directory> or apply directly using kubectl apply -k <kustomization_directory>.
Key takeaways
Resources define the immutable base.
Generators create mutable configuration data and secrets.
Transformers provide flexible, environment‑specific customisation.
Validators (optional) add a compliance layer before deployment.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Ops Development & AI Practice
DevSecOps engineer sharing experiences and insights on AI, Web3, and Claude code development. Aims to help solve technical challenges, improve development efficiency, and grow through community interaction. Feel free to comment and discuss.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.