Cheat sheet

Kustomize

Base and overlay structure, patches, generators, and CLI commands.

Directory structure

# Typical multi-env layout
k8s/
├── base/
│   ├── kustomization.yaml
│   ├── deployment.yaml
│   ├── service.yaml
│   └── configmap.yaml
└── overlays/
    ├── staging/
    │   ├── kustomization.yaml
    │   └── patch-replicas.yaml
    └── production/
        ├── kustomization.yaml
        ├── patch-replicas.yaml
        └── patch-resources.yaml

kustomization.yaml fields

# base/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

namespace: my-app

namePrefix: prod-
nameSuffix: -v2

# commonLabels is deprecated — use labels (avoids mutating selectors)
labels:
  - pairs:
      app: my-app
      env: production
    includeSelectors: false

commonAnnotations:
  team: platform

resources:
  - deployment.yaml
  - service.yaml

images:
  - name: my-app
    newTag: v1.2.3

configMapGenerator:
  - name: app-config
    literals:
      - LOG_LEVEL=info
      - PORT=8080

Overlays & patches

# overlays/production/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
  - ../../base

patches:
  - path: patch-replicas.yaml
  - path: patch-resources.yaml

images:
  - name: my-app
    newTag: v2.0.0

---
# patch-replicas.yaml (strategic merge patch)
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  replicas: 5

JSON 6902 patches

# More precise than strategic merge
# patch-resources.yaml
- op: replace
  path: /spec/template/spec/containers/0/resources/limits/memory
  value: "2Gi"

- op: add
  path: /spec/template/spec/containers/0/env/-
  value:
    name: EXTRA_VAR
    value: "true"

- op: remove
  path: /spec/template/spec/containers/0/livenessProbe

# Reference in kustomization.yaml
patches:
  - path: patch-resources.yaml
    target:
      kind: Deployment
      name: my-app

CLI commands

# Preview rendered output
kubectl kustomize ./overlays/production

# Apply overlay to cluster
kubectl apply -k ./overlays/production

# Delete resources defined in overlay
kubectl delete -k ./overlays/production

# Diff against live cluster
kubectl diff -k ./overlays/production

# Build with standalone kustomize CLI
kustomize build ./overlays/production

# Build and pipe to kubectl
kustomize build ./overlays/production \
  | kubectl apply -f -

Generators & transformers

# Generate ConfigMap from file
configMapGenerator:
  - name: app-config
    files:
      - config.properties
    options:
      disableNameSuffixHash: true

# Generate Secret from literals
secretGenerator:
  - name: db-creds
    literals:
      - DB_PASSWORD=secret123
    type: Opaque

# Replace image across all Deployments
images:
  - name: nginx
    newName: my-registry.example.com/nginx
    newTag: 1.27-alpine

# Add labels to all resources
labels:
  - pairs:
      managed-by: kustomize
      env: production
    includeSelectors: false

# Typical multi-env layout k8s/ ├── base/ │ ├── kustomization.yaml │ ├── deployment.yaml │ ├── service.yaml │ └── configmap.yaml └── overlays/ ├── staging/ │ ├── kustomization.yaml │ └── patch-replicas.yaml └── production/ ├── kustomization.yaml ├── patch-replicas.yaml └── patch-resources.yaml

# base/kustomization.yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: my-app namePrefix: prod- nameSuffix: -v2 # commonLabels is deprecated — use labels (avoids mutating selectors) labels: - pairs: app: my-app env: production includeSelectors: false commonAnnotations: team: platform resources: - deployment.yaml - service.yaml images: - name: my-app newTag: v1.2.3 configMapGenerator: - name: app-config literals: - LOG_LEVEL=info - PORT=8080

# overlays/production/kustomization.yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../../base patches: - path: patch-replicas.yaml - path: patch-resources.yaml images: - name: my-app newTag: v2.0.0 --- # patch-replicas.yaml (strategic merge patch) apiVersion: apps/v1 kind: Deployment metadata: name: my-app spec: replicas: 5

# More precise than strategic merge # patch-resources.yaml - op: replace path: /spec/template/spec/containers/0/resources/limits/memory value: "2Gi" - op: add path: /spec/template/spec/containers/0/env/- value: name: EXTRA_VAR value: "true" - op: remove path: /spec/template/spec/containers/0/livenessProbe # Reference in kustomization.yaml patches: - path: patch-resources.yaml target: kind: Deployment name: my-app

# Preview rendered output kubectl kustomize ./overlays/production # Apply overlay to cluster kubectl apply -k ./overlays/production # Delete resources defined in overlay kubectl delete -k ./overlays/production # Diff against live cluster kubectl diff -k ./overlays/production # Build with standalone kustomize CLI kustomize build ./overlays/production # Build and pipe to kubectl kustomize build ./overlays/production \ | kubectl apply -f -

# Generate ConfigMap from file configMapGenerator: - name: app-config files: - config.properties options: disableNameSuffixHash: true # Generate Secret from literals secretGenerator: - name: db-creds literals: - DB_PASSWORD=secret123 type: Opaque # Replace image across all Deployments images: - name: nginx newName: my-registry.example.com/nginx newTag: 1.27-alpine # Add labels to all resources labels: - pairs: managed-by: kustomize env: production includeSelectors: false