name: kustomize基础 user-invocable: false description: 在使用Kustomize覆盖和补丁定制Kubernetes配置时使用,无需模板。 allowed-tools: []
Kustomize 基础
Kubernetes 配置定制无需模板。
基本结构
app/
├── base/
│ ├── kustomization.yaml
│ ├── deployment.yaml
│ └── service.yaml
└── overlays/
├── development/
│ └── kustomization.yaml
└── production/
└── kustomization.yaml
基础 Kustomization
# base/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
commonLabels:
app: myapp
namePrefix: myapp-
images:
- name: myapp
newTag: v1.0.0
覆盖 Kustomization
# overlays/production/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../base
replicas:
- name: myapp-deployment
count: 5
images:
- name: myapp
newTag: v2.0.0
patches:
- patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deployment
spec:
template:
spec:
containers:
- name: myapp
resources:
limits:
memory: "1Gi"
cpu: "1000m"
常见命令
# 构建 kustomization
kustomize build base/
# 构建覆盖
kustomize build overlays/production/
# 使用 kubectl 应用
kubectl apply -k overlays/production/
# 应用前差异比较
kubectl diff -k overlays/production/
转换器
常见标签
commonLabels:
app: myapp
environment: production
名称前缀/后缀
namePrefix: prod-
nameSuffix: -v2
命名空间
namespace: production
配置映射生成器
configMapGenerator:
- name: app-config
files:
- config.properties
literals:
- LOG_LEVEL=info
秘密生成器
secretGenerator:
- name: app-secrets
literals:
- password=secret123
最佳实践
使用基础配置用于通用配置
将通用配置保持在基础中,环境特定的在覆盖中。
战略合并补丁
patches:
- path: patch-deployment.yaml
JSON 补丁
patchesJson6902:
- target:
group: apps
version: v1
kind: Deployment
name: myapp
patch: |-
- op: replace
path: /spec/replicas
value: 3