|
|
Subscribe / Log in / New account

Does anybody use `kubectl apply --kustomize`?

Does anybody use `kubectl apply --kustomize`?

Posted Sep 3, 2022 17:22 UTC (Sat) by rra (subscriber, #99804)
In reply to: Does anybody use `kubectl apply --kustomize`? by brianeray
Parent article: The container orchestrator landscape

We use kustomize for some things because it's much simpler, but it has major limitations due to that simplicity.

The way I would explain it is that, when using kustomize, you write your Kubernetes manifests directly, and then you use kustomize to "poke" changes into them. It's akin to maintaining a core set of resources and then a set of diffs that you layer on top. As such, it has the problem of all diff systems: it's great and very convenient and easy to understand if the diffs you need are small, but it quickly becomes unwieldy if there are a lot of differences between deployments.

Because of that, if you're maintaining a big wad of flexible open source software (think Grafana, Redis, InfluxDB, that sort of thing), you are not going to have your downstream use kustomize; it would be a nightmare.

Helm can be used the same way, but I think it's best thought of as having an entirely different philosophy: you write a Helm chart that deploys your thing, you pick and choose exactly where that deployment can be customized, and you present an API to the consumers of your chart. (This API is in the form of your values.yaml file, which enumerates all of the supported customization points). Then, your downstream provides their own values.yaml to selectively override the default values, and Helm assembles the result. This has all the advantages that an API always has: you can hide complexity and separate concerns, which is much harder to do with kustomize (and any other patch system). And it has the disadvantages that any API has: more flexibility means more complexity, you have to learn the templating system (which is moderately annoying and tends to produce hideously confusing error messages), and you have to think hard about the API to provide a good one (and mostly people provide bad APIs with too many untested options).

Overall, having used both extensively, I went all in for Helm and haven't regretted it. I really like the clean separation of concerns of a proper API. But using kustomize is not wrong, and for smaller-scale projects than the fairly complex Kubernetes-based ecosystem I work on it may be the right choice.

to post comments

Does anybody use `kubectl apply --kustomize`?

Posted Sep 3, 2022 18:29 UTC (Sat) by brianeray (guest, #129476) [Link]

Exactly the background and advice I needed. Many thanks.

Does anybody use `kubectl apply --kustomize`?

Posted Sep 10, 2022 16:47 UTC (Sat) by Lennie (subscriber, #49641) [Link]

Seems like we still need an other approach because we haven't gotten the nuance exactly right.

The newest approach seems to be kpt Any idea they are on the right track ?


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds