Kustomize Tutorial: Declarative Kubernetes Configurations with Overlays, Patches, Secrets, and Image Updates

This guide introduces Kustomize as a native, declarative alternative to Helm for customizing Kubernetes resource manifests. It explains that Kustomize is integrated into kubectl from version 1.14, eliminating the need for a separate Tiller server and simplifying configuration management.

The article walks through creating a base directory with service.yaml and deployment.yaml , then defines a kustomization.yaml that references these files. It shows how to build the combined manifest using kustomize build or kubectl kustomize .

Overlay directories are used to customize environments such as production. By adding overlay kustomization.yaml files and strategic merge patches (e.g., custom-env.yaml for environment variables, replica-and-rollout-strategy.yaml for replica counts and rolling updates), the base manifests can be extended without modifying the original files.

Secret generation is demonstrated with kustomize edit add secret , creating a SecretGenerator entry in the overlay kustomization.yaml . The secret is then referenced in a deployment patch ( database-secret.yaml ) using valueFrom.secretKeyRef , ensuring that changes to the secret trigger rolling updates.

Image version updates are handled via the images field in kustomization.yaml or by using kustomize edit set image with a CI/CD variable (e.g., TAG_VERSION ). The final configuration, including all overlays, patches, secrets, and image tags, can be applied to the cluster with kubectl apply -k . .

Overall, the article provides a comprehensive, step‑by‑step example of using Kustomize for declarative configuration, environment‑specific overlays, secret management, and image updates, illustrating how to build and deploy the resulting manifests.