kustomize supports patching via either a strategic merge patch (wherein you partially re-specify the thing you want to modify, with in-place changes) or a JSON patch (wherein you specify specific operation/target/value tuples in a particular syntax).
A kustomize file lets one specify many patches. Each patch must be associated with a target selector:
patches: - path: <relative path to file containing patch> target: group: <optional group> version: <optional version> kind: <optional kind> name: <optional name or regex pattern> namespace: <optional namespace> labelSelector: <optional label selector> annotationSelector: <optional annotation selector>
E.g. select resources with name matching the regular expression foo.*
:
target: name: foo.*
Select all resources of kind Deployment
:
target: kind: Deployment
Using multiple fields just makes the target
more specific. The following selects only
Deployments that also have the label app=hello
(full label/annotation selector rules):
target: kind: Deployment labelSelector: app=hello
The example below shows how to inject a sidecar container for multiple Deployment resources.
Make a place to work:
DEMO_HOME=$(mktemp -d)
Make a file describing two Deployments:
cat <<EOF >$DEMO_HOME/deployments.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
old-label: old-value
name: deploy1
spec:
template:
metadata:
labels:
old-label: old-value
spec:
containers:
- name: nginx
image: nginx
args:
- one
- two
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
key: value
name: deploy2
spec:
template:
metadata:
labels:
key: value
spec:
containers:
- name: busybox
image: busybox
EOF
Declare a strategic merge patch file to inject a sidecar container:
cat <<EOF >$DEMO_HOME/patch.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: not-important
spec:
template:
spec:
containers:
- name: istio-proxy
image: docker.io/istio/proxyv2
args:
- proxy
- sidecar
EOF
Finally, define a kustomization file
that specifies both a patches
and resources
entry:
cat <<EOF >$DEMO_HOME/kustomization.yaml
resources:
- deployments.yaml
patches:
- path: patch.yaml
target:
kind: Deployment
EOF
Two deployment will be patched, the expected result is:
cat <<EOF >$DEMO_HOME/out_expected.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
old-label: old-value
name: deploy1
spec:
template:
metadata:
labels:
old-label: old-value
spec:
containers:
- args:
- proxy
- sidecar
image: docker.io/istio/proxyv2
name: istio-proxy
- args:
- one
- two
image: nginx
name: nginx
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
key: value
name: deploy2
spec:
template:
metadata:
labels:
key: value
spec:
containers:
- args:
- proxy
- sidecar
image: docker.io/istio/proxyv2
name: istio-proxy
- image: busybox
name: busybox
EOF
Run the build:
kustomize build $DEMO_HOME >$DEMO_HOME/out_actual.yaml
Confirm expectations:
diff $DEMO_HOME/out_actual.yaml $DEMO_HOME/out_expected.yaml
Let us do one more try. Redefine a kustomization file. This time only patch one deployment whose label is "key: value".
cat <<EOF >$DEMO_HOME/kustomization.yaml
resources:
- deployments.yaml
patches:
- path: patch.yaml
target:
kind: Deployment
labelSelector: key=value
EOF
Run the build:
kustomize build $DEMO_HOME
Confirm expectations:
Only deploy2 is patched since its label matches "labelSelector: key=value". No change for deploy1.