Kustomize

Jan 1, 0001

Definition

Kustomize is a configuration management tool that allows users to customize Kubernetes YAML configurations without modifying the original files. It provides a way to manage Kubernetes resources by layering configurations and applying transformations, such as changing image tags or adding labels, through a declarative approach. Kustomize is integrated into kubectl, making it a native tool for Kubernetes configuration management.

Secure Settings Example

# kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - deployment.yaml
  - service.yaml

images:
  - name: myapp
    newTag: v1.2.3

patchesStrategicMerge:
  - |-
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: myapp-deployment
    spec:
      template:
        spec:
          containers:
            - name: myapp
              securityContext:
                runAsNonRoot: true
                capabilities:
                  drop: ["ALL"]

Insecure Settings Example

# kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - deployment.yaml
  - service.yaml

images:
  - name: myapp
    newTag: latest

patchesStrategicMerge:
  - |-
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: myapp-deployment
    spec:
      template:
        spec:
          containers:
            - name: myapp
              securityContext:
                runAsNonRoot: false
                capabilities:
                  add: ["SYS_ADMIN"]

Kustomize

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter