Kustomizing your Kubernetes Deployments

Kustomizing your Kubernetes Deployments
Cloud Native Computing Switzerland Meetup, 22 November 2018
David Schweikert @dschweikert
AdNovum Informatik AG

View Slide

“Configuration management” in Kubernetes?

View Slide

We don’t need it!
$ kubectl apply -f /

View Slide

But… how to parametrize?

View Slide

View Slide

Parametrization is important!
§ Minimize differences between environments
§ Test what you deploy in prod!
§ Avoid code duplication

View Slide

Me in 2017:
!

View Slide

Me in 2017:
!
§ OpenShift Templates
§ Helm
§ Self-made? Jinja2?
§ Even thinking of using Ansible…

View Slide

Me in 2018:
!
§ Kustomize

View Slide

What are the options?

View Slide

Ansible
Forge
Helm
K8comp
KPM
KY
Kapitan
Kdeploy
Kedge
Kenv
Kexpand
Kit-Deploymentizer
Kompose
Konfd
Kontemplate
Ksonnet
Ktmpl
Kubecfg
Kubegen
Kubernetes-deploy
Kubetpl
Kustomize
Mortar
OpenShift
templates
Psykube
Spread
Terraform
…

View Slide

Why Kustomize?

View Slide

Reason #1: Embrace Kubernetes API Object Descriptions (YAML files)

View Slide

kind: Service
apiVersion: v1
metadata:
name: my-service
spec:
selector:
app: MyApp
ports:
- protocol: TCP
port: 80
targetPort: 9376
my-service.yaml:

View Slide

local params = std.extVar("__ksonnet/params").components.demo;
local k = import "k.libsonnet";
local service = k.core.v1.service;
local servicePort = k.core.v1.service.mixin.spec.portsType;
local targetPort = params.containerPort;
local labels = {app: params.name};
local appService = service
.new(
params.name,
labels,
servicePort.new(params.servicePort, targetPort))
.withType(params.type);
k.core.v1.list.new([appService])
Ksonnet:

View Slide

keep your YAML files the way they are

View Slide

Reason #2: Keep using kubectl

View Slide

$ kustomize build . | kubectl apply -f -
Typical workflow:

View Slide

Helm:
§ forget about kubectl, now you need to always use “helm install”, “helm
ls”, “helm status”

View Slide

Reason #3: Declarative and Templates-free

View Slide

YAML can be painful sometimes

View Slide

View Slide

Templated YAML is much worse…

View Slide

apiVersion: v1
kind: Service
metadata:
name: {{ template "grafana.fullname" . }}
labels:
app: {{ template "grafana.name" . }}
chart: {{ template "grafana.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.service.labels }}
{{ toYaml .Values.service.labels | indent 4 }}
{{- end }}
{{- with .Values.service.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
type: ClusterIP
{{- if .Values.service.clusterIP }}
clusterIP: {{ .Values.service.clusterIP }}
{{end}}
{{- else if eq .Values.service.type "LoadBalancer" }}
…

View Slide

Kustomize’s cure:
§ No templating at all!

View Slide

Kustomize’s cure:
§ Overlays
§ Transformations
§ Generators
§ Patches

View Slide

Overlays

View Slide

Overlays
myApp
|
├── base
│ ├── deployment.yaml
│ ├── kustomization.yaml
│ └── service.yaml
|
├── development
│ ├── ingress.yaml
│ └── kustomization.yaml
|
└── production
├── ingress.yaml
└── kustomization.yaml
resources:
- deployment.yaml
- service.yaml

View Slide

Overlays
myApp
|
├── base
│ ├── kustomization.yaml
│ └── service.yaml
|
│ ├── ingress.yaml
|
└── production
├── ingress.yaml
└── kustomization.yaml
bases:
- ../base
resources:
- ingress.yaml
bases:
- ../base
resources:
- ingress.yaml

View Slide

$ kustomize build development
apiVersion: v1
kind: Service
metadata:
…
---
apiVersion: apps/v1
kind: Deployment
metadata:
…
---
apiVersion: apps/v1
kind: Ingress
metadata:
…

View Slide

Transformations

View Slide

Transformations
myApp|
├── base
|
bases:
- ../base
namePrefix: dev-
§ All resource names are now prefixed with “dev-”

View Slide

Transformations
It’s what makes kustomize so powerful:
§ Because it knows Kubernetes semantics
§ A single line, use-case specific (e.g. namePrefix) causes big changes
§ All references are preserved

View Slide

Generators
kustomization.yaml:
configMapGenerator:
- name: myconfig
files:
- configs/configfile
- configs/another_configfile
§ generates: myconfig-b62k6t7g8f (and fixes all references to it)
§ b62k6t7g8f is a hash of the contents

View Slide

Generators
kustomization.yaml:
configMapGenerator:
- name: myconfig
files:
- configs/configfile
- configs/another_configfile
§ generates: myconfig-b62k6t7g8f (and fixes all references to it)
§ b62k6t7g8f is a hash of the contents !!!

View Slide

Patches

View Slide

Patches
myApp|
├── base
|
| ├── deployment.patch.yaml
│ └── kustomization.yaml bases:
- ../base
patches:
- deployment.patch.yaml

View Slide

Patches
myApp|
├── base
|
| ├── deployment.patch.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
spec:
replicas: 1

View Slide

Patches
Same syntax as “kubectl patch”
§ Strategic merge patches
§ JSON patches (RFC 6902)

View Slide

Challenges

View Slide

Challenges
§ Documentation is (currently) not super great

View Slide

Challenges
§ Things that Kustomize doesn’t know about
§ OpenShift objects
§ CRDs

View Slide

Challenges
§ Things that Kustomize doesn’t know about
§ OpenShift objects
§ CRDs
It is now possible to extend Kustomize knowledge about Kubernetes
objects
see also: https://github.com/adnovum/kustomize-openshift

View Slide

Summary
When to use kustomize
§ It’s the perfect tool to parametrize your own application
When not to use kustomize
§ Packaging an application for the general public (use Helm for that)

View Slide

Questions?
More about this topic:
§ Declarative application management in Kubernetes
August 2017, by Brian Grant
§ Introducing kustomize; Template-free Configuration Customization for
Kubernetes
May 2018, by Jeff Regan and Phil Wittrock
Contacting me:
§ [email protected], @dschweikert

View Slide

Kustomizing your Kubernetes Deployments

Kustomizing your Kubernetes Deployments

David Schweikert

More Decks by David Schweikert

Other Decks in Technology

Featured

Transcript