sigs.k8s.io/cluster-api@v1.7.1/docs/book/src/tasks/using-kustomize.md (about)

     1  # Using Kustomize with Workload Cluster Manifests
     2  
     3  Although the `clusterctl generate cluster` command exposes a number of different configuration values
     4  for customizing workload cluster YAML manifests, some users may need additional flexibility above
     5  and beyond what `clusterctl generate cluster` or the example "flavor" templates that some CAPI providers
     6  supply (as an example, see [these flavor templates](https://github.com/kubernetes-sigs/cluster-api-provider-azure/tree/main/templates/flavors)
     7  for the Cluster API Provider for Azure). In the future, a [templating solution](https://github.com/kubernetes-sigs/cluster-api/issues/3252)
     8  may be integrated into `clusterctl` to help address this need, but in the meantime users can use
     9  `kustomize` as a solution to this need.
    10  
    11  This document provides a few examples of using `kustomize` with Cluster API. All of these examples
    12  assume that you are using a directory structure that looks something like this:
    13  
    14  ```bash
    15  .
    16  ├── base
    17  │   ├── base.yaml
    18  │   └── kustomization.yaml
    19  └── overlays
    20      ├── custom-ami
    21      │   ├── custom-ami.json
    22      │   └── kustomization.yaml
    23      └── mhc
    24          ├── kustomization.yaml
    25          └── workload-mhc.yaml
    26  ```
    27  
    28  In the overlay directories, the "base" (unmodified) Cluster API configuration (perhaps generated using
    29  `clusterctl generate cluster`) would be referenced as a resource in `kustomization.yaml` using `../../base`.
    30  
    31  ## Example: Using Kustomize to Specify Custom Images
    32  
    33  Users can use `kustomize` to specify custom OS images for Cluster API nodes. Using the Cluster API
    34  Provider for AWS (CAPA) as an example, the following `kustomization.yaml` would leverage a JSON 6902 patch
    35  to modify the AMI for nodes in a workload cluster:
    36  
    37  ```yaml
    38  ---
    39  apiVersion: kustomize.config.k8s.io/v1beta1
    40  kind: Kustomization
    41  resources:
    42    - ../../base
    43  patchesJson6902:
    44    - path: custom-ami.json
    45      target:
    46        group: infrastructure.cluster.x-k8s.io
    47        kind: AWSMachineTemplate
    48        name: ".*"
    49        version: v1alpha3
    50  ```
    51  
    52  The referenced JSON 6902 patch in `custom-ami.json` would look something like this:
    53  
    54  ```json
    55  [
    56      { "op": "add", "path": "/spec/template/spec/ami", "value": "ami-042db61632f72f145"}
    57  ]
    58  ```
    59  
    60  This configuration assumes that the workload cluster _only_ uses MachineDeployments. Since
    61  MachineDeployments and the KubeadmControlPlane both leverage AWSMachineTemplates, this `kustomize`
    62  configuration would catch all nodes in the workload cluster.
    63  
    64  ## Example: Adding a MachineHealthCheck for a Workload Cluster
    65  
    66  Users could also use `kustomize` to combine additional resources, like a MachineHealthCheck (MHC), with the
    67  base Cluster API manifest. In an overlay directory, specify the following in `kustomization.yaml`:
    68  
    69  ```yaml
    70  ---
    71  apiVersion: kustomize.config.k8s.io/v1beta1
    72  kind: Kustomization
    73  resources:
    74    - ../../base
    75    - workload-mhc.yaml
    76  ```
    77  
    78  The content of the `workload-mhc.yaml` file would be the definition of a standard MHC:
    79  
    80  ```yaml
    81  apiVersion: cluster.x-k8s.io/v1alpha3
    82  kind: MachineHealthCheck
    83  metadata:
    84    name: md-0-mhc
    85  spec:
    86    clusterName: test
    87    # maxUnhealthy: 40%
    88    nodeStartupTimeout: 10m
    89    selector:
    90      matchLabels:
    91        cluster.x-k8s.io/deployment-name: md-0
    92    unhealthyConditions:
    93    - type: Ready
    94      status: Unknown
    95      timeout: 300s
    96    - type: Ready
    97      status: "False"
    98      timeout: 300s
    99  ```
   100  
   101  You would want to ensure the `clusterName` field in the MachineHealthCheck manifest appropriately
   102  matches the name of the workload cluster, taking into account any transformations you may have specified
   103  in `kustomization.yaml` (like the use of "namePrefix" or "nameSuffix").
   104  
   105  Running `kustomize build .` with this configuration would append the MHC to the base
   106  Cluster API manifest, thus creating the MHC at the same time as the workload cluster.
   107  
   108  ## Modifying Names
   109  
   110  The `kustomize` "namePrefix" and "nameSuffix" transformers are not currently "Cluster API aware."
   111  Although it is possible to use these transformers with Cluster API manifests, doing so requires separate
   112  patches for Clusters versus infrastructure-specific equivalents (like an AzureCluster or a vSphereCluster).
   113  This can significantly increase the complexity of using `kustomize` for this use case.
   114  
   115  Modifying the transformer configurations for `kustomize` can make it more effective with Cluster API.
   116  For example, changes to the `nameReference` transformer in `kustomize` will enable `kustomize` to know
   117  about the references between Cluster API objects in a manifest. See
   118  [here](https://github.com/kubernetes-sigs/kustomize/tree/master/examples/transformerconfigs) for more
   119  information on transformer configurations.
   120  
   121  Add the following content to the `namereference.yaml` transformer configuration:
   122  
   123  ```yaml
   124  - kind: Cluster
   125    group: cluster.x-k8s.io
   126    version: v1alpha3
   127    fieldSpecs:
   128    - path: spec/clusterName
   129      kind: MachineDeployment
   130    - path: spec/template/spec/clusterName
   131      kind: MachineDeployment
   132  
   133  - kind: AWSCluster
   134    group: infrastructure.cluster.x-k8s.io
   135    version: v1alpha3
   136    fieldSpecs:
   137    - path: spec/infrastructureRef/name
   138      kind: Cluster
   139  
   140  - kind: KubeadmControlPlane
   141    group: controlplane.cluster.x-k8s.io
   142    version: v1alpha3
   143    fieldSpecs:
   144    - path: spec/controlPlaneRef/name
   145      kind: Cluster
   146  
   147  - kind: AWSMachine
   148    group: infrastructure.cluster.x-k8s.io
   149    version: v1alpha3
   150    fieldSpecs:
   151    - path: spec/infrastructureRef/name
   152      kind: Machine
   153  
   154  - kind: KubeadmConfig
   155    group: bootstrap.cluster.x-k8s.io
   156    version: v1alpha3
   157    fieldSpecs:
   158    - path: spec/bootstrap/configRef/name
   159      kind: Machine
   160  
   161  - kind: AWSMachineTemplate
   162    group: infrastructure.cluster.x-k8s.io
   163    version: v1alpha3
   164    fieldSpecs:
   165    - path: spec/template/spec/infrastructureRef/name
   166      kind: MachineDeployment
   167    - path: spec/infrastructureTemplate/name
   168      kind: KubeadmControlPlane
   169  
   170  - kind: KubeadmConfigTemplate
   171    group: bootstrap.cluster.x-k8s.io
   172    version: v1alpha3
   173    fieldSpecs:
   174    - path: spec/template/spec/bootstrap/configRef/name
   175      kind: MachineDeployment
   176  ```
   177  
   178  Including this custom configuration in a `kustomization.yaml` would then enable the use of simple
   179  "namePrefix" and/or "nameSuffix" directives, like this:
   180  
   181  ```yaml
   182  ---
   183  apiVersion: kustomize.config.k8s.io/v1beta1
   184  kind: Kustomization
   185  resources:
   186    - ../../base
   187  configurations:
   188    - namereference.yaml
   189  namePrefix: "blue-"
   190  nameSuffix: "-dev"
   191  ```
   192  
   193  Running `kustomize build. ` with this configuration would modify the name of all the Cluster API
   194  objects _and_ the associated referenced objects, adding "blue-" at the beginning and appending "-dev"
   195  at the end.