Based on the docs that I've read, there are 3 methods of patching:
The difference between patchesStrategicMerge
and patchesJson6902
is obvious. patchesStrategicMerge
requires a duplicate structure of the kubernetes resource to identify the base resource that is being patched followed by the modified portion of the spec to denote what gets changed (or deleted).
patchesJson6902
defines a 'target' attribute used to specify the kubernetes resource with a 'path' attribute that specifies which attribute in the resource gets modified, added, or removed.
However, what is not clear to me is the difference between patches
and patchesJson6902
. They seem to be very similar in nature. Both specify a 'target' attribute and operation objects which describes what gets modified.
The only difference I've noticed is that patches
does not require a 'group' attribute while patchesJson6902
does; The reason for this is unknown.
So why the difference between the two? How do I determine which one to use?
kustomize supports patching via either a strategic merge patch (wherein you partially re-specify the thing you want to modify, with in-place changes) or a JSON patch (wherein you specify specific operation/target/value tuples in a particular syntax).
patchesJSON6902: A list of patches and associated targets, where each file is parsed as a JSON Patch and can only be applied to one target resource. patches: A list of patches and their associated targets. The patch can be applied to multiple objects.
An overlay is a directory with a kustomization. yaml that refers to other kustomization directories as its bases . A base has no knowledge of an overlay and can be used in multiple overlays. An overlay may have multiple bases and it composes all resources from bases and may also have customization on top of them.
Kustomize is a configuration management solution that leverages layering to preserve the base settings of your applications and components by overlaying declarative yaml artifacts (called patches) that selectively override default settings without actually changing the original files.
The explanation for this is here.
To summarize, patchJson6902
is an older keyword which can only match one resource via target
(no wildcards), and accepts only Group-version-kind (GVK), namespace, and name.
The patches
directive is newer and accepts more elements (annotation selector and label selector as well). In addition, namespace and name can be regexes. The target for patches
can match more than one resource, all of which will be patched.
In addition, with patches
, it will attempt to parse patch files as a Json6902 patch, and if that does not work, it will fall back to attempting the patch as a strategic merge. Therefore, in many cases patches
can obviate the need of using patchesStrategicMerge
as well.
Overall, it seems as if patches
should work pretty universally for new projects.
Upstream documentation for these key words:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With