Helm vs Kustomize - The Fight Between Templating and Patching in Kubernetes
Video Statistics and Information
Channel: DevOps Toolkit by Viktor Farcic
Views: 7,014
Rating: 4.9605265 out of 5
Keywords: kustomize vs helm, kustomize, helm, kubernetes, k8s, templating, patching, template, patch, helm 3, kustomize vs helm 3, kustomize vs helm 2021, kustomize kubernetes, kustomize k8s, kubernetes helm, helm kubernetes, helm chart, helm charts kubernetes, helm chart tutorial, helm charts beginners, helm charts example, kustomize kubernetes tutorial, helm kubernetes tutorial, helm kubernetes example, helm kubernetes explained, kubernetes helm 3, helm 3 kubernetes, Viktor Farcic
Id: ZMFYSm0ldQ0
Channel Id: undefined
Length: 34min 4sec (2044 seconds)
Published: Tue Jan 26 2021
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.
we currently use a mix and I'm seriously considerung only using kustomize in the future
Come on, people...It's not a fight. Kustomize and Helm don't have the same roles, and so they can't "fight" with each other.
Helm's primary purpose is in packaging apps -- its templating features are secondary. Kustomize is a templating utility -- its packaging features (if you even consider it having any) are secondary.
If you are deploying persistent apps into Kubernetes, you need to be using Helm, for its packaging capabilities. If you only use Kustomize (or just
helm template
to generate manifests), the end result is just an un-versioned pile of YAML that you cankubectl apply
to get running in your cluster. But that's not a "package". What if something gets removed from your application? The next time you do a Kustomize run and thenkubectl apply
, it's not going to remove those deleted things from the running app, because Kustomize doesn't grok what is currently running in the cluster: it's just a templating tool.Helm, on the other hand, does grok what is running in the cluster. It assigns a single label and version number to the package that is running in the cluster, and you can upgrade and downgrade between those versions. Resources that were added or removed between versions are properly added or removed from the cluster as expected. Kustomize can't do that, nor should it.
The big caveat to all this is if you are deploying in an "immutable infrastructure" sort of way, where every app deployment is brand-new. So instead of "upgrading" the existing app you have running, you create a new namespace and deploy the "new" app, then use blue-green or whatever to migrate the traffic to the new version. In that context, the value that Helm brings around packaging is substantially less, and so in that context you very well might get away with just using Kustomize to template your deployments.
I think this can be bested summed up by this quote by some of the maintainers of ArgoCD.
"But in the worst case, where existing chart parameters cannot support your desired manifest changes, you go through a whole song and dance of bundling a new a Helm chart, bumping its semantic version, publishing it to a chart repository, and redeploying with a helm upgrade. In the Linux world, this is analogous to building a new RPM, publishing the RPM to a yum repository, then running yum install, all so you can get your shiny new CLI into /usr/bin. While this model works great for packaging and distribution, in the case of bespoke SaaS applications, itβs an unnecessarily complex and roundabout way to deploy your applications. For this reason, many people choose to run helm template and pipe the output to kubectl apply, but at that point, you are better off using some other tool that is specifically designed for this purpose."
- GitOps and Kubernetes
Interesting topic, but it's difficult to cover this subject adequately in video. I'd much rather have read this than watched it.
There is a middle ground between the two, which is a different templating solution such as Jsonnet.
We've open sourced some of our internal documentation, and one of the pieces is called "Why Jsonnet", which covers exactly this:
https://github.com/gocardless/utopia-getting-started/wiki/Utopia:-Explanations:-Why-Jsonnet
Kustomize allows you to patch, but very inflexibly, and isn't good at code reuse or large projects. Helm can be flexible through (god awful, imo, but still) templating, but as soon as you walk outside of your chart you need to change the upstream package.
Jsonnet can provide the flexible templating with full code reuse, and enable patching from the outside in. Cuelang is another alternative for this. Both are much better suited to managing kubernetes resources than either jsonnet or kustomize, going by my experience.
IMHO the best thing to happen to helm (besides getting rid of tiller) was deprecating the default charts repo. Forcing tool developers to take on the lifecycle management of charts has rapidly sped up so many charts from being constantly outdated and insufficient to being automatically updated with each tool release.
Neither tool is perfect but at this point they both have their use cases in my tool box.
Nice video and great discussion!
What fight? I use them together and many people I know do that. They cover different use cases (though there's some overlap) so it's not one or the other.
Cheap clickbait.
We have a service oriented architecture with Golang, Java spring boot and .Net. I started setting up the staging environment for this using Helm but thankfully discovered kustomize before it was done and made the switch.
I'm happy with kustomize. I can't find anything it's lacking in our context.
We keep the kustomizations in the same repo as the source partly because it's simple and it works and also because it keeps CI setup simple. Devs push and trigger deploy and no need for any other repos to be involved.
At first it surprised me how little we needed Helm templating. I just setup a base kustomization and then use one overlay per branch that needs to be deployed. So staging and prod essentially.
We use TypeScript currently. It's easier to edit and reuse. The editor integration is also perfect.
https://kosko.dev/