site/content/en/docs/Reference/API/Kustomization File/patches.md
Patches (also called overlays) add or override fields on resources. They are provided using the
patches Kustomization field.
The patches field contains a list of patches to be applied in the order they are specified.
Each patch may:
The patch target selects resources by group, version, kind, name, namespace, labelSelector and
annotationSelector. Any resource which matches all the specified fields has the patch applied
to it (regular expressions).
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
patches:
- path: patch.yaml
target:
group: apps
version: v1
kind: Deployment
name: deploy.*
labelSelector: "env=dev"
annotationSelector: "zone=west"
- patch: |-
- op: replace
path: /some/existing/path
value: new value
target:
kind: MyKind
labelSelector: "env=dev"
The name and namespace fields of the patch target selector are
automatically anchored regular expressions. This means that the value myapp
is equivalent to ^myapp$.
With patches it is possible to override the kind or name of the resource it is
editing with the options allowNameChange and allowKindChange. For example:
resources:
- deployment.yaml
patches:
- path: patch.yaml
target:
kind: Deployment
options:
allowNameChange: true
allowKindChange: true
By default, these fields are false and the patch will leave the kind and name of the resource untouched.
A patch can refer to a resource by any of its previous names or kinds. For example, if a resource has gone through name-prefix transformations, it can refer to the resource by its current name, original name, or any intermediate name that it had.
Strategic merge patches may require additional configuration via openapi field to work as expected with custom resources. For example, if a resource uses a merge key other than name or needs a list to be merged rather than replaced, Kustomize needs openapi information informing it about this.
JSON6902 patch usage is the same for built-in and custom resources.
Consider the following deployment.yaml common for all examples:
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: dummy-app
labels:
app.kubernetes.io/name: nginx
spec:
selector:
matchLabels:
app.kubernetes.io/name: nginx
template:
metadata:
labels:
app.kubernetes.io/name: nginx
spec:
containers:
- name: nginx
image: nginx:stable
ports:
- name: http
containerPort: 80
There are multiple possible strategies that all achieve the same results.
# kustomization.yaml
resources:
- deployment.yaml
patches:
- patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: dummy-app
labels:
app.kubernetes.io/version: 1.21.0
- patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: not-used
spec:
template:
spec:
containers:
- name: nginx
image: nginx:1.21.0
target:
labelSelector: "app.kubernetes.io/name=nginx"
If a target is specified, the name contained in the metadata is required but not used.
# kustomization.yaml
resources:
- deployment.yaml
patches:
- patch: |-
- op: add
path: /metadata/labels/app.kubernetes.io~1version
value: 1.21.0
target:
group: apps
version: v1
kind: Deployment
- patch: |-
- op: replace
path: /spec/template/spec/containers/0/image
value: nginx:1.21.0
target:
labelSelector: "app.kubernetes.io/name=nginx"
The target field is always required for JSON6902 patches.
A special replacement character ~1 is used to replace / in label name.
# kustomization.yaml
resources:
- deployment.yaml
patches:
- path: add-label.patch.yaml
- path: fix-version.patch.yaml
target:
labelSelector: "app.kubernetes.io/name=nginx"
As with the Inline Strategic Merge, the target field can be omitted.
In that case, the target resource is matched using
the apiVersion, kind and name from the patch.
# add-label.patch.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: dummy-app
labels:
app.kubernetes.io/version: 1.21.0
# fix-version.patch.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: not-used
spec:
template:
spec:
containers:
- name: nginx
image: nginx:1.21.0
As with the Inline Strategic Merge, the name field in the patch is not used when a target is specified.
# kustomization.yaml
resources:
- deployment.yaml
patches:
- path: add-label.patch.json
target:
group: apps
version: v1
kind: Deployment
- path: fix-version.patch.yaml
target:
labelSelector: "app.kubernetes.io/name=nginx"
As with Inline JSON6902, the target field is mandatory.
# add-label.patch.json
[
{"op": "add", "path": "/metadata/labels/app.kubernetes.io~1version", "value": "1.21.0"}
]
# fix-version.patch.yaml
- op: replace
path: /spec/template/spec/containers/0/image
value: nginx:1.21.0
External patch file can be written both as YAML or JSON. The content must follow the JSON6902 standard.
All four patches strategies lead to the exact same output:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: nginx
app.kubernetes.io/version: 1.21.0
name: dummy-app
spec:
selector:
matchLabels:
app.kubernetes.io/name: nginx
template:
metadata:
labels:
app.kubernetes.io/name: nginx
spec:
containers:
- image: nginx:1.21.0
name: nginx
ports:
- containerPort: 80
name: http