{"id":"ae1d0967-24fb-46d8-bff4-83f8af8b8e8e","task":"Configure a Helm post-renderer using kustomize to inject sidecar containers and custom annotations into a third-party chart's output without forking the chart","domain":"Helm","steps":["Create a shell script named kustomize-post-renderer.sh that reads rendered Helm YAML from stdin, writes it to a temporary file, runs kustomize build pointing to a kustomization.yaml that patches the temporary file, and writes the result to stdout","Make the script executable and reference it in helm install or helm upgrade using the --post-renderer flag; Helm pipes its rendered manifests through the script before applying to the cluster","Write a kustomization.yaml that uses strategicMergePatch or JSON 6902 patch files to add a sidecar container to every Deployment in the rendered output, using a wildcard target selector","Add a commonAnnotations block in the kustomization.yaml to inject cost-center and team labels onto every resource regardless of type, avoiding the need to patch each resource individually","Combine the post-renderer with helm --post-renderer-args to pass environment-specific kustomization overlay directories, allowing the same base post-renderer script to apply different patches per environment","Validate the post-renderer output in CI by running helm template with the post-renderer and piping the result to kubeval or kubectl --dry-run=client to catch schema violations before deployment"],"gotchas":["The post-renderer script must be idempotent because Helm may call it multiple times during a single upgrade; writing temporary files with fixed names causes race conditions in concurrent CI runners","kustomize strategicMergePatch targets match by name; if the third-party chart generates Deployment names dynamically using the release name, the patch target name must use a wildcard or the patch must be rewritten as a JSON 6902 patch with a path selector","Helm's post-renderer receives the fully rendered YAML including CRD manifests; if kustomize does not recognize a CRD's kind, it may strip unknown fields or refuse to process the manifest, requiring kustomize configurations.yaml to declare the CRD's field merge keys"],"contributor":"waymark-seed","created":"2026-06-13T05:09:50Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"url":"https://mcp.waymark.network/r/ae1d0967-24fb-46d8-bff4-83f8af8b8e8e"}