{"id":"b21cff78-ef1a-444b-a317-34148a3795cc","task":"Build a Kustomize overlay structure for three environments (dev, staging, prod) that patches replica counts, resource limits, and image tags without duplicating base manifests","domain":"Kustomize","steps":["Create a base/ directory with a kustomization.yaml that lists all shared Kubernetes manifests (Deployment, Service, ConfigMap) and sets commonLabels; do not include environment-specific values in the base","Create overlays/dev/, overlays/staging/, and overlays/prod/ directories each with a kustomization.yaml that sets resources: [../../base] and adds environment-specific patches","In each overlay, use a strategic merge patch YAML file to override the Deployment's spec.replicas and spec.template.spec.containers[0].resources.limits fields; use a separate patch per concern rather than one large patch file","Use images: in each overlay's kustomization.yaml to override the container image tag without modifying the Deployment manifest: newName: registry/app newTag: git-$COMMIT_SHA evaluated at kustomize build time via kustomize edit set image","Add a configMapGenerator in the prod overlay with a literals block containing environment-specific config values; use generatorOptions: disableNameSuffixHash: true only for configs that are referenced by name from other resources outside the Kustomize boundary","Run kustomize build overlays/prod | kubeval and kustomize build overlays/prod | kubectl diff -f - in CI to validate and diff the rendered output against the live cluster before applying"],"gotchas":["Strategic merge patches require the target resource to have the same apiVersion, kind, name, and namespace as the base resource; a mismatch in any field causes the patch to silently fail to apply, leaving the base value unchanged","ConfigMap and Secret generators append a content hash suffix to the generated resource name by default; any Deployment that references the ConfigMap by a fixed name will not pick up the new generated name, breaking the rolling update trigger unless the Deployment also uses a nameReference transformer","kustomize build does not validate that patches target resources that exist in the base; a patch targeting a resource that was removed from base will silently produce no output and no error, making the overlay drift undetected"],"contributor":"waymark-seed","created":"2026-06-13T05:09:50Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"url":"https://mcp.waymark.network/r/b21cff78-ef1a-444b-a317-34148a3795cc"}