74

I have been using the Kubernetes and Helm for a while and have now come across Kustomize for the first time.

But what exactly is the difference between Kustomize and Helm?

Are both simply different solutions for bundling K8s elements such as services, deployments, ...? Or does it make sense to use both Helm and Kustomize together?

Datz
  • 3,156
  • 3
  • 22
  • 50

3 Answers3

71

The best way to describe the differences is to refer to them as different types of deployment engines. Helm is a Templating Engine and Kustomize is an Overlay Engine.

So what are these? Well when you use a templating engine you create a boilerplate example of your file. From there you abstract away contents with known filters and within these abstractions you provide references to variables. These variables are normally abstracted to another file where you insert information specific to your environment Then, on runtime, when you execute the templating engine, the templates are loaded into memory and all of the variables are exchanged with their placeholders.

This is different from an overlay engine in a few nuanced ways. Normally about how information gets into configuration examples. Noticed how I used the word examples there instead of templates. This was intentional as Kustomize doesn't use templates. Instead, you create a Kustomization.yml file. This file then points to two different things. Your Base and your Overlays. At runtime your Base is loaded into memory and if any Overlays exist that match they are merged over top of your Base configuration.

The latter method allows you to scale your configurations to large numbers of variants more easily. Imagine maintaining 10,000 different sets of variables files for 10,000 different configurations. Now imagine maintaining a hierarchy of modular and small configurations that can be inherited in any combination or permutation? It would greatly reduce redundancy and greatly improve manageability.

Another nuance to make note of is ownership of the projects. Helm is operated by a third party. Kustomize is developed directly by the Kubernetes team. Though both are CNCF projects. In fact, Kustomize functionality is directly supported in Kubectl. You can build and perform a Kustomize project like so: kubectl apply -k DIR. However, the version of kustomize embedded in the kubectl binary is out of date and missing some new features.

There are a few other improvements in Kustomize too that are somewhat more minor but still worth mentioning. It can reference bases from the internet or other non-standard paths. It supports generators to build configuration files for you automatically based on files and string literals. It supports robust & granular JSON patching. It supports injecting metadata across configuration files.

The following links were added in the comments below for more comparisons:

dan carter
  • 4,158
  • 1
  • 33
  • 34
TJ Zimmerman
  • 3,100
  • 25
  • 39
  • 7
    I’m guessing you haven’t used Helm in a while because Tiller isn’t there anymore. They both use similar models for communication now, give or take storing the apply tracking data in the object itself or a Secret. Additionally while I personally prefer Kustomize, your statement vastly overestimates the community support behind it. Helm has far more users, integrations, and support. Technically Kustomize is included with kubectl now, but a version so old it is literally incompatible with current Kustomize in most places. – coderanger Mar 28 '20 at 03:57
  • 2
    Helm has a plagued history of poor security and Kustomize has official support by the developers of Kubernetes itself. Kustomize scales better than Helm due to the support of an inherited-base model of design. Kustomize supports a plugin framework allowing users to use Generators to build manifests dynamically. YAML isn't meant to be templated and it doesn't template well as a result. Ansible & Jinja2 is a cleaner solution for templating and producing resultant Kubernetes manifests than Helm anyway. And it's likely already used in most modern infrastructure stacks. Kustomize > Ansible > Helm – TJ Zimmerman Mar 28 '20 at 04:23
  • 2
    Kubectl (or rather kube itself) pins Kustomize 2.0.3. Again, I like Kustomize and use it over Helm myself, but you are still vastly overstating the level of community agreement on that point. You're not wrong, but you're still wrong :D – coderanger Mar 28 '20 at 06:36
  • 1
    @TJZimmerman the security issues of Helm are specific to the Helm 2 release. As Tiller is removed in Helm 3, I think that the issues you describe are for version 2. – George Tseres Mar 28 '20 at 18:36
  • 1
    Yeah, that's been mentioned multiple times now and I have updated my original answer accordingly. My claim is not that the presence of Tiller continues, in Helm 3, to be a security concern. My claim is that for most of the life of the project Helm used Tiller. And the developers were in no hurrry to remove that functionality. Helm developed a reputation for being insecure and that's not going away any time soon. Regardless of what changed in Helm 3. Furthermore, the fact that Kustomize is officially supported supports the claim that Helm will hold less market share in the future than Kustomize – TJ Zimmerman Mar 28 '20 at 18:54
  • I don't think that's been established at all. TIller was the issue. I have gripes about how helmhub is maintained but your untrusted charts point could also be true for `yum` or `apt-get` which also support adding repos from untrustworthy resources. Even with Kustomize if you can't trust where you're getting your bits from you're in trouble. – Bratchley Aug 06 '20 at 13:21
  • This answer has been getting quite a bit of traction lately so I edited it to remove my editorializing. In hindsight it's not fair to criticize Helm for things they did in history when comparing their present day value to the community. – TJ Zimmerman Sep 16 '20 at 16:15
  • @TJZimmerman - I am curious to know your opinion on https://medium.com/@alexander.hungenberg/helm-vs-kustomize-how-to-deploy-your-applications-in-2020-67f4d104da69 I am a newbie to k8s, just trying to study the landscape. – mark Sep 18 '20 at 14:33
  • @TJZimmerman - Also this - https://codeengineered.com/blog/2018/helm-kustomize-complexity/. Curious to get your opinion. – mark Sep 18 '20 at 15:38
  • I added your links to my post body. – TJ Zimmerman Nov 12 '20 at 02:20
  • 1
    I don't really get your nuances. What practical difference do the two approaches make? We use helm exactly as you describe kustomize. We have a helm values file that is our base, and then we overlay a number of values file for different environments and different sizings. Helm merges them all in, using the precedence as they appear on the command line. – dan carter Sep 27 '21 at 22:57
  • 1
    This highly accepted answer only mentions `helm` once, says `One is a Templating Engine and one is an Overlay Engine` - couldn't this AT LEAST replaces the `one`s with Helm and Kustomize? I'm unclear after reading which is which. I'm new to all this - it seems like `Helm` has been generally adopted, but maybe there are uses for Kustomize in an organization? – Marvin Mar 03 '23 at 17:35
  • @dancarter I came to say the same thing. Sounds more like an add for kustomize.... `Imagine maintaining 10,000 different sets of variables files for 10,000 different configurations` I think this would never happen in helm. You can pass multiple values files, and different values can act as flags which turn on templates which are imported into other templates. So you can have a hierarchy there as well. – TigerBear Jun 01 '23 at 08:19
  • The comment about ownership is a little out of date or inprecise, as both kubernetes and helm are CNCF projects. – dan carter Jul 18 '23 at 04:32
13

Almost everything. Like asking what's the difference between Apache and Nginx :) They do vaguely similar jobs but quantifying the differences is kind of impossible.

The short version is that Helm is a template-driven system based on decentralized model for chart sharing. Kustomize is based on deep merges and other structured transforms of YAML data.

There are cases where using both is reasonable, such as feeding the output from helm template into kustomize for overlays.

coderanger
  • 52,400
  • 4
  • 52
  • 75
  • 1
    There's a lot more nuance around both the technical differences and project differences than templates vs merges and they deserve to be addressed in such a commonly asked question. So I've added an additional comment with further elaboration on the nuanced differences between the two projects. – TJ Zimmerman Mar 28 '20 at 03:50
6

Both has its Pros and Cons. Lets look in this table

Helm is particularly useful for packaging, porting and installing apps that are well-defined, while Kustomize works best for modifying existing Kubernetes apps.

The fact that Kustomize and Helm offer unique specific benefits the best course of action would be to use the two tools side by side.

enter image description here

Nikhil Kumar Agrawal
  • 643
  • 8
  • 18
  • Kustomize can use helm charts, so it has packaging now. https://github.com/kubernetes-sigs/kustomize/blob/master/examples/chart.md – Almenon Feb 17 '23 at 14:44