{"id":13820301,"url":"https://github.com/stefanprodan/kustomizer","last_synced_at":"2025-04-07T11:10:36.595Z","repository":{"id":38421446,"uuid":"260933270","full_name":"stefanprodan/kustomizer","owner":"stefanprodan","description":"An experimental package manager for distributing Kubernetes configuration as OCI artifacts.","archived":false,"fork":false,"pushed_at":"2023-07-22T14:20:45.000Z","size":1428,"stargazers_count":291,"open_issues_count":8,"forks_count":14,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-03-31T04:06:03.449Z","etag":null,"topics":["kubernetes","package-manager"],"latest_commit_sha":null,"homepage":"https://kustomizer.dev","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stefanprodan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-05-03T13:54:40.000Z","updated_at":"2025-03-06T01:17:36.000Z","dependencies_parsed_at":"2024-01-13T16:23:08.427Z","dependency_job_id":"46180c91-4426-4f50-82b7-19c197499152","html_url":"https://github.com/stefanprodan/kustomizer","commit_stats":{"total_commits":175,"total_committers":4,"mean_commits":43.75,"dds":0.02285714285714291,"last_synced_commit":"2fde50a32b1dc098191972236ae1827a86d93924"},"previous_names":[],"tags_count":28,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stefanprodan%2Fkustomizer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stefanprodan%2Fkustomizer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stefanprodan%2Fkustomizer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stefanprodan%2Fkustomizer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stefanprodan","download_url":"https://codeload.github.com/stefanprodan/kustomizer/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247640465,"owners_count":20971557,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubernetes","package-manager"],"created_at":"2024-08-04T08:01:01.134Z","updated_at":"2025-04-07T11:10:36.575Z","avatar_url":"https://github.com/stefanprodan.png","language":"Go","funding_links":[],"categories":["package-manager","Configuration Management"],"sub_categories":[],"readme":"# kustomizer\n\n[![report](https://goreportcard.com/badge/github.com/stefanprodan/kustomizer)](https://goreportcard.com/report/github.com/stefanprodan/kustomizer)\n[![e2e](https://github.com/stefanprodan/kustomizer/workflows/e2e/badge.svg)](https://github.com/stefanprodan/kustomizer/actions)\n[![codecov](https://codecov.io/gh/stefanprodan/kustomizer/branch/main/graph/badge.svg?token=KEU5W1LSZC)](https://codecov.io/gh/stefanprodan/kustomizer)\n[![license](https://img.shields.io/github/license/stefanprodan/kustomizer.svg)](https://github.com/stefanprodan/kustomizer/blob/main/LICENSE)\n[![release](https://img.shields.io/github/release/stefanprodan/kustomizer/all.svg)](https://github.com/stefanprodan/kustomizer/releases)\n\nKustomizer is an experimental package manager for distributing Kubernetes configuration as OCI artifacts.\nIt offers commands to publish, fetch, diff, customize, validate, apply and prune Kubernetes resources.\n\nKustomizer relies on [server-side apply](https://kubernetes.io/docs/reference/using-api/server-side-apply/)\nand requires a Kubernetes cluster **v1.20** or newer.\n\n## Install\n\nThe Kustomizer CLI is available as a binary executable for all major platforms,\nthe binaries can be downloaded from GitHub [releases](https://github.com/stefanprodan/kustomizer/releases).\nThe binaries checksums are signed with Cosign\nand each release comes with a Software Bill of Materials (SBOM) in SPDX format.\n\nInstall the latest release on macOS or Linux with Homebrew:\n\n```bash\nbrew install stefanprodan/tap/kustomizer\n```\n\nFor other installation methods,\nsee [kustomizer.dev/install](https://kustomizer.dev/install/).\n\n## Get started\n\nTo get started with Kustomizer please visit the documentation website at [kustomizer.dev](https://kustomizer.dev/).\n\n## Concepts\n\n### OCI Artifacts\n\nKustomizer offers a way to distribute Kubernetes configuration using container registries.\nIt can package Kubernetes manifests in an OCI image and store them in a container registry,\nright next to your applications' images.\n\nKustomizer comes with commands for managing OCI artifacts:\n\n- `kustomizer push artifact oci://\u003cimage-url\u003e:\u003ctag\u003e -k [-f] [-p]`\n- `kustomizer tag artifact oci://\u003cimage-url\u003e:\u003ctag\u003e \u003cnew-tag\u003e`\n- `kustomizer list artifacts oci://\u003crepo-url\u003e --semver \u003ccondition\u003e`\n- `kustomizer pull artifact oci://\u003cimage-url\u003e:\u003ctag\u003e`\n- `kustomizer inspect artifact oci://\u003cimage-url\u003e:\u003ctag\u003e`\n- `kustomizer diff artifact \u003coci url\u003e \u003coci url\u003e`\n\nKustomizer is compatible with Docker Hub, GHCR, ACR, ECR, GCR, Artifactory,\nself-hosted Docker Registry and others. For auth, it uses the credentials from `~/.docker/config.json`.\n\n#### Sign \u0026 Verify Artifacts\n\nKustomizer can sign and verify artifacts using [sigstore/cosign](https://github.com/sigstore/cosign) either with\nstatic keys, Cloud KMS or keyless signatures\n(when running [Kustomizer with GitHub Actions](https://kustomizer.dev/github-actions/#publish-signed-artifacts)):\n\n- `kustomizer push artifact --sign --cosign-key \u003cprivate key\u003e`\n- `kustomizer pull artifact --verify --cosign-key \u003cpublic key\u003e`\n- `kustomizer inspect artifact --verify --cosign-key \u003cpublic key\u003e`\n\nFor an example on how to secure your Kubernetes supply chain with Kustomizer and Cosign\nplease see [this guide](https://kustomizer.dev/guides/secure-supply-chain/).\n\n### Resource Inventories\n\nKustomizer offers a way for grouping Kubernetes resources.\nIt generates an inventory which keeps track of the set of resources applied together.\nThe inventory is stored inside the cluster in a `ConfigMap` object and contains metadata\nsuch as the resources provenance and revision.\n\nThe Kustomizer garbage collector uses the inventory to keep track of the applied resources\nand prunes the Kubernetes objects that were previously applied but are missing from the current revision.\n\nYou specify an inventory name and namespace at apply time, and then you can use Kustomizer to\nlist, diff, update, and delete inventories:\n\n- `kustomizer apply inventory \u003cname\u003e [--artifact \u003coci url\u003e] [-f] [-p] -k`\n- `kustomizer diff inventory \u003cname\u003e [-a] [-f] [-p] -k`\n- `kustomizer get inventories --namespace \u003cnamespace\u003e`\n- `kustomizer inspect inventory \u003cname\u003e --namespace \u003cnamespace\u003e`\n- `kustomizer delete inventory \u003cname\u003e --namespace \u003cnamespace\u003e`\n\nWhen applying resources from OCI artifacts, Kustomizer saves the artifacts URL and\nthe image SHA-2 digest in the inventory. For deterministic and repeatable apply operations,\nyou could use digests instead of tags.\n\n### Encryption at rest\n\nKustomizer has builtin support for encrypting and decrypting Kubernetes configuration (packaged as OCI artifacts)\nusing [age](https://github.com/FiloSottile/age) asymmetric keys.\n\nTo securely distribute sensitive Kubernetes configuration to trusted users,\nyou can encrypt the artifacts with their age public keys:\n\n- `kustomizer push artifact oci://\u003cimage-url\u003e:\u003ctag\u003e --age-recipients \u003cpublic keys\u003e`\n\nUsers can access the artifacts by decrypting them with their age private keys:\n\n- `kustomizer inspect artifact oci://\u003cimage-url\u003e:\u003ctag\u003e --age-identities \u003cprivate keys\u003e`\n- `kustomizer pull artifact oci://\u003cimage-url\u003e:\u003ctag\u003e --age-identities \u003cprivate keys\u003e`\n- `kustomizer apply inventory \u003cname\u003e [--artifact \u003coci url\u003e] --age-identities \u003cprivate keys\u003e`\n- `kustomizer diff inventory \u003cname\u003e [--artifact \u003coci url\u003e] --age-identities \u003cprivate keys\u003e`\n\n## Contributing\n\nKustomizer is [Apache 2.0 licensed](LICENSE) and accepts contributions via GitHub pull requests.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstefanprodan%2Fkustomizer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstefanprodan%2Fkustomizer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstefanprodan%2Fkustomizer/lists"}