KubernetesHelmKustomizeDevOpsGitOps

Team of 8 people. 12 nearly identical files. Every change copied manually.

2 min read Русский
Team of 8 people. 12 nearly identical files. Every change copied manually.

Eventually someone will forget. Of course, it happened.

The team copy-pasted Kubernetes configs across dev/staging/prod folders. Changed replica count in dev. Updated staging. Forgot prod.

Prod went down.

The problem: Manual copy-paste doesn’t scale. Human error is inevitable.

The solution: Automation. But there are three different tools, and the choice isn’t obvious.

Short version:

  • Manual copying = will break eventually
  • Helm = powerful but complex for simple tasks
  • Kustomize = simple but not for everything
  • Hybrid = what mature teams use

Result after switching: deployment errors -80%, deployment time cut in half.

⚙️ Technical details:

Three approaches:

Raw manifests = copy-paste YAML files per environment. Simple at first, nightmare at scale. Every change multiplies by number of environments.

Helm = package manager (like npm for K8s). You have base values.yaml (or defaults in the chart itself), then override per environment:

helm install app -f base-values.yaml -f dev-values.yaml --set image.tag=v1.2.3

Powerful templating with Go templates. Great for packaged apps with many config knobs.

Kustomize = layering system. Base manifests + patches per environment. No templating language - pure YAML overlays. What you see is what deploys.

Common mistakes:

  • Raw manifests in prod (copy-paste inevitably drifts)
  • Helm for everything (template syntax pain for trivial changes)
  • Kustomize for third-party apps (300-line patches = hell)
  • Not knowing you can mix them

What actually works:

Raw manifests when:

  • Proof of concept, single environment
  • That’s it. Seriously, don’t do this in production.

Helm when:

  • Third-party software (Prometheus, databases, ingress controllers)
  • Complex apps with many deployment variations
  • Sharing reusable packages across teams
  • Need rollback/upgrade lifecycle management

Kustomize when:

  • Your own microservices across environments
  • Simple environment patches (replicas, limits, domains)
  • GitOps workflows without template debugging
  • Patching third-party manifests without forking

The hybrid:

Helm for dependencies (with env-specific values files), Kustomize for your apps. This is what mature teams run. ArgoCD supports both natively for a reason.

Real example from an audit: moved from copy-pasted manifests to Helm (infra) + Kustomize (apps). Deployment errors dropped 80%, pipeline time cut by half.

Your setup? All-in on Helm, Kustomize only, or mix of both? Or something else?