Kustomize Debug: Diagnose Build Errors and Bad Output (2026)

Kustomize’s build process is failing, and you’re seeing cryptic errors or output that’s just plain wrong.

Here’s how to nail down what’s going wrong:

Kustomize Build Errors and Bad Output

The Problem: kustomize build is failing, or the generated YAML is not what you expect.

Common Causes and Fixes:

1. Incorrect Resource Path in kustomization.yaml:

   • Diagnosis: Kustomize can’t find a file it’s supposed to include. This often happens when you’ve moved files or used relative paths that are no longer valid from the kustomization.yaml’s perspective.
   • Check: Run kustomize build <path_to_your_kustomization_dir> --dry-run and look for "open " errors.
   • Fix: Ensure all paths listed under resources: and patches: in your kustomization.yaml are correct relative to the kustomization.yaml file itself. For example, if kustomization.yaml is in ./overlays/production and your base is in ./base, and you have resources: [../../base/deployment.yaml], the path is correct. If you change it to resources: [../base/deployment.yaml], it will likely break.
   • Why it works: Kustomize resolves all paths relative to the directory containing the kustomization.yaml file. Correcting the relative path makes the target files discoverable.

2. Syntax Errors in Base or Overlay YAML:

   • Diagnosis: The YAML files Kustomize is trying to process (either from the base or overlays) have invalid syntax. Kustomize itself might not always catch this, but the Kubernetes API server definitely will, or you’ll see malformed output.
   • Check: Manually inspect the YAML files referenced in kustomization.yaml. Use a YAML linter (like yamllint or an IDE plugin) on your base and overlay YAML files.
   • Fix: Correct any indentation issues, missing colons, incorrect quoting, or invalid keys in your YAML. For example, a common mistake is missing a colon after a key, like apiVersion deployment instead of apiVersion: deployment.
   • Why it works: Valid YAML syntax is fundamental for Kubernetes objects. Correcting it allows Kustomize to parse and manipulate the configuration correctly.

3. Invalid Kustomization Directives:

   • Diagnosis: You’ve used a Kustomize directive (like patches, transformers, commonLabels, etc.) incorrectly, or with an invalid value.
   • Check: Refer to the Kustomize documentation for the correct syntax and allowed values for each directive. For example, patchesStrategicMerge expects valid Kubernetes object snippets, not arbitrary strings.
   • Fix: Ensure directives are spelled correctly and that their associated values conform to Kustomize’s expectations. For patchesStrategicMerge, make sure the patch file itself is valid YAML and targets a specific Kubernetes resource. If you have patchesStrategicMerge: - patch.yaml, ensure patch.yaml contains a valid Kubernetes object fragment.
   • Why it works: Kustomize relies on these directives to understand how to modify and combine resources. Incorrect directives lead to it misinterpreting your intent.

4. Name Conflicts or Incorrect Resource Selections in Patches:

   • Diagnosis: Patches are not being applied because Kustomize can’t find the resource to patch, or multiple resources with the same name/kind are causing ambiguity. This is common with patchesStrategicMerge.
   • Check: Use kustomize build <path> to see the final output. If a patch isn’t applied, examine the generated YAML. For patchesStrategicMerge, ensure the name and kind in your patch file exactly match the resource you intend to modify.
   • Fix: Be precise with your patch targets. If you have multiple deployments named app-deployment, and your patch targets name: app-deployment, kind: Deployment, it might apply to the first one it finds or fail if there’s ambiguity. Consider using patchesJson6902 for more targeted patching or ensuring unique names for resources being patched. For patchesStrategicMerge, a patch like apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-app will only apply to a Deployment resource named my-app.
   • Why it works: Patches are applied based on matching kind, apiVersion, and metadata.name. Precise matching ensures the patch lands on the intended resource.

5. CRDs Not Present or Not Loaded:

   • Diagnosis: You’re trying to apply resources that depend on Custom Resource Definitions (CRDs), but the CRDs themselves haven’t been applied to the cluster or are not included in the Kustomize build. Kustomize doesn’t automatically know about CRDs that aren’t explicitly part of its build process.
   • Check: Run kustomize build <path>. If your output includes CRs but they are invalid when applied to Kubernetes, the CRDs might be missing.
   • Fix: Add the CRDs to your base Kustomization or to a separate Kustomization that is applied before the resources that use them. For example, in your kustomization.yaml’s resources section, include the path to your CRD YAML files: resources: - ../../base/crds/mycrd.yaml - ../../base/deployment.yaml.
   • Why it works: Kubernetes needs the CRD definition to understand how to process custom resources. Kustomize needs to be told to include these definitions in its output.

6. Environment Variables Not Set for configMapGenerator or secretGenerator:

   • Diagnosis: You’re using configMapGenerator or secretGenerator to create secrets or configmaps from environment variables, but those variables aren’t defined in the shell where kustomize build is run.
   • Check: Examine the generated ConfigMap or Secret output. If values are missing or unexpected, it’s likely an environment variable issue.
   • Fix: Ensure the environment variables are exported before running kustomize build. For example:

     export MY_API_KEY="your-secret-value"
     export DATABASE_URL="postgres://user:pass@host:port/db"
     kustomize build .
     

     If your kustomization.yaml has:

     configMapGenerator:
     - name: app-config
       env: my-env.env # This file would export variables
     

     Or directly:

     configMapGenerator:
     - name: app-config
       literals:
       - API_KEY=${MY_API_KEY}
       - DB_URL=${DATABASE_URL}
     

     The variables MY_API_KEY and DATABASE_URL must be set in the shell.
   • Why it works: Kustomize interpolates environment variable values into the generated ConfigMaps and Secrets. If the variables aren’t present, the interpolation fails or results in empty values.

The next error you’ll likely encounter after fixing build issues is a kubectl apply -f - error related to RBAC, network policies, or resource limits not being correctly configured for the cluster.