Skip to content

Flux Kustomize PostBuild Quick Fix - Post-Build Configuration

DodaTech Updated 2026-06-26 1 min read

Flux Kustomize post-build substitutions replace variables in manifests after kustomize build. Incorrect substitution syntax or missing variables cause reconciliation failures. This guide covers the fix.

Quick Fix

Wrong

spec:
  postBuild:
    substitute:
      image_tag: v1.0.0
      replicas: "3"

The issue: variable names with underscores may not match references in the kustomize manifests. PostBuild substitution uses ${variable_name} syntax, and manifests may use different variable naming.

spec:
  postBuild:
    substitute:
      image_tag: "v1.0.0"
      replicas: "3"
    substituteFrom:
    - kind: ConfigMap
      name: build-vars
    - kind: Secret
      name: build-secrets

With the kustomize manifest referencing:

apiVersion: apps/v1
kind: Deployment
spec:
  replicas: ${replicas}
  template:
    spec:
      containers:
      - image: myapp:${image_tag}
# Expected output after applying the fix
# PostBuild substitutes ${image_tag} → v1.0.0
# PostBuild substitutes ${replicas} → 3
# Variables also sourced from ConfigMap and Secret
# Kustomization applies with substituted values

Prevention

  • Use ${variable_name} syntax in kustomize manifests for substitution
  • Quote values in substitute to preserve string types
  • Use substituteFrom for bulk variable loading from ConfigMaps/Secrets
  • Ensure variable names match exactly between substitute and manifest references
  • Test substitutions with flux build kustomization <name> --dry-run

DodaTech Tools

Doda Browser's substitution inspector shows resolved variable values. DodaZIP archives substitution configurations for audit. Durga Antivirus Pro validates substitution values for injection.

FAQ

What is the difference between PostBuild substitute and kustomize vars?

PostBuild substitution happens after kustomize build, on the final rendered YAML. Kustomize vars are resolved during the kustomize build process. ||| Can PostBuild substitutions come from environment variables? No, PostBuild substitutes come from static values or ConfigMaps/Secrets referenced in substituteFrom. Use CI/CD to inject environment-specific values. ||| What happens if a substituted variable is not defined? The Kustomization reconciliation fails with a substitution error. Define all referenced variables or use flux build to check for missing substitutions.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro