Awesome Kubernetes Configuration Management

This list is incomplete. Feel free to contribute and help expand it.

Configuration Management

• Generation (G): Given some non-Kubernetes configuration, returns Kubernetes manifests.
• Mutation (M): Given Kubernetes manifests, returns (possibly different) Kubernetes manifests.
• Validation (V): Given Kubernetes manifests, returns validation results.
• Deployment (D): Given Kubernetes manifest, makes Kubernetes API calls.
• Sharing (S): Enables the packaging and/or distribution of Kubernetes manifests.
• In cluster (I): Runs in cluster.
• Local (L): Runs locally.

	Features	Languages	Notes
Acorn	DI
Ansible	GDL	YAML, Jinja2, Python (for plugins)	Related: Kubernetes Collection;
AppController	DI		Abandoned;
Argo CD	DI
autoapply	DI	YAML
Bazel	DL	Starlark	Related: rules_gitops, rules_k8s;
Bicep	GDSL	Bicep	Related: Kubernetes provider, Kubernetes type definitions;
cdk8s	GSL	TypeScript, Python, Java, Go	Related: cdk8s+;
Checkov	VIL	YAML, Python
compose2kube	GL	YAML	Abandoned;
Config Sync	DI
Conftest	VL	Rego	Related: Kubernetes policies;
Crossplane	GDI		Related: Ansible provider, Argo CD provider, Helm provider, Kubernetes provider, Terraform provider;
CUE	GVSL	CUE
Cyclops	GDI	graphical UI
Datree	VIL	JSON schema, Rego
dekorate	GL	Java
Dhall	GSL	Dhall	Related: dhall-kubernetes;
dxcfg	GL	JavaScript, TypeScript	Abandoned;
Flux v1	DI		Abandoned;
Flux v2	DI		Related: Weave GitOps;
Gatekeeper	MVI	Rego	External data support;
Glasskube	DSI
Helm	GDSL	Go Template
Helmfile	DL	YAML
Helmsman	DL	TOML
Helmwave	DL	YAML
Isopod	GVDL	Starlark
jk	GL	JavaScript, TypeScript	Abandoned;
Jsonnet	GML	Jsonnet	Related: kube-libsonnet, k8s-gen, k8s-libsonnet;
jsPolicy	MVI	JavaScript, TypeScript	"Controller policies" support;
k-rail	MVI	any (gRPC)	Abandoned;
k8comp	GL	ERB (Ruby templating)	Abandoned;
k8spkg	MDL		Abandoned;
kadet	GL	Python
Kapitan	GML	YAML, Jsonnet, Jinja2, Python
kapp	DL
kapp-controller	DI
Kargo Render	GL	YAML
Kasane	ML	YAML, Jsonnet	Abandoned;
kb8or	GDL	YAML	Abandoned;
KCL	GMVSL	KCL	Related: Run KCL scripts as KRM functions;
Kedge	GDL	YAML	Abandoned;
Keel	DI		Updates container image version;
kenv	ML	YAML	Abandoned; Injects environment variables in Pods;
Keptn	DI
khelm	GML
Kluctl	GDIL	YAML, Jinja2
ko	MDL		Limited to Go applications;
Kompose	GL	YAML
konfd	GI	Go template	Abandoned;
Kosko	GVL	JavaScript, TypeScript
KOTS	DSIL
kpt	GMVDSL	YAML, Go, Typescript, Starlark, any (w/o SDK)
kr8	GL	Jsonnet
kraan	DI
krane	GDL	ERB (Ruby templating)
Kratix	GDI
ksonnet	GVDSL	Jsonnet	Abandoned; Related: ksonnet-lib;
ktmpl	GL		Abandoned;
kube-applier	DI		Abandoned;
kubeapply	GDL	YAML, Starlark	Related: Terraform provider;
kubecfg	GDL	Jsonnet
Kubeconform	VL
kubectl	GVDL
kubegen	GL	YAML, JSON, HCL	Abandoned;
KubeLinter	VL	YAML
kubenix	GL	Nix	Related: GTrunSec/kubenix, blaggacao/kubenix, xtruder/kubenix;
Kubescape	VIL	Rego	External data support;
Kubeval	VL		Abandoned;
KubeVela	GDIL
Kubewarden	MVI	any (WebAssembly)
Kusion	GVDL	KCL
kustomize	ML	YAML
kustomizer	GMSL
kvert	GL	edn (Clojure)	Abandoned;
Kyverno	GMVIL	YAML, CEL	External data support;
Lingon	GL	Go	Abandoned;
Meshery	GDI	YAML
Microconfig	GL
mimic	GL	Go
Monokle	GVDL
NAML	GDL	Go
Nickel	GVL	Nickel
OpenCompose	GL		Abandoned;
PipeCD	DI
Pkl	GSL	Pkl	Related: Kubernetes Pkl templates, Kubernetes Pkl examples, Other Pkl (Kubernetes) packages;
Polaris	MVIL	YAML, JSON Schema
Project Syn	GMDSIL	YAML, Jsonnet, Jinja2, Python	Related: Commodore, Lieutenant API, Lieutenant Operator, Steward;
Psykube	GDL	YAML	Abandoned;
Pulumi	GDL	JavaScript, TypeScript, Python, Go, C#, Visual Basic, F#, Java, YAML	Related: Kubernetes provider, Operator;
Radius	DI	Bicep
Razee	GDI		Abandoned;
Score	GL	YAML	Related: Helm integration;
Ship	DL		Abandoned;
shipcat	GDL	YAML	Abandoned;
Shipit	DL	ERB (Ruby templating)
Skycfg	GL	Starlark, Go
specctl	GL	YAML	Supports generating manifests from docker compose files, and ECS Fargate task and service definitions;
Tanka	GDSL	Jsonnet
Terraform	GDL	HCL	Related: Kubernetes provider, k8s provider, Kustomize provider, Helm provider;
Tilt	GMDL	Starlark
Timoni	GDSL	CUE
Tye	GDL		Limited to .NET applications;
Untrak	L	YAML	Abandoned; Garbage collect untracked resources;
ValidatingAdmissionPolicy	VI	CEL
werf	GDSL	YAML
YAMLScript	GL	YAMLScript
ytt	GMVL	YAML, Starlark

Secret Management

• In cluster (I): Runs in cluster.
• Local (L): Runs locally.
• Application (A): Runs side-by-side with the application.

	Features	Notes
agebox	L
aws-secret-operator	I
Azure Key Vault to Kubernetes (akv2k8s)	IA
BlackBox	L
conjur-authn-k8s-client	A
ejson	L	Related: ejson2env;
External Secrets	I
git-crypt	L
git-encrypt	L	Abandoned;
git-secret	L
helm-secrets	L
helm-ssm	L	Abandoned;
Hiera eyaml	L
Infisical Secrets Operator	I	Related: Infisical;
Kamus	IA
Keyringer	L	Abandoned;
Kube-secret-syncer	I
Murmur	A
pass	L
Piggy	A
Rot	L
Sealed Secrets	I
Secrets Store CSI Driver	I	Related: AWS Secrets Manager and Systems Manager Parameter Store provider, Azure Key Vault provider, Google Secret Manager provider, HashiCorp Vault provider, CyberArk Conjur provider (WIP);
secure_yaml	L	Abandoned;
SOPS	L	Related: KSOPS (kustomize KRM exec plugin), Helm Sops, SOPS secrets operator, SOPS Operator;
Teller	L	Related: Helm-teller;
Tesoro	I	Abandoned;
transcrypt	L
vals	A
Vault Secrets Operator (HashiCorp)	I
Vault Secrets Operator (Rico Berger)	I
vault-k8s	A
yaml-crypt	L

Sources

• Kubernetes application management tools spreadsheet, retrieved 2024-11-18
• Kubetools, retrieved 2024-11-18
• Awesome Kubernetes Resources, retrieved 2024-11-18
• Awesome Kubernetes, retrieved 2024-11-18
• Awesome K8s, retrieved 2024-11-18