This list is incomplete. Feel free to contribute and help expand it.
- Generation (G): Given some non-Kubernetes configuration, returns Kubernetes manifests.
- Mutation (M): Given Kubernetes manifests, returns (possibly different) Kubernetes manifests.
- Validation (V): Given Kubernetes manifests, returns validation results.
- Deployment (D): Given Kubernetes manifest, makes Kubernetes API calls.
- Sharing (S): Enables the packaging and/or distribution of Kubernetes manifests.
- In cluster (I): Runs in cluster.
- Local (L): Runs locally.
| Features | Languages | Notes | |
|---|---|---|---|
| Acorn | DI | ||
| Ansible | GDL | YAML, Jinja2, Python (for plugins) | Related: Kubernetes Collection; |
| Argo CD | DI | ||
| autoapply | DI | YAML | |
| Bazel | DL | Starlark | Related: rules_gitops, rules_k8s; |
| cdk8s | GSL | TypeScript, Python, Java, Go | Related: cdk8s+; |
| Checkov | VIL | YAML, Python | |
| compose2kube | GL | YAML | Abandoned; |
| Config Sync | DI | ||
| Conftest | VL | Rego | Related: Kubernetes policies; |
| Crossplane | GDI | Related: Ansible provider, Argo CD provider, Helm provider, Kubernetes provider, Terraform provider; | |
| CUE | GVSL | CUE | |
| Datree | VIL | JSON schema, Rego | |
| dekorate | GL | Java | |
| Dhall | GSL | Dhall | Related: dhall-kubernetes; |
| Flux v1 | DI | Abandoned; | |
| Flux v2 | DI | Related: Weave GitOps; | |
| Gatekeeper | MVI | Rego | External data support; |
| Helm | GDSL | Go Template | |
| Helmfile | DL | YAML | |
| Helmsman | DL | TOML | |
| Helmwave | DL | YAML | |
| Isopod | GVDL | Starlark | |
| jk | GL | JavaScript, TypeScript | Abandoned; |
| Jsonnet | GML | Jsonnet | Related: kube-libsonnet, k8s-gen, k8s-libsonnet; |
| jsPolicy | MVI | JavaScript, TypeScript | "Controller policies" support; |
| k-rail | MVI | any (gRPC) | Abandoned; |
| k8comp | GL | ERB (Ruby templating) | Abandoned; |
| kadet | GL | Python | |
| Kapitan | GML | YAML, Jsonnet, Jinja2, Python | |
| kapp | DL | ||
| kapp-controller | DI | ||
| Kasane | ML | YAML, Jsonnet | Abandoned; |
| KCL | GMVL | KCL | |
| Kedge | GDL | YAML | Abandoned; |
| Keel | DI | Updates container image version; | |
| kenv | ML | YAML | Abandoned; Injects environment variables in Pods; |
| Keptn | DI | ||
| ko | MDL | Limited to Go applications; | |
| Kompose | GL | YAML | |
| konfd | GI | Go template | Abandoned; |
| Kosko | GVL | JavaScript, TypeScript | |
| KOTS | DSIL | ||
| kpt | GMVDSL | YAML, Go, Typescript, Starlark, any (w/o SDK) | |
| kr8 | GL | Jsonnet | |
| kraan | DI | ||
| krane | GDL | ERB (Ruby templating) | |
| Kratix | GDI | ||
| ksonnet | GVDSL | Jsonnet | Abandoned; Related: ksonnet-lib; |
| ktmpl | GL | Abandoned; | |
| kube-applier | DI | Abandoned; | |
| kubeapply | GDL | YAML, Starlark | Related: Terraform provider; |
| kubecfg | GDL | Jsonnet | |
| Kubeconform | VL | ||
| kubectl | GDL | ||
| kubegen | GL | YAML, JSON, HCL | Abandoned; |
| KubeLinter | VL | YAML | |
| Kubeval | VL | Abandoned; | |
| Kubewarden | MVI | any (WebAssembly) | |
| Kusion | GVDL | KCL | |
| kustomize | ML | YAML | |
| kustomizer | GMSL | ||
| Kyverno | GMVIL | YAML, CEL | External data support; |
| Lingon | GL | Go | |
| Microconfig | GL | ||
| mimic | GL | Go | |
| Monokle | GVDL | ||
| NAML | GDL | Go | |
| Nickel | GVL | Nickel | |
| OpenCompose | GL | Abandoned; | |
| Polaris | MVIL | YAML, JSON Schema | |
| Project Syn | GMDSIL | YAML, Jsonnet, Jinja2, Python | Related: Commodore, Lieutenant API, Lieutenant Operator, Steward; |
| Pulumi | GDL | JavaScript, TypeScript, Python, Go, C#, Visual Basic, F#, Java, YAML | Related: Kubernetes provider, Operator; |
| Score | GL | YAML | Related: Helm integration; |
| Ship | DL | Abandoned; | |
| shipcat | GDL | YAML | Abandoned; |
| Shipit | DL | ERB (Ruby templating) | |
| Skycfg | GL | Starlark, Go | |
| Tanka | GDSL | Jsonnet | |
| Terraform | GDL | HCL | Related: Kubernetes provider, k8s provider, Kustomize provider, Helm provider; |
| Tilt | GMDL | Starlark | |
| Timoni | GDSL | CUE | |
| Tye | GDL | Limited to .NET applications; | |
| Untrak | L | YAML | Abandoned; Garbage collect untracked resources; |
| ValidatingAdmissionPolicy | VI | CEL | |
| werf | GDSL | YAML | |
| ytt | GMVL | YAML, Starlark |
- In cluster (I): Runs in cluster.
- Local (L): Runs locally.
- Application (A): Runs side-by-side with the application.
| Features | Notes | |
|---|---|---|
| agebox | L | |
| aws-secret-operator | I | |
| Azure Key Vault to Kubernetes (akv2k8s) | IA | |
| BlackBox | L | |
| conjur-authn-k8s-client | A | |
| ejson | L | Related: ejson2env; |
| External Secrets | I | |
| git-crypt | L | |
| git-encrypt | L | Abandoned; |
| git-secret | L | |
| helm-secrets | L | |
| Hiera eyaml | L | |
| Infisical Secrets Operator | I | Related: Infisical; |
| Kamus | IA | |
| Keyringer | L | Abandoned; |
| Kube-secret-syncer | I | |
| Murmur | A | |
| pass | L | |
| Sealed Secrets | I | |
| Secrets Store CSI Driver | I | Related: AWS Secrets Manager and Systems Manager Parameter Store provider, Azure Key Vault provider, Google Secret Manager provider, HashiCorp Vault provider, CyberArk Conjur provider (WIP); |
| secure_yaml | L | Abandoned; |
| SOPS | L | Related: KSOPS (kustomize KRM exec plugin), Helm Sops, SOPS secrets operator, SOPS Operator; |
| Teller | L | Related: Helm-teller; |
| Tesoro | I | Abandoned; |
| transcrypt | L | |
| vals | A | |
| Vault Secrets Operator (HashiCorp) | I | |
| Vault Secrets Operator (Rico Berger) | I | |
| vault-k8s | A | |
| yaml-crypt | L |