Helm meets Kustomize, but without the YAML.

Konduit is a thin wrapper around Helm that pre-evaluates chart values using more powerful configuration languages like CUE before passing them to Helm. This lets you build reusable configuration, enforce validation and constraints, and leverage the expressiveness that plain YAML can't provide. Since Konduit passes all arguments directly to Helm, it works seamlessly as a drop-in replacement or as a Helm plugin.

Konduit also includes built-in support for Kustomize as a Helm post-renderer, allowing you to extend charts that don't expose the values or templates you need without forking them. In Konduit's context, "patches" refer to kustomization files containing built-in generators or transformers.

Helm charts work well as a packaging tool and still remain the industry standard for distributing Kubernetes applications, but managing chart values across many environments and services at scale comes with its own pain points:

• Plain YAML lacks type safety, validation, and the ability to reuse values across files
• If charts don't expose the right values or templates, consumers are stuck forking them
• Helm lacks support for merging list values, a limitation for managing any reasonably sized deployment

You can find various related issues on the Helm repository, but essentially Helm isn't currently equipped to address these challenges for managing configuration at scale.

Konduit aims to address these by combining Helm with CUE and Kustomize. It doesn't seek to replace Helm, but enhance how charts are consumed. At its core, Konduit is a thin orchestration layer that can be expressed as:

cue export values.cue --out yaml | helm template -f - --post-renderer kustomize

• Kustomize can inflate Helm charts natively, but lacks full Helm support such as private registries and plugins
• Timoni offers a CUE-native approach but requires rewriting charts as Timoni modules, a significant undertaking when you want to consume existing Helm charts as-is
  • Disclaimer: Timoni has Helm interoperability but as far as I'm aware that currently only works with FluxCD

• CUE evaluation — Pre-evaluate Helm values and Kustomize patches

  • Type safety, validation, and constraint enforcement
  • DRY configuration with expressions and defined relationships
  • Reusable modules importable by both values and patches

• Injected scopes — Inject external data into the CUE evaluation

  • Pass environment-specific configuration or secrets
  • Merge multiple scopes from files or inline JSON/YAML

• Kustomize post-renderer — Extend charts beyond what values expose

  • Leverage Kustomize built-in generators and transformers
  • Patches also benefit from CUE evaluation and injected scopes

• Helm compatibility — Drop-in replacement for the Helm CLI

  • Shells out to Helm, supporting all commands and plugins
  • Supports CUE and YAML files, with the latter taking precedence
  • Compatible with other post-renderers and plugins like helm-secrets

flowchart LR
    subgraph Konduit
        subgraph Values
            VC[values.cue] --> CE1[CUE Evaluator]
            CE1 --> EV[evaluated.yaml]
            VY[values.yaml] --> EV
        end

        subgraph Patches
            PC[patches.cue] --> CE2[CUE Evaluator]
            CE2 --> EP[evaluated.yaml]
            PY[patches.yaml] --> EP
        end

        EV --> Helm
        Helm -->|rendered manifests| Kustomize
        EP --> Kustomize
    end

    Kustomize --> FM[Final Manifests]

# Homebrew
brew install jace-ys/tap/konduit

# Helm plugin
helm plugin install https://github.com/jace-ys/konduit

# Docker
docker pull ghcr.io/jace-ys/konduit:latest

See the releases page for precompiled binaries.

See the complete documentation for how to use Konduit.

• Helm 4 support — implement Konduit as a Helm 4 plugin (HIP-0026)
• Extra manifests — allow adding CUE manifests via Kustomize resources
• Timoni support — support Timoni as an alternative engine instead of Helm
• Other evaluators — add evaluator support for Jsonnet, Dhall, PKL, and others