kdef

One block, every manifest you need

Declare a deployment. Get a Deployment, Service, Ingress, Certificate, and HPA — rendered as plain Kubernetes YAML you can read, diff, and commit.

api.kdef

deployment "api" {
  namespace = "production"

  container "api" {
    image = image("api")

    port "8080" "http" {
      health = "/health"
    }

    env {
      APP_ENV      = var.environment
      DATABASE_URL = secret("db-credentials", "url")
    }

    resources {
      cpu    = "300m..800m"
      memory = "256M..1G"
    }
  }

  service { port "80" "http" {} }

  ingress {
    host = "api.example.com"
    tls  = true
  }

  autoscale {
    min = 2
    max = 10
    cpu = 70
  }
}

Rendered Kubernetes YAML

apiVersion: apps/v1
kind: Deployment
metadata:
  name: api
  namespace: production
spec:
  selector:
    matchLabels:
      app: api
  template:
    metadata:
      labels:
        app: api
    spec:
      containers:
      - name: api
        image: registry.example.com/api:1.4.2
        ports:
        - containerPort: 8080
          name: http
        livenessProbe:
          httpGet:
            path: /health
            port: http
        env:
        - name: APP_ENV
          value: production
        - name: DATABASE_URL
          valueFrom:
            secretKeyRef:
              name: db-credentials
              key: url
        resources:
          requests:
            cpu: 300m
            memory: 256M
          limits:
            cpu: 800m
            memory: 1G
---
apiVersion: v1
kind: Service
metadata:
  name: api
  namespace: production
spec:
  selector:
    app: api
  ports:
  - name: http
    port: 80
    targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: api.example.com
  namespace: production
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production
spec:
  tls:
  - hosts: [api.example.com]
    secretName: api-example-com-tls
  rules:
  - host: api.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: api
            port:
              number: 80
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: api
  namespace: production
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: api
  minReplicas: 2
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 70

Why people pick kdef

• Typed variablesStrings, numbers, bools, enums. Typos caught at validate-time, not 3AM.
• Native loopsOne for block → a Deployment per tenant, env, or region. No Helm template gymnastics.
• Transparent outputPlain YAML every render. kdef diff shows exactly what will change.
• Import existingkdef import —namespace my-app turns a live cluster into .kdef files.
• Sealed secretsFirst-class sealedsecret block. Encrypt with kdef seal, commit safely.
• Works with GitOpsFlux controller and ArgoCD plugin ship in the box.

kdef sits between Kustomize and Helm

Kustomize

No variables. No loops. Patch files multiply for every environment.

Helm

Go templates over YAML. Opaque, error-prone, needs helm template to see what’s going out.

kdef

HCL syntax, typed variables, native loops, renders plain YAML. One block = app + service + ingress + HPA.

Full comparison →

Install

# Go install
go install github.com/gsid-nl/kdef/cmd/kdef@latest

# Or grab a binary from releases
# https://github.com/gsid-nl/kdef/releases

Platform packages (.deb, .rpm, .apk) are on the releases page.

Next steps

Quickstart Import a live namespace, render, diff, apply — five minutes.

API with sidecar Real-world deployment: API + nginx + sealed DB password + ingress.

Per-tenant loops One block, N tenants. Driven by a JSON values file.

GitOps with Flux Point a KdefRelease at a GitRepository. Done.