Import from cluster
kdef import reads live Kubernetes resources and writes idiomatic .kdef files. It’s the fastest way to adopt kdef in an existing project: run it, review the output, commit, done.
From a live namespace
Section titled “From a live namespace”kdef import --namespace my-app --output-dir k8s/What ends up in k8s/:
k8s/├── vars.kdef├── images.kdef ← image("api"), image("nginx"), ...├── api.kdef ← one file per deployment├── worker.kdef ← worker-style (no service {})├── configmaps.kdef├── secrets.kdef ← references only, no plaintext values└── cronjobs.kdefFrom YAML files
Section titled “From YAML files”If the resources live in YAML (e.g. helm template output, or a vendor’s manifests), point --from-file at them:
helm template my-chart | kdef import --from-file - --output-dir k8s/# orkdef import --from-file manifests.yaml --output-dir k8s/What the importer handles
Section titled “What the importer handles”- Deployments with Service+Ingress →
deploymentblock with nestedserviceandingress - Deployments without a Service → worker-style
deployment(noservice {}) - DaemonSets, StatefulSets (including
volumeClaimTemplates), CronJobs - ConfigMaps, Secrets (references only — no plaintext in output)
- ClusterRoles + ClusterRoleBindings (from YAML files)
- Secret references in env vars →
secret()calls - Downward-API env vars →
field_ref()calls - Tolerations,
node_selector, privileged contexts, host_path, init containers, sidecars, volumes, multi-host ingresses, probes
Preview first
Section titled “Preview first”Pipe to stdout to review before writing:
kdef import --namespace my-appMigrating incrementally
Section titled “Migrating incrementally”You don’t have to convert everything at once.
- Import one namespace or one app.
kdef render --dir k8s/ > rendered.yamland diff against what’s live.- Commit the
.kdeffiles alongside existing YAML. Run both. - Switch ownership resource-by-resource using
kdef apply(server-side apply,--force-conflicts). - Delete the legacy YAML once kdef is the source of truth.
Things the importer can’t guess
Section titled “Things the importer can’t guess”- Variables. The importer produces literal values. After importing, decide which values should be variables (image tags, replica counts, hostnames) and extract them into
vars.kdef. - Environment overrides. If the cluster has staging + production copies of the same app, import one and create an
environments/staging.kdeffor the other — don’t import both into separate trees. - Plain text secrets. The importer keeps secret references intact but will not pull secret values. For new secrets, use
sealedsecret.
Adding the git hook
Section titled “Adding the git hook”Once you’re committed to kdef for a project, install the pre-commit hook so every commit runs kdef validate:
kdef install-hook # creates .git/hooks/pre-commitkdef install-hook --append # appends safely to an existing hook