Kapitan is a generic templating and inventory tool originally built inside Deutsche Bank for managing configuration across many environments and targets. Its central idea is a single hierarchical inventory, powered by reclass, where every deployable thing (“target”) inherits parameters from a tree of classes, and those parameters are then fed into templates to produce concrete output files.
The templating side is deliberately pluggable: you can render Jinja2, Jsonnet, Kadet (Kapitan’s own Python DSL that builds dict trees and serializes to YAML), Helm charts, or CUE, all driven by the same inventory values. The output is written into compiled/<target>/, which you then commit or hand off to kubectl apply, Terraform, or whatever else consumes it. For secrets, Kapitan ships kapitan refs, which supports GPG, AWS KMS, Google KMS, Azure Key Vault, Vault, and age, with the secret references embedded in the inventory and resolved at compile time.
It is the tool you reach for when Helm’s values.yaml is not structured enough and you have, say, 200 clusters that all need slightly different versions of 30 components. It sits in the same space as Jsonnet+tanka, cdk8s, and Crossplane compositions, but with a much stronger inventory model. Maintained by a small community; expect a learning curve because the Reclass-plus-everything model is unlike most other config tools.