kpt is a package-oriented tool for managing Kubernetes configuration as data. A kpt package is a directory of plain YAML manifests plus a Kptfile that records its upstream Git source, so kpt pkg get clones the package and kpt pkg update performs a 3-way merge when the upstream changes — the fork-with-updates workflow that bare Kustomize does not provide.
Its distinguishing feature is KRM functions: containerized mutators and validators that implement the Kubernetes Resource Model (KRM) function spec. You run them via kpt fn render as an in-package pipeline defined in the Kptfile, or ad-hoc via kpt fn eval. Functions can be written in Go using the kpt-functions-sdk, or any language packaged in a container, and are used for things like setting namespaces, injecting labels, substituting image tags, and policy validation (Gatekeeper constraints, conftest). Configurations stay declarative — functions read and rewrite the YAML — which is the “configuration as data” approach Google has pushed as an alternative to string templating.
Google’s Config Sync and Nephio build on kpt. Its direct competitors are Kustomize, Helm, and Jsonnet. kpt never reached wide adoption outside Google-adjacent projects; the CNCF listing is sandbox and the matrix status here marks it graveyard, which is accurate — activity has slowed considerably.