CUE — Validate, Define, and Generate Configuration with Types

Introduction

CUE (Configure, Unify, Execute) was created by Marcel van Lohuizen, a former Go team member, to solve the configuration complexity problem. Unlike template-based tools that generate text, CUE treats configuration as data with types and constraints. Values and types exist on the same lattice, so schemas and defaults merge naturally without separate validation steps.

What CUE Does

• Defines data schemas with rich constraints (ranges, patterns, enums, optional fields)
• Validates JSON, YAML, and other formats against CUE schemas
• Generates Go structs, Protobuf definitions, and OpenAPI specs from CUE definitions
• Unifies multiple configuration layers (defaults, overrides, environment-specific) into a single output
• Integrates with Kubernetes tooling for typed manifest management

Architecture Overview

CUE is built on a lattice-based type system where values and types are interchangeable. Every concrete value is also a constraint, and constraints compose by unification (logical AND). The CUE evaluator takes a set of CUE files, merges them through unification, checks all constraints, and produces a concrete result or reports conflicts. There is no Turing-complete logic — CUE is intentionally not a general programming language, which guarantees termination and makes configurations auditable.

Self-Hosting & Configuration

• Install the cue CLI via Go, Homebrew, or download binaries from GitHub releases
• Initialize a CUE module with cue mod init example.com/myconfig
• Write .cue files alongside your YAML/JSON configs for gradual adoption
• Use cue vet in CI pipelines to catch configuration errors before deployment
• Import existing Go types with cue get go to generate CUE schemas automatically

Key Features

• Types and values on one lattice — no separate schema language needed
• Hermetic evaluation guarantees deterministic output with no side effects
• First-class support for importing and validating Kubernetes manifests, Terraform configs, and Helm values
• Package system with modules and versioned dependencies
• Rich standard library for string manipulation, math, encoding, and time

Comparison with Similar Tools

• JSON Schema — verbose and lacks a programming model; CUE schemas are concise and composable
• Jsonnet — Turing-complete data templating; CUE is intentionally restricted for safety and auditability
• Kustomize — Kubernetes-specific overlay tool; CUE is a general-purpose configuration language
• Dhall — typed configuration with totality guarantees; CUE uses lattice unification instead of functions
• HCL (Terraform) — domain-specific for infrastructure; CUE is format-agnostic

FAQ

Q: Can CUE replace Helm templates? A: CUE can manage Kubernetes manifests with type-safe constraints instead of Go templates, but the ecosystem integration requires building your own workflow.

Q: Is CUE Turing-complete? A: No, intentionally. This guarantees that evaluation always terminates and configurations remain auditable.

Q: How does CUE handle environment-specific overrides? A: Use separate CUE files per environment and unify them. CUE merges values and checks constraints automatically.

Q: Can I use CUE with existing YAML workflows? A: Yes. Import YAML into CUE for validation with cue vet, or export CUE back to YAML/JSON for downstream tools.

Sources

• https://github.com/cue-lang/cue
• https://cuelang.org/docs/