Jsonnet vs CUE: Configuration Languages Compared
Jsonnet is a templating language for generating config; CUE unifies data, schema, and validation in one language. Jsonnet leans toward producing config; CUE leans toward constraining and validating it.
Both improve on hand-written YAML/JSON, but with different philosophies. Jsonnet emphasizes generation via functions and composition; CUE emphasizes types and constraints, where values and schemas are the same thing. Here is the honest comparison.
| Jsonnet | CUE | |
|---|---|---|
| Primary strength | Generating config (templating) | Validating + unifying config |
| Types/schema | Dynamic, no built-in schema | Types and constraints are first-class |
| Model | Functions, inheritance, mixins | Unification of values and constraints |
| Validation | External tooling | Built-in (constraints enforced) |
| Learning curve | Moderate | Moderate to steep (unification model) |
| Ecosystem | Tanka, kube libs | Growing, k8s + config tooling |
Generate vs validate
Jsonnet is best when you need to generate a lot of similar config from abstractions: functions, imports, and object composition keep it DRY. CUE is best when correctness matters most: you express a schema and data in the same language, and CUE unifies them so invalid config simply will not evaluate. Many teams reach for Jsonnet to produce and CUE to guard.
The unification model
CUE central idea is unification: constraints and concrete values combine, and the result must be consistent or it fails. This gives strong validation and lets you layer defaults and policies. It is a different mental model than templating and takes time to internalize, but it catches whole classes of config errors early.
In CI
Both run as a CLI step: Jsonnet renders manifests, CUE can render and validate. Adding a CUE validation gate (or Jsonnet plus a separate validator) in CI prevents malformed config from ever reaching a cluster.
The verdict
Choose Jsonnet when your main need is generating config from reusable abstractions; choose CUE when validation and schema enforcement are the priority. They are complementary, and some pipelines generate with one and validate with the other.