ToolBelt

Kubernetes YAML Linter

Fast best-practice checks for a Kubernetes manifest.

Open tool

Overview

Paste a Kubernetes manifest YAML and the linter runs a handful of best-practice checks - missing resource requests/limits, latest-tag images, no liveness or readiness probes, running as root, and the usual culprits that pop up in production incident reviews.

It's for platform engineers, SREs, and developers writing their own Helm charts or raw manifests. Reach for it when reviewing a teammate's deployment, hardening a cluster's baseline, or auditing third-party charts before installing. The output is fast and rule-id keyed so you can wire it into a PR comment workflow.

How it works

The linter parses the manifest against the Kubernetes API schema (covering the common workload kinds: Deployment, StatefulSet, DaemonSet, Job, CronJob, Pod, plus Service and Ingress). Rules are inspired by Polaris, kube-score, and the official Kubernetes Production Readiness docs.

Each rule has a short ID and severity. Findings reference the YAML path that triggered them (e.g. spec.template.spec.containers[0]) so you can jump to the right line in your editor.

Examples

  • Image with :latest: 
    containers:
  - image: nginx:latest   # warning: pin to a specific tag
  • Missing resource limits: 
    # warning: container has no resources.limits.cpu or memory
  • Running as root: 
    # warning: securityContext.runAsNonRoot not set; container may run as root
  • No probes: 
    # warning: missing readinessProbe; rolling updates may serve traffic to unready pods

FAQ

Does it apply policy beyond best practices?

No - it's not a policy engine. For declarative policy enforcement use OPA Gatekeeper or Kyverno; for a CI gate similar to this tool, kube-score or kubeval cover the same space.

What Kubernetes version does it target?

Schema validation tracks the stable APIs current at the time of writing. Alpha/beta APIs and removed APIs may produce schema warnings.

Will it catch security misconfigurations?

Common ones - root user, missing seccomp, privileged escalation. For deep security review, run Kubescape or Trivy alongside.

Can I lint multi-document YAML?

Yes - YAML documents separated by --- are linted individually, with each document's path scoped to its own root.

Try Kubernetes YAML Linter

An unhandled error has occurred. Reload ×