k8s-lint

star 27

Kubernetes YAML validation - Use kube-linter and kubeconform to check K8s config security and best practices

y1feng200156 By y1feng200156 schedule Updated 2/10/2026
play_arrow Run Skill in Manus View GitHub

name: k8s-lint description: Kubernetes YAML validation - Use kube-linter and kubeconform to check K8s config security and best practices

Kubernetes Lint Skill

πŸ“‹ Overview

This skill uses kube-linter and kubeconform for dual validation of Kubernetes YAML configurations, ensuring:

  • πŸ”’ Security (RBAC, Pod Security, NetworkPolicy)
  • βœ… Schema validation (K8s API spec compliance)
  • ⚑ Resource limit configuration
  • πŸ›‘οΈ Best practices compliance

πŸ”§ Prerequisites

Tool Purpose Windows Linux/Mac
kube-linter Best practices check scoop install kube-linter brew install kube-linter
kubeconform Schema validation scoop install kubeconform brew install kubeconform
kubectl (Optional) Cluster validation scoop install kubectl brew install kubectl

πŸš€ Usage

Check single file:

# Windows
.\.agent\skills\k8s-lint\scripts\lint.ps1 -File deployment.yaml

# Linux/Mac
./agent/skills/k8s-lint/scripts/lint.sh deployment.yaml

Check entire directory:

# Windows  
.\.agent\skills\k8s-lint\scripts\lint.ps1 -Path .\k8s -Recursive

# Linux/Mac
./.agent/skills/k8s-lint/scripts/lint.sh -r k8s/

🎯 What It Checks

Security Checks

  • βœ… Prohibit privileged containers
  • βœ… Prohibit hostNetwork/hostPID
  • βœ… Require readOnlyRootFilesystem
  • βœ… Run as non-root user
  • βœ… Capabilities whitelist

Resource Management

  • βœ… CPU/Memory limits set
  • βœ… liveness/readiness probes
  • βœ… Pod Disruption Budget
  • βœ… HPA configuration check

Best Practices

  • βœ… Image pull policy
  • βœ… Don't use latest tag
  • βœ… Service Account configuration
  • βœ… Label/Annotation standards

πŸ“Š Output Example

☸️  Kubernetes Lint - Checking config files...

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
πŸ” Schema Validation (kubeconform)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
βœ… deployment.yaml - valid
βœ… service.yaml - valid
❌ ingress.yaml - invalid: Missing required field: spec.rules

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
πŸ›‘οΈ  Best Practices Check (kube-linter)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

deployment.yaml: (object: <no namespace>/nginx-deployment apps/v1, Kind=Deployment)
    ⚠️  no-read-only-root-fs: Container "nginx" does not have a read-only root file system
    ❌ cpu-requirements: Container "nginx" has no CPU limits
    ❌ memory-requirements: Container "nginx" has no memory limits

πŸ“Š Check Results:
   ❌ Errors: 3
   ⚠️  Warnings: 1

βš™οΈ Configuration

Create .kube-linter.yaml:

checks:
  exclude:
    - no-read-only-root-fs  # Temporarily allow writable root filesystem
  
  include:
    - cpu-requirements
    - memory-requirements
    - privileged-containers
    - run-as-non-root

customChecks: []

πŸ”— Related Resources

Install via CLI
npx skills add https://github.com/y1feng200156/ham-study --skill k8s-lint
Repository Details
star Stars 27
call_split Forks 5
navigation Branch main
article Path SKILL.md
More from Creator
y1feng200156
y1feng200156 Explore all skills →