Free Developer Tool
Kubernetes YAML Validator
Validate Kubernetes manifests against security best practices and catch common misconfigurations before deploying to your cluster. 100% Browser-Based
Checks security, best practices, and structural errors
All checks passed!
Your manifest follows Kubernetes best practices.
- Invalid YAML syntax
- Missing
apiVersion - Missing
kind - Missing
metadata.name - Unknown or invalid
kindvalue
- Container running as root
- Privileged container
- Host network access
- No CPU/memory limits
- Using
latestimage tag - Mounting host paths
- No liveness probe
- No readiness probe
- Replicas set to 1 (no HA)
- No resource requests set
- No namespace specified
- No labels defined
- No
imagePullPolicyset - Missing
restartPolicyon Jobs
How to Use
1. Paste Your Manifest
Paste any Kubernetes YAML — single or multi-document with --- separators. Supports Deployments, Services, StatefulSets, Jobs, and more.
2. Review Findings
Each finding shows the severity, the exact field path in your manifest, and a clear remediation snippet you can copy.
3. Fix & Re-validate
Apply the suggested fixes directly in the editor, then hit Validate again. Aim for an A grade before deploying to production.
Kubernetes Security Essentials
Security Contexts
Always set runAsNonRoot: true and
allowPrivilegeEscalation: false
in your container's securityContext.
Avoid privileged: true unless
absolutely necessary.
Resource Limits
Set both resources.requests and
resources.limits on every container.
Without limits, a single runaway container can starve the entire node of CPU and memory.
Health Probes
livenessProbe restarts stuck containers;
readinessProbe prevents traffic from
reaching pods that aren't ready. Both are essential for zero-downtime deployments.
100% Client-Side
All YAML parsing and validation runs entirely in your browser using js-yaml. Your manifests — which may contain sensitive config — never leave your machine.
K8s Manifest Checklist
| Field | Why It Matters | Recommended Value |
|---|---|---|
| runAsNonRoot | Prevents container breakout with root access | true |
| resources.limits | Protects node stability from runaway processes | cpu: 500m, memory: 256Mi |
| image tag | Ensures reproducible deployments | nginx:1.25.3 (not latest) |
| replicas | Avoids single point of failure | >= 2 for production |
| readinessProbe | Prevents premature traffic routing | httpGet on /healthz |
| namespace | Enables RBAC and network policy scoping | production (not default) |
| labels | Required for selectors, monitoring, policies | app, version, environment |
Common Use Cases
Pre-Deploy Checks
Catch security misconfigurations and missing fields before pushing manifests to your cluster. Prevent common production incidents before they happen.
K8s Learning
Use the remediation snippets to learn correct Kubernetes configuration patterns. Each finding explains why it matters, not just what to change.
CI/CD Pipelines
Validate generated or templated manifests (Helm output, Kustomize) before applying to staging or production environments as part of your review workflow.
Need Help Securing Your Kubernetes Infrastructure?
From hardened cluster configurations to automated security scanning in CI/CD pipelines — we build production-ready Kubernetes setups that follow security best practices by default. Let us help you deploy with confidence.
Discuss Your K8s Setup