k8s-lint
Kubernetes YAML validation - Use kube-linter and kubeconform to check K8s config security and best practices
Best use case
k8s-lint is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Kubernetes YAML validation - Use kube-linter and kubeconform to check K8s config security and best practices
Teams using k8s-lint should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/k8s-lint/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How k8s-lint Compares
| Feature / Agent | k8s-lint | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Kubernetes YAML validation - Use kube-linter and kubeconform to check K8s config security and best practices
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Kubernetes Lint Skill
## 📋 Overview
This skill uses **kube-linter** and **kubeconform** for dual validation of Kubernetes YAML configurations, ensuring:
- 🔒 Security (RBAC, Pod Security, NetworkPolicy)
- ✅ Schema validation (K8s API spec compliance)
- ⚡ Resource limit configuration
- 🛡️ Best practices compliance
## 🔧 Prerequisites
| Tool | Purpose | Windows | Linux/Mac |
|------|---------|---------|-----------|
| kube-linter | Best practices check | `scoop install kube-linter` | `brew install kube-linter` |
| kubeconform | Schema validation | `scoop install kubeconform` | `brew install kubeconform` |
| kubectl | (Optional) Cluster validation | `scoop install kubectl` | `brew install kubectl` |
## 🚀 Usage
**Check single file:**
```powershell
# Windows
.\.agents\skills\k8s-lint\scripts\lint.ps1 -File deployment.yaml
# Linux/Mac
./agent/skills/k8s-lint/scripts/lint.sh deployment.yaml
```
**Check entire directory:**
```powershell
# Windows
.\.agents\skills\k8s-lint\scripts\lint.ps1 -Path .\k8s -Recursive
# Linux/Mac
./.agents/skills/k8s-lint/scripts/lint.sh -r k8s/
```
## 🎯 What It Checks
### Security Checks
- ✅ Prohibit privileged containers
- ✅ Prohibit hostNetwork/hostPID
- ✅ Require readOnlyRootFilesystem
- ✅ Run as non-root user
- ✅ Capabilities whitelist
### Resource Management
- ✅ CPU/Memory limits set
- ✅ liveness/readiness probes
- ✅ Pod Disruption Budget
- ✅ HPA configuration check
### Best Practices
- ✅ Image pull policy
- ✅ Don't use latest tag
- ✅ Service Account configuration
- ✅ Label/Annotation standards
## 📊 Output Example
```
☸️ Kubernetes Lint - Checking config files...
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🔍 Schema Validation (kubeconform)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ deployment.yaml - valid
✅ service.yaml - valid
❌ ingress.yaml - invalid: Missing required field: spec.rules
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🛡️ Best Practices Check (kube-linter)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
deployment.yaml: (object: <no namespace>/nginx-deployment apps/v1, Kind=Deployment)
⚠️ no-read-only-root-fs: Container "nginx" does not have a read-only root file system
❌ cpu-requirements: Container "nginx" has no CPU limits
❌ memory-requirements: Container "nginx" has no memory limits
📊 Check Results:
❌ Errors: 3
⚠️ Warnings: 1
```
## ⚙️ Configuration
Create `.kube-linter.yaml`:
```yaml
checks:
exclude:
- no-read-only-root-fs # Temporarily allow writable root filesystem
include:
- cpu-requirements
- memory-requirements
- privileged-containers
- run-as-non-root
customChecks: []
```
## 🔗 Related Resources
- [kube-linter Documentation](https://docs.kubelinter.io/)
- [Kubernetes Best Practices](https://kubernetes.io/docs/concepts/configuration/overview/)Related Skills
sql-lint
SQL code style check - Use SQLFluff to check SQL statement style and syntax (supports PostgreSQL, MySQL, SQLite, etc.)
rust-lint
Rust code quality check - Use Clippy and Rustfmt to ensure Rust code standards and performance optimization
lint-python
Check Python code quality with Ruff
lint-js
Check JavaScript/TypeScript code quality with ESLint
docker-lint
Dockerfile best practices check - Use hadolint to validate Dockerfile security, performance, and compliance
ai-agent-lint
AI Agent code quality check - Use Ruff to check code standards for LangChain, AutoGen, and other AI Agent projects
vuln-scan
Multi-language dependency security scan - Use Safety CLI and OSV-Scanner to quickly detect dependency vulnerabilities in Python/JS/Java projects
SKILL_ONBOARDING.md
> **Purpose**: Conduct a one-time "Handshake Interview" with the user to establish their Developer Persona.
usb-debug
No description provided.
serial-debug
No description provided.
security-check
Check dependency security vulnerabilities
run-tests
Run project test suite