Question 1

What does a Kubernetes manifest validator check?

Accepted Answer

A Kubernetes manifest validator checks your YAML files for required fields (apiVersion, kind, metadata.name), valid apiVersion values for each resource kind, security best practices (runAsNonRoot, readOnlyRootFilesystem, dropping capabilities), resource limits and requests, container image tags (warns against :latest), liveness and readiness probes, proper label and annotation formatting, namespace specification, and Service port naming conventions. It helps catch misconfigurations before deploying to a cluster.

Question 2

Why should I avoid using the :latest tag in Kubernetes?

Accepted Answer

Using the :latest tag in Kubernetes is discouraged because it makes deployments non-deterministic. The :latest tag is mutable and can point to different images over time, so restarting a pod might pull a different version than what is running. This breaks rollback functionality since Kubernetes cannot distinguish between image versions. It also defeats image caching, can cause inconsistency across replicas, and makes it impossible to audit which exact version is deployed. Always use specific version tags or SHA digests for production workloads.

Question 3

What are Kubernetes resource requests and limits?

Accepted Answer

Resource requests define the minimum CPU and memory a container needs, which the scheduler uses to place pods on nodes. Resource limits define the maximum CPU and memory a container can use. If a container exceeds its memory limit, it is OOM-killed. If it exceeds its CPU limit, it is throttled. Setting requests ensures your pod gets scheduled on a node with enough resources. Setting limits prevents a single container from consuming all node resources. Best practice is to always set both requests and limits for every container in production.

Kubernetes Manifest Validator

Validation Results

Frequently Asked Questions

Related Content