Infrastructure Automation

Kill Your
YAML.
Ship Infra.

Stop hand-writing 2,000-line manifests. YAMLCRUSH generates, validates, and lints your Terraform & Kubernetes configs — so you deploy faster with zero drift.

Zero Config Drift
Git-Native
SOC2 Ready
deployment-generated.yaml Generated
apiVersion: apps/v1
kind: Deployment
metadata:
  name: web-api
  labels:
    app: web-api
spec:
  replicas: 3
  strategy:
    type: RollingUpdate
  template:
    spec:
      containers:
      - name: web-api
        image: repo/web-api:v2.4.1
        ports:
        - containerPort: 8080
        resources:
          limits:
            memory: "512Mi"
            cpu: "500m"
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
          readinessProbe:
            httpGet:
              path: /ready
              port: 8080
Scroll
97%
YAML Reduction
12x
Faster Deploy
340+
Lint Rules
0
Config Drift
Core Capabilities

Three Weapons.
Zero YAML.

Terraform Generator

Describe your infrastructure in plain English. Get production-ready HCL with modules, variables, outputs, and state management — generated in seconds.

AWS GCP Azure Multi-Cloud

K8s Manifest Builder

Deployments, Services, Ingress, ConfigMaps, Secrets, HPA — all generated from a simple form or CLI prompt. Best practices baked in by default.

Deployments Services Ingress HPA

YAML Linter & Checker

Drop in your existing manifests. 340+ rules catch misconfigurations, security holes, anti-patterns, and deprecated APIs before they hit production.

Security Best Practices Deprecations CI/CD
PR Integration
Diff Preview
Version Control
Webhooks
Workflow

Three Steps.
No Sweat.

01

Describe It

Use our CLI, web UI, or API. Tell us what you need: "3-replica nginx deployment with HPA, exposed via ingress on /api." That's it.

02

Review It

Get clean, validated configs instantly. Full diff preview. Every resource tagged, every limit set, every probe configured. Review. Tweak. Approve.

03

Ship It

Push to git. Trigger CI/CD. Or deploy directly. YAMLCRUSH ensures what you wrote is exactly what runs. Zero surprises.

terminal
$ yamlcrush generate --type k8s-deployment \
    --name "payment-svc" \
    --replicas 3 \
    --image "registry/payment-svc:v1.8.0" \
    --port 8080 \
    --hpa --ingress "/payments"

✓ Generated 4 manifests
  → deployment.yaml
  → service.yaml
  → ingress.yaml
  → hpa.yaml
✓ All 4 files passed 340/340 lint checks
✓ No security issues detected

$  
The Difference

Before vs.
After YAMLCRUSH

Before — Manual Hell
deployment.yaml — 12 lint errors
apiVersion: apps/v1
kind: Deployment
spec:
  replicas: 1          # ⚠ no HPA
  template:
    spec:
      containers:
      - image: payment-svc:latest  # ⚠ no tag
        resources: {}           # ⚠ no limits
        securityContext:
          privileged: true    # ⚠ CRITICAL
        # no liveness probe
        # no readiness probe
        # no labels
        # no annotations
---
ERROR: privileged container
ERROR: no resource limits
ERROR: using :latest tag
WARN:  no health probes
WARN:  single replica, no HPA
After — YAMLCRUSH
deployment.yaml — 0 errors, 0 warnings
apiVersion: apps/v1
kind: Deployment
spec:
  replicas: 3
  strategy:
    type: RollingUpdate
  template:
    spec:
      containers:
      - image: payment-svc:v1.8.0
        resources:
          limits: {cpu: 500m, mem: 512Mi}
          requests: {cpu: 100m, mem: 128Mi}
        securityContext:
          runAsNonRoot: true
          readOnlyRootFS: true
        livenessProbe:  ✓ configured
        readinessProbe: ✓ configured
✓ 340/340 checks passed
✓ CIS benchmark compliant
✓ Production-ready
Lint Engine

340+ Rules.
Every Edge Case.

Our linter doesn't just check syntax. It understands Kubernetes semantics, Terraform best practices, cloud-specific constraints, and security compliance frameworks.

Security Hardening
Privileged containers, secret leaks, exposed ports, privilege escalation — caught before deploy.
Resource Optimization
Missing limits, over-provisioned requests, no HPA, no PDB — all flagged with fix suggestions.
Deprecation Detection
Running K8s 1.29? We'll flag every removed API from v1.22-v1.28 before your cluster rejects it.
Compliance Frameworks
CIS Kubernetes Benchmark, NSA CISA hardening guide, SOC2 controls — mapped to specific rules.
yamlcrush lint ./k8s/
Scanning 14 files...

✗ HIGH  deployment-db.yaml:24
  Privileged container detected in "postgres"
  → Set runAsNonRoot: true, remove privileged: true

✗ HIGH  secret-api-key.yaml:3
  Secret stored in plaintext (not sealed)
  → Use Sealed Secrets or External Secrets Operator

⚠ MED  deployment-api.yaml:18
  No resource limits defined for "api-server"
  → Add resources.limits.cpu and resources.limits.memory

⚠ MED  deployment-worker.yaml:7
  Image using :latest tag "worker:latest"
  → Pin to specific digest or semantic version

ℹ LOW  service-frontend.yaml:5
  Service type LoadBalancer without annotations
  → Consider adding AWS/GCP-specific annotations

────────────────────────────────────
2 errors  2 warnings  1 info
9 files clean  ·  340/340 rules checked
Scan completed in 0.23s
Plugs Into Your Stack
GitHub
GitLab
Docker
AWS
GCP
Azure
Kubernetes
CI/CD
Limited Beta — 247 on Waitlist

Stop Writing
YAML By Hand.

Join the early access waitlist. First 500 users get lifetime 50% off. No credit card required. We'll ping you when it's ready.

No spam. Unsubscribe anytime. We respect your inbox.

JK
AL
MR
SP
+243
DevOps engineers trust us