Describe your infrastructure in plain English. Get production-ready HCL with modules, variables, outputs, and state management — generated in seconds.
Deployments, Services, Ingress, ConfigMaps, Secrets, HPA — all generated from a simple form or CLI prompt. Best practices baked in by default.
Drop in your existing manifests. 340+ rules catch misconfigurations, security holes, anti-patterns, and deprecated APIs before they hit production.
Use our CLI, web UI, or API. Tell us what you need: "3-replica nginx deployment with HPA, exposed via ingress on /api." That's it.
Get clean, validated configs instantly. Full diff preview. Every resource tagged, every limit set, every probe configured. Review. Tweak. Approve.
Push to git. Trigger CI/CD. Or deploy directly. YAMLCRUSH ensures what you wrote is exactly what runs. Zero surprises.
$ yamlcrush generate --type k8s-deployment \ --name "payment-svc" \ --replicas 3 \ --image "registry/payment-svc:v1.8.0" \ --port 8080 \ --hpa --ingress "/payments" ✓ Generated 4 manifests → deployment.yaml → service.yaml → ingress.yaml → hpa.yaml ✓ All 4 files passed 340/340 lint checks ✓ No security issues detected $
apiVersion: apps/v1 kind: Deployment spec: replicas: 1 # ⚠ no HPA template: spec: containers: - image: payment-svc:latest # ⚠ no tag resources: {} # ⚠ no limits securityContext: privileged: true # ⚠ CRITICAL # no liveness probe # no readiness probe # no labels # no annotations --- ERROR: privileged container ERROR: no resource limits ERROR: using :latest tag WARN: no health probes WARN: single replica, no HPA
apiVersion: apps/v1 kind: Deployment spec: replicas: 3 strategy: type: RollingUpdate template: spec: containers: - image: payment-svc:v1.8.0 resources: limits: {cpu: 500m, mem: 512Mi} requests: {cpu: 100m, mem: 128Mi} securityContext: runAsNonRoot: true readOnlyRootFS: true livenessProbe: ✓ configured readinessProbe: ✓ configured ✓ 340/340 checks passed ✓ CIS benchmark compliant ✓ Production-ready
Our linter doesn't just check syntax. It understands Kubernetes semantics, Terraform best practices, cloud-specific constraints, and security compliance frameworks.
Scanning 14 files... ✗ HIGH deployment-db.yaml:24 Privileged container detected in "postgres" → Set runAsNonRoot: true, remove privileged: true ✗ HIGH secret-api-key.yaml:3 Secret stored in plaintext (not sealed) → Use Sealed Secrets or External Secrets Operator ⚠ MED deployment-api.yaml:18 No resource limits defined for "api-server" → Add resources.limits.cpu and resources.limits.memory ⚠ MED deployment-worker.yaml:7 Image using :latest tag "worker:latest" → Pin to specific digest or semantic version ℹ LOW service-frontend.yaml:5 Service type LoadBalancer without annotations → Consider adding AWS/GCP-specific annotations ──────────────────────────────────── 2 errors 2 warnings 1 info 9 files clean · 340/340 rules checked Scan completed in 0.23s
Join the early access waitlist. First 500 users get lifetime 50% off. No credit card required. We'll ping you when it's ready.
No spam. Unsubscribe anytime. We respect your inbox.