Kubernetes configuration defects frequently cause severe runtime failures, yet existing static analysis tools exhibit limited detection capability. This paper presents an empirical study of 2,260 open-source Kubernetes configuration scripts, systematically identifying and classifying 15 common defect categories. Through combined qualitative analysis and static analysis, we uncover two critical defect patterns previously undetected by existing tools. Leveraging these insights, we design and implement a novel lightweight linter capable of precisely detecting all identified defect types. Evaluated on real-world projects, the tool discovers 26 previously unknown, manually verified defects—19 of which have since been fixed. Our contributions include: (1) a comprehensive, publicly available dataset of annotated configurations; (2) an open-source implementation of the linter; and (3) a reusable taxonomy and methodology for improving Kubernetes configuration reliability. All artifacts are openly released to support reproducible research and practical adoption.

Kubernetes is a tool that facilitates rapid deployment of software. Unfortunately, configuring Kubernetes is prone to errors. Configuration defects are not uncommon and can result in serious consequences. This paper reports an empirical study about configuration defects in Kubernetes with the goal of helping practitioners detect and prevent these defects. We study 719 defects that we extract from 2,260 Kubernetes configuration scripts using open source repositories. Using qualitative analysis, we identify 15 categories of defects. We find 8 publicly available static analysis tools to be capable of detecting 8 of the 15 defect categories. We find that the highest precision and recall of those tools are for defects related to data fields. We develop a linter to detect two categories of defects that cause serious consequences, which none of the studied tools are able to detect. Our linter revealed 26 previously-unknown defects that have been confirmed by practitioners, 19 of which have already been fixed. We conclude our paper by providing recommendations on how defect detection and repair techniques can be used for Kubernetes configuration scripts. The datasets and source code used for the paper are publicly available online.