AI for Reviewing Helm and Kustomize Manifest PRs

End-of-lesson check

15 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-ai-coding-AI-manifest-validation-creators

1. What is the primary purpose of adding an LLM check to a CI pipeline for Kubernetes manifests?

   1. To replace all validation tools and approve deployments automatically
   2. To catch common but often-overlooked issues like missing resource limits before manifests reach a cluster
   3. To generate new Kubernetes manifests from scratch based on requirements
   4. To validate cluster-specific admission policies and security constraints

2. Which of the following issues can an LLM reliably flag when reviewing Kubernetes manifests?

   1. Missing resource requests and limits in container specifications
   2. The exact memory and CPU allocation needed for optimal performance
   3. Whether a deployment will succeed in the target cluster
   4. Network policies required for inter-pod communication

3. A developer asks an LLM to determine how much CPU and memory their application actually needs in production. What is the fundamental limitation of this request?

   1. LLMs lack access to real-time metrics about actual workload behavior
   2. LLMs cannot read the manifest files being reviewed
   3. LLMs always require GPU access for this task
   4. LLMs cannot parse YAML format accurately

4. What does 'rendered manifests' refer to in the context of Helm and Kustomize?

   1. The original source code files before any templating
   2. The final YAML output after Helm templates or Kustomize overlays have been applied
   3. The error messages generated when manifests fail validation
   4. A visual diagram showing the Kubernetes architecture

5. According to the recommended output format, what information should the LLM provide for each issue found?

   1. The entire manifest section containing the problem
   2. File path, line number, severity level, and a one-line description of the issue
   3. A confidence score and natural language summary
   4. A detailed explanation of the root cause and suggested fix

6. Which of the following can an LLM NOT do when reviewing Kubernetes manifests?

   1. Validate whether the manifest complies with cluster-specific admission policies
   2. Identify label/selector mismatches between resources
   3. Flag missing resource limits in container specifications
   4. Detect missing probe configurations in deployments

7. What is the practical benefit of detecting label/selector mismatches in a Kubernetes manifest review?

   1. It validates that all pods use the latest Kubernetes version
   2. It automatically generates new labels for resources
   3. It ensures containers have the correct base image
   4. It prevents services from failing to route traffic to pods due to selector misalignment

8. Which tool was explicitly mentioned as an example of a hard check that should complement the LLM?

   1. helmfile
   2. skiff
   3. kube-linter
   4. kubectl

9. A team configures their LLM to reject any manifest that doesn't have a specific security policy defined in their cluster. Why might this approach fail?

   1. LLMs always approve all manifests
   2. LLMs cannot read YAML files
   3. YAML cannot be parsed by AI models
   4. The LLM lacks access to cluster-specific admission policies and cannot validate against them

10. What risk exists when relying solely on LLMs to catch logic bugs in Helm template values?

    1. LLMs will always catch logic bugs in templates
    2. Logic bugs are not relevant to Kubernetes manifests
    3. LLMs will delete the template files
    4. LLMs cannot reliably detect logic errors in templated values - they may appear syntactically valid but produce wrong behavior

11. A user reports their service cannot reach pods even though the pod IP is correct. What manifest issue might an LLM flag as the cause?

    1. Incorrect container image tag
    2. A label/selector mismatch between the service and its target pods
    3. Missing environment variables in the container
    4. A missing configmap mount

12. What type of probe configuration issue can an LLM detect during manifest review?

    1. Missing readiness or liveness probe definitions
    2. The exact timeout value a probe should use
    3. Whether a probe will succeed in production
    4. How many times a probe has failed historically

13. What information should be excluded from an LLM's one-line issue output?

    1. The line number in the file
    2. The severity level of the issue
    3. Detailed step-by-step fix instructions
    4. The file path where the issue occurs

14. What should you do with an AI-generated draft before using it?

    1. Submit it untouched and assume everything is correct.
    2. Delete the entire response and start over from scratch every time.
    3. Forward it to a friend without reading it yourself.
    4. Read it carefully, check facts, and decide what (if anything) to keep.

15. What is the responsible stance toward disclosing AI help?

    1. Claim full credit without mentioning any tools used.
    2. Hide any AI use so the work looks more impressive.
    3. Refuse to answer if anyone asks how the work was made.
    4. Be honest about how AI was used so others can judge the work fairly.