Add Kubernetes manifest validation CI workflow

[KaranJagtiani]

The Kubernetes YAML manifests in deployment/ are not validated in CI. Invalid manifests, deprecated API versions, or security misconfigurations can reach the main branch without detection.

Scope

• CI (.github/workflows/k8s-validate.yml):
  • Trigger on pull requests that modify files in deployment/.
  • Steps:
    1. Install kubeval or kubeconform for schema validation.
    2. Install kube-score for best-practice scoring.
    3. Validate all YAML files in deployment/ against the Kubernetes API schema.
    4. Run kube-score to check for security and reliability best practices.
    5. Fail on schema errors; warn on best-practice violations.

Acceptance criteria

• CI workflow validates all Kubernetes manifests on relevant PRs.
• Invalid YAML or deprecated API versions fail the workflow.
• Best-practice violations are reported as warnings.
• Workflow is fast (< 2 minutes).

How to test manually

1. Create a PR that modifies a file in deployment/.
2. Verify the CI workflow triggers and validates the manifests.
3. Introduce an invalid resource spec and verify the workflow fails.
4. Fix the issue and verify the workflow passes.

[iSwiin]

I can take this issue. I’ll add .github/workflows/k8s-validate.yml to run on PRs that touch deployment/, validate manifests with kubeconform (fail on schema/deprecated APIs), and run kube-score as warnings. Please assign this to me and I’ll open a PR.