This article discusses the growing concern of insecure Kubernetes configuration, which is a major security issue in cloud-native systems. The rich Kubernetes API allows developers to author large amounts of configuration by hand, mainly in YAML files, often stored in source control systems alongside application code. This creates a large surface area for potential security issues, including unconfigured properties such as CPU and Memory limits, runAsNonRoot, and readOnlyRootFilesystem, which can be exploited by attackers if vulnerabilities occur. As developers take on more responsibility for application security, it's essential to understand the relationship between image vulnerabilities and configuration and have tools that help secure both. The article highlights the need for a multi-stage approach to testing configuration throughout the software development lifecycle (SDLC), including local tools, CI/CD pipelines, repository checks, admission controllers, and production checks.