diff --git a/go.mod b/go.mod
index 4f4371b..c34f191 100644
--- a/go.mod
+++ b/go.mod
@@ -8,4 +8,5 @@ require (
 	github.com/stretchr/testify v1.4.0
 	golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f // indirect
 	golang.org/x/tools v0.0.0-20191209225234-22774f7dae43 // indirect
+	gopkg.in/yaml.v2 v2.2.2
 )
diff --git a/internal/run/initkube_test.go b/internal/run/initkube_test.go
index 87471ba..72452a8 100644
--- a/internal/run/initkube_test.go
+++ b/internal/run/initkube_test.go
@@ -2,6 +2,7 @@ package run
 
 import (
 	"github.com/stretchr/testify/suite"
+	yaml "gopkg.in/yaml.v2"
 	"io/ioutil"
 	"os"
 	"testing"
@@ -92,6 +93,10 @@ func (suite *InitKubeTestSuite) TestExecuteGeneratesConfig() {
 		suite.Contains(string(contents), expected)
 	}
 
+	// the generated config should be valid yaml, with no repeated keys
+	conf := map[string]interface{}{}
+	suite.NoError(yaml.UnmarshalStrict(contents, &conf))
+
 	// test the other branch of the certificate/SkipTLSVerify conditional
 	init.SkipTLSVerify = true
 	init.Certificate = ""
@@ -101,6 +106,9 @@ func (suite *InitKubeTestSuite) TestExecuteGeneratesConfig() {
 	contents, err = ioutil.ReadFile(configFile.Name())
 	suite.Require().NoError(err)
 	suite.Contains(string(contents), "insecure-skip-tls-verify: true")
+
+	conf = map[string]interface{}{}
+	suite.NoError(yaml.UnmarshalStrict(contents, &conf))
 }
 
 func (suite *InitKubeTestSuite) TestPrepareParseError() {