Agent-Skills.md

Agent Skills: JMESPath for Kyverno

>-

UncategorizedID: adaptive-enforcement-lab/claude-skills/jmespath-for-kyverno

Author

adaptive-enforcement-lab

adaptive-enforcement-lab

https://github.com/adaptive-enforcement-lab View all skills

Repository

adaptive-enforcement-lab/claude-skills

adaptive-enforcement-labLicense: MIT

Install this agent skill to your local

pnpm dlx add-skill https://github.com/adaptive-enforcement-lab/claude-skills/tree/HEAD/plugins/enforce/skills/jmespath-for-kyverno

Skill Files

Browse the full folder contents for jmespath-for-kyverno.

Loading file tree…

plugins/enforce/skills/jmespath-for-kyverno/SKILL.md

Skill Metadata

Name: jmespath-for-kyverno
Description: >-

JMESPath for Kyverno

When to Use This Skill

Use JMESPath when:

Pattern matching can't express your logic
You need conditionals or transformations
Validation depends on multiple fields
You're filtering or comparing arrays

Skip JMESPath when:

Simple pattern matching works (pattern, anyPattern)
You're only checking field existence
No cross-field validation needed

Test Before Deploying

Always test JMESPath expressions with kyverno jp before adding them to policies. Syntax errors fail silently in audit mode and block resources in enforce mode.

Implementation

Install Kyverno CLI for testing:

# Install kyverno CLI
brew install kyverno/kyverno/kyverno

# Test JMESPath expression
kyverno jp query -i manifest.yaml 'spec.template.spec.containers[*].name'

Simple validation example:

See examples.md for detailed code examples.

What this does:

Filters containers without memory limits: containers[?!resources.limits.memory]
Extracts their names: .name
Counts them: | length(@)
Denies if count > 0

Examples

See examples.md for code examples.

References