Agent-Skills.md

Agent Skills: Kyverno Basics

>-

UncategorizedID: adaptive-enforcement-lab/claude-skills/kyverno-basics

Repository

adaptive-enforcement-lab/claude-skills
adaptive-enforcement-labLicense: MIT

Install this agent skill to your local

pnpm dlx add-skill https://github.com/adaptive-enforcement-lab/claude-skills/tree/HEAD/plugins/enforce/skills/kyverno-basics

Skill Files

Browse the full folder contents for kyverno-basics.

Download Skill

Loading file tree…

plugins/enforce/skills/kyverno-basics/SKILL.md

Skill Metadata

Name
kyverno-basics
Description
>-

Kyverno Basics

When to Use This Skill

Kyverno runs as a dynamic admission controller in Kubernetes. It validates, mutates, and generates resources based on policies written in YAML.

Implementation

Install Kyverno using Helm:

See examples.md for detailed code examples.

Kyverno creates webhook configurations that intercept resource creation/updates before they reach etcd.

Comparison

Roll out policies in audit mode first:

spec:
  validationFailureAction: Audit  # Log violations, don't block

Check logs for violations:

kubectl get policyreport -A

NAMESPACE   NAME                          PASS   FAIL   WARN   ERROR   SKIP
default     polr-ns-default              12     3      0      0       0
production  polr-ns-production           45     1      0      0       0

Fix violations. Then switch to Enforce:

spec:
  validationFailureAction: Enforce  # Block violations

Gradual Rollout Strategy

  1. Deploy policy in Audit mode
  2. Monitor PolicyReports for 1 week
  3. Remediate failures
  4. Switch to Enforce mode
  5. Handle exceptions with exclusions

Don't deploy straight to Enforce. Discover violations first.

Examples

See examples.md for code examples.

Related Patterns

  • Policy Patterns
  • Testing and Exceptions
  • CI/CD Integration

References