Mariam Fahmy

fix: add CONNECT operation in the webhook config for pod/exec subresource

1

## Explanation This PR checks for the `Pod/exec` subresource, and if it does exists, we return the `operations` specified by the user instead of returning back the default operations. ##...

[Feature] Allow specifying a container within a Pod in Policy Exceptions

18

### Problem Statement If we have a policy that disallows certain capabilities, and we have a deployment with two containers: 1. A sidecar container (e.g., Istio) with capabilities NET_ADMIN and...

feat: introduce v2 for Kyverno policies

1

## Explanation This PR introduces `v2` for clusterpolicies and policies. ## Related issue Closes https://github.com/kyverno/kyverno/issues/7959 Related to https://github.com/kyverno/kyverno/issues/5606 and https://github.com/kyverno/kyverno/issues/8914 ## Milestone of this PR /milestone 1.13 ## Documentation (required...

fix: process the matched resources only for mutate existing policies

5

## Explanation For mutate existing policies, we are getting the trigger resources based on the `kind` only. That's why we end up processing all resources even if the policy doesn't...

fix: add pods/ephemeralcontainers to the generated VAPs

1

## Explanation This PR is to add "pods/ephemeralcontainers" in the match block of the generated ValidatingAdmissionPolicies in case the Kyverno policy matches pods. This is because it is added by...

fix: set all operations by default in the generated VAP

4

## Explanation The generated VAPs set `operations` to only `CREATE` and `UPDATE` in case users don't specify them in the Kyverno policies. This raises an issue when a Kyverno policy...

## Explanation Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.29.3 to 0.30.0.

feat: support generating VAPs in case of matching resources in specific namespaces

3

## Explanation In Kyverno policies, users can match resources in specific namespaces as follows: ``` match: any: - resources: kinds: - Deployment operations: - CREATE - UPDATE namespaces: - production...

[Feature] Policy Exceptions 3.0

5

### Problem Statement ### Description Planned enhancements to Kyverno policy exceptions: - [ ] https://github.com/kyverno/kyverno/issues/6980 (LFX Mentorship) - [ ] https://github.com/kyverno/kyverno/issues/6068 (LFX Mentorship) - [ ] https://github.com/kyverno/kyverno/issues/9330 - [ ]...

feat: support list of policyexception namespaces

1

## Explanation This PR modifies the flag `--exceptionNamespace` to accept a list of a comma-separated namespaces for policy exceptions. ## Related issue Closes #6980 ## Milestone of this PR /milestone...