Exclude to filter and select resources
The following picture shows the structure of a Kyverno Policy:
Each Kyverno policy contains one or more rules. Each rule has a
match clause, an optional
exclude clause, and one of a
Each rule can validate, mutate, or generate configurations of matching resources. A rule definition can contain only a single mutate, validate, or generate child node.
During admission control mutation rules are applied before validation.
Check resource configurations for policy compliance
Update resources during admission controls
Create additional resources based on resource creation, or label/metadata changes.
Use request data, ConfigMaps, and built-in variables in policy rules
Control policy rule execution based on variables.
Automatically generate rules for pod controllers.
Manage aplying policies to existing resources in a cluster