SPIKE: Audit existing Kyverno policies and identify gaps in documentation.

Description:

This ticket relates to FY2025_Q4 OKR goal of Kyverno policy improvements

Audit existing Kyverno policies:

Kyverno has two main modes for validate policies: enforce and audit.

Enforce mode blocks resources that violate a policy.

Audit mode allows the resource to be created but records the violation in a special Kubernetes custom resource called a PolicyReport or ClusterPolicyReport.

For auditing, you'll primarily use audit mode. This lets you see which resources would fail a new policy without actually breaking your cluster. PolicyReports are the primary mechanism for collecting this audit data. They are automatically generated by Kyverno for both admission events (when a resource is created, updated, or deleted) and for existing resources via a background scan.

Steps:

• 1. Deploy Kyverno with kyverno policies override file
• 2. View Policy Reports and share findings in SPIKE ticket
• 3. Ensure docs are up to date with latest changes and new policy types from v1.15 release.