Add capability to exclude specific container names from policies

relates #4

changed milestone to %1.34.0

added Demo Candidate kindfeature kyverno statusdoing teamcore/security + 1 deleted label

assigned to @toladipupo

added 1 commit

• 33323498 - updated readme

Compare with previous version

added 3 commits

• 5a75f7f0 - adding testing policies
• b17c8c86 - adding testing policies
• 4980d4e2 - updated policies to use template

Compare with previous version

marked this merge request as ready

added statusreview label and removed statusdoing label

added 1 commit

• fa10030f - updated helper

Compare with previous version

added 1 commit

• 2ca60283 - revert policy change

Compare with previous version

added 1 commit

• 51835462 - updated policy

Compare with previous version

added 13 commits

• 51835462...5e7241bb - 2 commits from branch main
• 6826ee18 - update latest tag policy
• 795dfd62 - updated disallow-privilege-escalation
• 9ece6350 - updated readme
• f0a07890 - updated readme
• 04f34246 - adding testing policies
• b8344f73 - adding testing policies
• 27ff4299 - updated policies to use template
• 4efa196d - updated helper
• 444553db - revert policy change
• 16e73005 - updated policy
• 9faa1ffe - fixed disallow-selinux-options

Compare with previous version

requested review from @michaelmcleroy

requested review from @echuang

@toladipupo For all the policies that you split into 2 rules (pod and container), there is a small case that could cause problems. Take the following yaml

spec:
  securityContext:
    runAsUser: 0
  container:
    securityContext:
      runAsUser: 1000
    <container stuff>
  initContainer:
    name: exclude-this

Let's say we excluded the exclude-this container in our values. The pod would still get denied even though all of the included containers have values that are ok. Trying to think of a good way to do this...

changed milestone to %1.35.0

added statusdoing label and removed statusreview label

added statusreview label and removed statusdoing label