Brian Kane 38dea0b56c feat: application-scoped policies (#7067) ...

Introduces application-scoped policies and global auto-applied policies
for KubeVela.

Key changes:
- PolicyDefinition gains `scope`, `global`, and `priority` fields
- Global policies (global=true, scope=Application) are auto-applied to
  every Application in their namespace (and vela-system globals apply
  cluster-wide) without being listed in spec.policies
- PolicyScopeIndex: in-memory singleton index of PolicyDefinition
  metadata, bootstrapped at startup and kept live via watch events.
  Follows KubeVela's 2-step lookup (local namespace → vela-system)
- ApplicationPolicyCache: per-app cache of rendered policy results,
  invalidated by spec hash, revision hash, or TTL; cleared on deletion
- Policy rendering pipeline extended to inject global policies before
  user-specified ones, respecting priority ordering
- Appfile.Context carries context.Context from controller into rendering
- Feature gates: EnableApplicationScopedPolicies and EnableGlobalPolicies
  (both Alpha, default false); admission webhook warns when a
  PolicyDefinition targets a disabled gate

Signed-off-by: Brian Kane <briankane1@gmail.com>

2026-03-19 07:58:15 -07:00

..

build.mk

Fix: update build.mk (#6374)

2023-12-05 13:13:07 +08:00

const.mk

Chore: imports workflow crd from pkg repo (#6954)

2025-11-06 18:56:04 -08:00

dependency.mk

Feat: 7019 Support re-running workflows and ensure passed data is updated during dispatch (#7025)

2026-01-19 11:18:10 +00:00

develop.mk

Feat: webhook reject unknown cr outputs (#6932)

2025-09-30 09:30:53 -07:00

e2e.mk

feat: application-scoped policies (#7067)

2026-03-19 07:58:15 -07:00

release.mk

Chore: move the API server to the VelaUX repository (#5636)

2023-03-13 13:53:35 +08:00