Use `ValidatingAdmissionPolicy` resources

[stevehipwell]

Category

Other

Describe the feature you'd like to request

Given the native Kubernetes ValidatingAdmissionPolicy resource allows for safer* evaluation than a webhook it'd be great if they could be managed via Cedar. At a high level my hypothesis is that some policies could be implemented as ValidatingAdmissionPolicy resources with the associated bindings instead of requiring the webhook on a hot path. This shifts the runtime responsibility to the API server while still allowing the rich management and single configuration language/pattern to be maintained.

* - Fixed cost, non-blocking, no additional compute or operational overhead required

Describe alternatives you've considered

The benefit of a single configuration language/pattern is lost if we need to manage ValidatingAdmissionPolicy resources seperatly.

Additional context

No response

Is this something that you'd be interested in working on?

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change