Refactor Kyverno policies to update deprecated fields

In the current version, the Kyverno policies are defined with deprecated fields, as it follows:

Deprecated fields

GROUP:      kyverno.io
KIND:       Policy
VERSION:    v1

FIELD: spec <Object>


DESCRIPTION:
    Spec defines policy behaviors and contains one or more rules.

FIELDS:
  admission     <boolean>
    Admission controls if rules are applied during admission.
    Optional. Default value is "true".

  applyRules    <string>
  enum: All, One
    ApplyRules controls how rules in a policy are applied. Rule are processed in
    the order of declaration. When set to `One` processing stops after a rule
    has
    been applied i.e. the rule matches and results in a pass, fail, or error.
    When
    set to `All` all rules in the policy are processed. The default is `All`.

  background    <boolean>
    Background controls if rules are applied to existing resources during a
    background scan.
    Optional. Default value is "true". The value must be set to "false" if the
    policy rule
    uses variables that are only available in the admission review request (e.g.
    user name).

  emitWarning   <boolean>
    EmitWarning enables API response warnings for mutate policy rules or
    validate policy rules with validationFailureAction set to Audit.
    Enabling this option will extend admission request processing times. The
    default value is "false".

  failurePolicy <string>
  enum: Ignore, Fail
    Deprecated, use failurePolicy under the webhookConfiguration instead.

  generateExisting      <boolean>
    Deprecated, use generateExisting under the generate rule instead

  generateExistingOnPolicyUpdate        <boolean>
    Deprecated, use generateExisting instead

  mutateExistingOnPolicyUpdate  <boolean>
    Deprecated, use mutateExistingOnPolicyUpdate under the mutate rule instead

  rules <[]Object>
    Rules is a list of Rule instances. A Policy contains multiple rules and
    each rule can validate, mutate, or generate resources.

  schemaValidation      <boolean>
    Deprecated.

  useServerSideApply    <boolean>
    UseServerSideApply controls whether to use server-side apply for generate
    rules
    If is set to "true" create & update for generate rules will use apply
    instead of create/update.
    Defaults to "false" if not specified.

  validationFailureAction       <string>
  enum: audit, enforce, Audit, Enforce
    Deprecated, use validationFailureAction under the validate rule instead.

  validationFailureActionOverrides      <[]Object>
    Deprecated, use validationFailureActionOverrides under the validate rule
    instead.

  webhookConfiguration  <Object>
    WebhookConfiguration specifies the custom configuration for Kubernetes
    admission webhookconfiguration.

  webhookTimeoutSeconds <integer>
    Deprecated, use webhookTimeoutSeconds under webhookConfiguration instead.

These fields should be refactored to their updated equivalents, which are now defined under specific rule blocks.

Tasks:

Audit all Kyverno policies in the repository for deprecated top-level fields
Update policies to use the recommended fields
Validate changes

Edited May 13, 2025 by Amit Kumar