Policy definitions as Kubernetes resources
Validate, mutate, or generate Kubernetes resources
Match resources using label selectors and wildcards
Mutate using overlays (like Kustomize) or JSON Patch
Validate using overlays and powerful conditionals
Generate default resources during namespace creation
Reporting of policy violations for existing resources
Kubernetes events for resource changes and policy enforcement
Test policy changes using kubectl