Add RFC 10, Rancher integration of policies

[viccuad]

Description

Relates to https://github.com/kubewarden/rfc/issues/7

Rendered RFC.

[viccuad]

As an example of a Helm chart for a policy, see https://github.com/kubewarden/allow-privilege-escalation-psp-policy/pull/30.

This example is implemented directly in the main branch of the policy repo, instead of an orphan branch, and is reusing its readme, license, and files.

[flavio]

I propose a variation on the alternative approach which is an hybrid between the core proposal and alternative "A":

• Store the additional information inside of the Wasm metadata

• Have a tool that reads the embedded metadata and produces as output all the Rancher helm chart files

Looking at the contents created via https://github.com/kubewarden/allow-privilege-escalation-psp-policy/pull/30, I think the only reasonable thing to include inside of the policy metadata would be the questions.yml stuff. I wonder if this is worth the effort...

[viccuad]

Committed clarification of points, and reworded to use folder instead of branch.

Looking at the contents created via https://github.com/kubewarden/allow-privilege-escalation-psp-policy/pull/30, I think the only reasonable thing to include inside of the policy metadata would be the questions.yml stuff. I wonder if this is worth the effort...

It also provides a simple airgap story for the metadata (download Helm charts, mirror OCI wasm modules).

I still favour Alternative B (use OCI's manifest.config). To me, feels like the correct implementation. It's a field that is present for normal container images, simplifies airgap, removes unneeded metadata from artifacthub-pkg.yml.

We just need a client that can pull the manifest of an artifact from an OCI registry (e.g: 30 secs search, https://github.com/Pixeladed/oci-registry-js), and to do so on kwctl push too. We aren't making much of a new promise, just substituting storing the metadata in artifacthub/helm chart for the OCI repo.

[viccuad]

Merging! we can make adjustments later on.