[Feature] Resolve context variables as needed

### Problem Statement

Kyverno resolves all context variables before anything else. This produces two problems, one related to performance and the other related to policy application.

1. All context variables are resolved to their values before any processing of preconditions or rule logic begins. Especially for context variables which perform API lookups, this could result in additional load on the Kubernetes API server and Kyverno itself which may ultimately be useless if a precondition in which it would be consumed is short circuited.
2. Because all context variables are resolved first, there may be some which return a fail state which would be skipped if preconditions weren't met. Preconditions must be met before the rule body is evaluated.

### Solution Description

Only look up context vars when they're needed.

### Alternatives

_No response_

### Additional Context

_No response_

### Slack discussion

https://kubernetes.slack.com/archives/CLGR9BJU9/p1647524925493759

### Research

- [X] I have read and followed the documentation AND the [troubleshooting guide](https://kyverno.io/docs/troubleshooting/).
- [X] I have searched other issues in this repository and mine is not recorded.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Feature] Resolve context variables as needed #3474

Problem Statement

Solution Description

Alternatives

Additional Context

Slack discussion

Research

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Feature] Resolve context variables as needed #3474

Description

Problem Statement

Solution Description

Alternatives

Additional Context

Slack discussion

Research

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions