neuvector enforcer ds pods blocked by restrict-host-path-write (in 2.13.0)

Bug

Description

While deploying BB 2.13.0 the neuvector enforcer daemonset pods were being blocked by the restrict-host-path-write policy as seen in the k8s events:

- apiVersion: v1
  count: 7
  eventTime: null
  firstTimestamp: "2023-10-20T18:08:05Z"
  involvedObject:
    apiVersion: apps/v1
    kind: DaemonSet
    name: neuvector-enforcer-pod
    namespace: neuvector
    resourceVersion: "45331"
    uid: bcbff348-624f-45e1-9ff2-533517f081df
  kind: Event
  lastTimestamp: "2023-10-20T18:10:51Z"
  message: "(combined from similar events): Error creating: admission webhook \"validate.kyverno.svc-fail\"
    denied the request: \n\nresource Pod/neuvector/neuvector-enforcer-pod-b7kvn was
    blocked due to the following policies \n\nrestrict-host-path-write:\n  require-readonly-hostpath:
    'validation failure: hostPath volumes must be mounted\n    as readOnly.'\n"
  metadata:
    creationTimestamp: "2023-10-20T18:08:05Z"
    name: neuvector-enforcer-pod.178fe31a0de3faa4
    namespace: neuvector
    resourceVersion: "47658"
    uid: d8495a0a-06d1-410e-be81-d13968ad7147
  reason: FailedCreate
  reportingComponent: ""
  reportingInstance: ""
  source:
    component: daemonset-controller
  type: Warning

Able to fix by updating the BB values, but assuming better if it neuvector-enforcer-pod* could be added to the exclude resources here:

https://repo1.dso.mil/big-bang/bigbang/-/blob/master/chart/templates/kyverno-policies/values.yaml?ref_type=heads#L458

BigBang Version

What version of BigBang were you running?

2.13.0