kyvernoPolicies update to 3.3.4-bb.4

Package Merge Request

Package Changes

https://repo1.dso.mil/big-bang/product/packages/kyverno-policies/-/blob/3.3.4-bb.4/CHANGELOG.md

Package MR

big-bang/product/packages/kyverno-policies!230 (merged)

For Issue

Closes big-bang/product/packages/kyverno-policies#136 (closed)

Upgrade Notices

This is a new feature to test policy exceptions before potentially making them permanent or to allow one off exceptions to those who accept the risks. Due to CVE-2024-48921, the policy exceptions feature is disabled by default and can be enabled only for specific namespaces. As a result, by default this feature is only enabled for a specific namespace within test-values.yaml:

features:
  policyexceptions:
    enabled: true
    # -- Restrict policy exceptions to a single namespace
    namespace: 'kyverno'

This can be enabled within kyverno for those who accept the risks by setting the feature to be enabled within values.yaml and then editing the desired namespace for allowed exceptions, or by passing in an override with the above yaml snippit as an example. Once enabled, there's a sample policyexception in the kyverno-policies values.yaml that can then be overwritten. Another example, exists within the test-values.yaml that was used to test the feature.