Update default Kyverno policy settings to remove most audit policies

During beta testing, audit policies have shown a significant impact on clusters with large numbers of pods. CPU/memory spikes on the Kyverno pod and API requests significantly increase, which can cause denial-of-service for admission into the K8S cluster if hammered hard enough. Until we have a suitable workaround for this, the recommendation is to minimize the number of Kyverno policies in audit mode.

For this issue ...

Leave the policies set to enforce alone
Disable all policies in audit mode except
- require-non-root-user
- require-non-root-group

The guidance going forward will be to audit policies that we are actively working on moving to enforce mode.

Admin message

Update default Kyverno policy settings to remove most audit policies