Merge branch '761-gatekeeper-execeptions-for-istio-injection' into 'master'

Add excluded namespaces for istio-injection Closes #761 See merge request !3781

Merge branch '761-gatekeeper-execeptions-for-istio-injection' into 'master'
24aba89d · Michael Martin · 646253f7 · 29f9e8db · 24aba89d
Commit 24aba89d authored 1 year ago by Michael Martin
--- a/chart/templates/gatekeeper/values.yaml
+++ b/chart/templates/gatekeeper/values.yaml
@@ -103,6 +103,22 @@ violations:  # Try to keep this in alpha order to make it easier to find keys

  namespacesHaveIstio:
    enabled: {{ .Values.istio.enabled }}
+    parameters:
+      excludedResources:
+        # Kuberentes control plane does not use Istio
+        - kube-node-lease
+        - kube-public
+        - kube-system
+        # No pods in bigbang / default
+        - bigbang
+        - default
+        # Flux is installed prior to Istio
+        - flux-system
+        # Istio does not inject itself
+        - istio-operator
+        - istio-system
+        # Kyverno is installed prior to Istio
+        - kyverno

  {{- if or .Values.fluentbit.enabled .Values.neuvector.enabled }}
  noPrivilegedContainers: