Move gitlab-minio exceptions to test, update redis comment

chart/templates/kyverno/policies/values.yaml

@@ -192,13 +192,12 @@ policies:
     {{- if .Values.addons.gitlab.enabled }}
     exclude:
       any:
-      # Gitlab Minio and Redis sub-charts are not configured with securityContext values from upstream. Minio and Redis
-      # installations are only recommended for dev/CI environments.
+      # Gitlab Redis sub-chart does not have configurable securityContext values from upstream. An issue has been opened 
+      # upstream to add these capabilities: https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3375
       - resources:
           namespaces:
           - gitlab
           names:
-          - gitlab-minio-*
           - gitlab-redis-*
     {{- end }}
 
@@ -268,13 +267,12 @@ policies:
           - logging-promtail*
       {{- end }}
       {{- if .Values.addons.gitlab.enabled }}
-      # Gitlab Minio and Redis sub-charts are not configured with securityContext values from upstream. Minio and Redis
-      # installations are only recommended for dev/CI environments.
+      # Gitlab Redis sub-chart does not have configurable securityContext values from upstream. An issue has been opened 
+      # upstream to add these capabilities: https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3375
       - resources:
           namespaces:
           - gitlab
           names:
-          - gitlab-minio-*
           - gitlab-redis-*
       {{- end }}
     {{- end }}
@@ -326,13 +324,12 @@ policies:
           - logging-promtail*
       {{- end }}
       {{- if .Values.addons.gitlab.enabled }}
-      # Gitlab Minio and Redis sub-charts are not configured with securityContext values from upstream. Minio and Redis
-      # installations are only recommended for dev/CI environments.
+      # Gitlab Redis sub-chart does not have configurable securityContext values from upstream. An issue has been opened 
+      # upstream to add these capabilities: https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3375
       - resources:
           namespaces:
           - gitlab
           names:
-          - gitlab-minio-*
           - gitlab-redis-*
       {{- end }}
     {{- end }}

tests/test-values.yaml

@@ -441,6 +441,36 @@ kyvernopolicies:
           update:
           - from: replace.image.registry
             to: registry1.dso.mil
+      require-drop-all-capabilities:
+        exclude:
+          any:
+          # Gitlab Minio sub-chart does not have configurable securityContext values from upstream. Minio installation 
+          # is only recommended for Dev/CI environments.
+          - resources:
+              namespaces:
+              - gitlab
+              names:
+              - gitlab-minio-*
+      require-non-root-group:
+        exclude:
+          any:
+          # Gitlab Minio sub-chart does not have configurable securityContext values from upstream. Minio installation 
+          # is only recommended for Dev/CI environments.
+          - resources:
+              namespaces:
+              - gitlab
+              names:
+              - gitlab-minio-*
+      require-non-root-user:
+        exclude:
+          any:
+          # Gitlab Minio sub-chart does not have configurable securityContext values from upstream. Minio installation 
+          # is only recommended for Dev/CI environments.
+          - resources:
+              namespaces:
+              - gitlab
+              names:
+              - gitlab-minio-*
 
 logging:
   enabled: true