diff --git a/chart/templates/gatekeeper/gatekeeper-helmrelease.yaml b/chart/templates/gatekeeper/gatekeeper-helmrelease.yaml
index 4e54a08c1deb351abdf9b5b971401074f7fa78e7..82185afa35696dbedf1fc97988e597aa1a066e5e 100644
--- a/chart/templates/gatekeeper/gatekeeper-helmrelease.yaml
+++ b/chart/templates/gatekeeper/gatekeeper-helmrelease.yaml
@@ -11,6 +11,7 @@ metadata:
     {{- include "commonLabels" . | nindent 4}}
 spec:
   targetNamespace: gatekeeper-system
+
   chart:
     spec:
       chart: {{ .Values.gatekeeper.git.path }}
diff --git a/chart/templates/gatekeeper/values.yaml b/chart/templates/gatekeeper/values.yaml
index 693669ace65c7aa7427cc222948ee44d6f145aed..f82d2ea12a267ecd14c07fa96ae159b223ca02d5 100644
--- a/chart/templates/gatekeeper/values.yaml
+++ b/chart/templates/gatekeeper/values.yaml
@@ -14,5 +14,35 @@ postInstall:
       - name: private-registry
 networkPolicies:
   enabled: {{ .Values.networkPolicies.enabled }}
-  controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}        
+  controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
+violations:  # Try to keep this in alpha order to make it easier to find keys
+  {{- if .Values.monitoring.enabled }}
+  hostNetworking:
+    match:
+      excludedNamespaces:
+        - monitoring # Allow node exporter to export metrics. The exporters live in pod monitoring-monitoring-prometheus-node-exporter-XXXX
+  {{- end }}
+
+  {{- if .Values.logging.enabled }}
+  noPrivilegedContainers:
+    match:
+      excludedNamespaces:
+        - kube-system
+        - logging # Fluentbit needs privileged to read and store the buffer for tailing logs from the nodes
+  {{- end }}
+
+  {{- if .Values.monitoring.enabled }}
+  restrictedTaint:
+    match:
+      excludedNamespaces:
+        - kube-system
+        - monitoring # Prometheus Node Exporter needs to be able to run on all nodes, regardless of taint, to gather node metrics
+  {{- end }}
+
+  {{- if .Values.logging.enabled }}
+  selinuxPolicy:
+    match:
+      excludedNamespaces:
+        - logging # FluentBit needs selinux option type spc_t
+  {{- end }}
 {{- end -}}
diff --git a/chart/values.yaml b/chart/values.yaml
index b0d1564a463c15a11fd9fb175a29e922bde271b4..d4efde77c5f9e8dcd3cbd0826ff537f8fa85ca37 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -234,10 +234,14 @@ gatekeeper:
   git:
     repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git
     path: "./chart"
-    tag: "3.4.0-bb.19"
+    tag: "3.5.1-bb.1"
 
   # -- Flux reconciliation overrides specifically for the OPA Gatekeeper Package
-  flux: {}
+  flux:
+    install:
+      crds: CreateReplace
+    upgrade:
+      crds: CreateReplace
 
   # -- Values to passthrough to the gatekeeper chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git
   values: {}