Merge branch 'gatekeeper-73-https' into 'master'

Gatekeeper: Update https-only to deny Closes platform-one/big-bang/apps/core/policy#60 See merge request platform-one/big-bang/bigbang!696

Merge branch 'gatekeeper-73-https' into 'master'
c0874a5f · Micah Nagel · c5e02370 · 6bfb441a · c0874a5f · c0874a5f
Commit c0874a5f authored 3 years ago by Micah Nagel
--- a/chart/templates/gatekeeper/values.yaml
+++ b/chart/templates/gatekeeper/values.yaml
@@ -37,6 +37,15 @@ violations:  # Try to keep this in alpha order to make it easier to find keys
        - monitoring # Allow node exporter to export metrics. The exporters live in pod monitoring-monitoring-prometheus-node-exporter-XXXX
  {{- end }}

+  httpsOnly:
+    match:
+      excludedNamespaces: 
+       {{- if .Values.addons.mattermost.enabled }}
+        # mattermost currently does not useIngressTLS hence Ingress is created without TLS field by the operator.
+        # Adding exemption, pending https://github.com/mattermost/mattermost-operator/issues/235
+        - mattermost
+       {{- end }}
+
  {{- if .Values.logging.enabled }}
  noPrivilegedContainers:
    match:

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -281,7 +281,7 @@ gatekeeper:
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git
    path: "./chart"
-    tag: "3.5.1-bb.3"
+    tag: "3.5.1-bb.4"

  # -- Flux reconciliation overrides specifically for the OPA Gatekeeper Package
  flux: