diff --git a/chart/templates/gatekeeper/values.yaml b/chart/templates/gatekeeper/values.yaml
index 443ed1242ccaec9e87cf985e508f9612931b7ba0..0fbfec3767bd8e0cec840d4cfce406ec3c9c8f80 100644
--- a/chart/templates/gatekeeper/values.yaml
+++ b/chart/templates/gatekeeper/values.yaml
@@ -17,18 +17,20 @@ networkPolicies:
   enabled: {{ .Values.networkPolicies.enabled }}
   controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
 violations:  # Try to keep this in alpha order to make it easier to find keys
+
+  {{- if or .Values.istio.enabled .Values.addons.mattermost.enabled }}
   allowedDockerRegistries:
+    {{- if .Values.istio.enabled }}
     match:
       excludedNamespaces:
-       {{- if .Values.istio.enabled }}
         - istio-system # allows creation for loadbalancer pods for various ports and various vendor loadbalancers
-       {{- end }}
-        - kube-system # ignored as the kubernetes distro cannot be controlled
+    {{- end }}
     {{- if .Values.addons.mattermost.enabled }}
     parameters:
       exemptContainers:
         - init-check-database # mattermost needs postgres:13 image and cannot override the upstream
     {{- end }}
+  {{- end }}
 
   {{- if .Values.monitoring.enabled }}
   hostNetworking:
@@ -50,7 +52,6 @@ violations:  # Try to keep this in alpha order to make it easier to find keys
   noPrivilegedContainers:
     match:
       excludedNamespaces:
-        - kube-system
         - logging # Fluentbit needs privileged to read and store the buffer for tailing logs from the nodes
   {{- end }}
 
@@ -58,7 +59,6 @@ violations:  # Try to keep this in alpha order to make it easier to find keys
   restrictedTaint:
     match:
       excludedNamespaces:
-        - kube-system
         - monitoring # Prometheus Node Exporter needs to be able to run on all nodes, regardless of taint, to gather node metrics
   {{- end }}
 
@@ -69,6 +69,7 @@ violations:  # Try to keep this in alpha order to make it easier to find keys
         - logging # FluentBit needs selinux option type spc_t
   {{- end }}
 
+  {{- if or .Values.fluentbit.enabled (or .Values.twistlock.enabled .Values.monitoring.enabled) }}
   volumeTypes:
     match:
       excludedNamespaces:
@@ -87,5 +88,5 @@ violations:  # Try to keep this in alpha order to make it easier to find keys
         # https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus-node-exporter/templates/daemonset.yaml#L150
         - monitoring
        {{- end }}
-        - kube-system #local-path_local-path-provisioner helper-pod-create-pvc
+  {{- end }}
 {{- end -}}
diff --git a/chart/values.yaml b/chart/values.yaml
index 3113d92a850f47d87ff1c79d8fa659f5723bf413..b9f4b9f460bfe88860722d778e1f6fcdbc75fdd0 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -281,7 +281,7 @@ gatekeeper:
   git:
     repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git
     path: "./chart"
-    tag: "3.5.1-bb.7"
+    tag: "3.5.1-bb.8"
 
   # -- Flux reconciliation overrides specifically for the OPA Gatekeeper Package
   flux: