Add k3d load balancer exception to dev/ci values for gatekeeper allowed registries

In the dev-k3d-values.yaml and the CI values.yaml, add an k3d load balancer exception for the gatekeeper constraint that limits allowed registries. Use excludedResources and add istio-system/svclb-.*. This should only be in the dev and ci values, not in the default values.

NOTE: Although our CI doesn't currently use K3D's internal load balancer, we may choose to do so in the future.

Testing:

Create an ingress gateway in big bang with the following:

istio:
  ingressGateways:
    public-ingressgateway:
      type: "LoadBalancer"
      kubernetesResourceSpec:
        serviceAnnotations:
          service.beta.kubernetes.io/aws-load-balancer-type: nlb
          service.beta.kubernetes.io/aws-load-balancer-internal: "true"

This will create the service load balancer pods in the istio-system namespace. Then validate that OPA Gatekeeper is not flagging this as a violation when you use the k3d-dev-values.yaml or the ci values.yaml

added to epic &79 (closed)

changed the description

set weight to 3

set weight to 2

marked this issue as a duplicate of #776 (closed)

closed

marked this issue as related to #776 (closed)