Kyverno Policies: Move nodeport enforcement to BB override

Package Merge Request

Package Changes

Package default is "audit", BB override is "enforcing"

Package MR

https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno-policies/-/merge_requests/41

For Issue

Closes https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno-policies/-/issues/15

chart/templates/kyverno/policies/values.yaml

@@ -44,9 +44,10 @@ policies:
   {{- end }}
   {{- end }}
 
-  {{- if $nodePortIngressGateways }}
   # Istio services (istio ingress) can create type: NodePort services
   disallow-nodeport-services:
+    validationFailureAction: enforce
+    {{- if $nodePortIngressGateways }}
     exclude:
       any:
       - resources:
@@ -58,7 +59,7 @@ policies:
           {{- end }}
           namespaces:
           - "istio-system"
-  {{- end }}
+    {{- end }}
 
   disallow-image-tags:
     validationFailureAction: enforce