Add excluded namespaces for istio-injection

Package Merge Request

Package Changes

Adding namespaces to be excluded from istio-injection - Really just to close out the last issue in this epic

Package MR

N/A

For Issue

Closes https://repo1.dso.mil/big-bang/bigbang/-/issues/761

Upgrade Notices

N/A

Closes #761

chart/templates/gatekeeper/values.yaml

@@ -103,6 +103,22 @@ violations:  # Try to keep this in alpha order to make it easier to find keys
 
   namespacesHaveIstio:
     enabled: {{ .Values.istio.enabled }}
+    parameters:
+      excludedResources:
+        # Kuberentes control plane does not use Istio
+        - kube-node-lease
+        - kube-public
+        - kube-system
+        # No pods in bigbang / default
+        - bigbang
+        - default
+        # Flux is installed prior to Istio
+        - flux-system
+        # Istio does not inject itself
+        - istio-operator
+        - istio-system
+        # Kyverno is installed prior to Istio
+        - kyverno
 
   {{- if or .Values.fluentbit.enabled .Values.neuvector.enabled }}
   noPrivilegedContainers: