Opa deny unallowed docker registries

Package Owner Merge Request

Package Changes

• Updated constraint allowed-docker-registries enforcement to default deny
• Excluded kube-system namespace for constraint allowed-docker-registries
• Excluded istio-system namespace for constraint allowed-docker-registries in template/gatekeeper/values.yaml
• Exempted Mattermost postgres container in template/gatekeeper/values.yaml
• Added docs/production.md to detail recommendation for production

Links to all MRs that are associated with this change are required.

• https://repo1.dso.mil/platform-one/big-bang/apps/core/policy/-/merge_requests/65

Also, include any issues closed with "Closes #ISSUENUMBER". See example:

Closes https://repo1.dso.mil/platform-one/big-bang/apps/core/policy/-/issues/61

Add any labels for affected packages so that they are deployed in CI. See example:

Once the MR is ready for review also add the status::review label.

changed milestone to %1.13.0

added gatekeeper label

added 1 commit

• d4a555a1 - update GK tag

Compare with previous version

Adding additional tags to test "everything"

added anchore argocd authservice clusterAuditor eckoperator elasticsearch fluentbit flux gitlab gitlabRunner haproxy istio jaeger kiali logging mattermost mattermostoperator minio minioOperator monitoring nexus sonarqube twistlock velero labels

added 39 commits

• d4a555a1...93cc878c - 37 commits from branch master
• c6ef35f2 - Merge branch 'master' into opa-deny-unallowed-docker-registries
• c01278c1 - add bb exceptions to templates/gatekeeper/values

Compare with previous version

added 1 commit

• 117bf9fa - update tag in values

Compare with previous version

resolved all threads

resolved all threads

added 1 commit

• b6cce0cb - Apply 1 suggestion(s) to 1 file(s)

Compare with previous version

changed the description

marked this merge request as ready

added statusreview label

added 2 commits

• 90e78a8e - Add production doc to note production mod
• 2dc8c96a - Merge branch 'opa-deny-unallowed-docker-registries' of...

Compare with previous version

changed the description

added 1 commit

• 7831c3cf - updated docs/production.md

Compare with previous version

added 1 commit

• 70b9e459 - Update production.md

Compare with previous version

added 1 commit

• e6a6b5da - Update production.md

Compare with previous version

approved this merge request

added 9 commits

• e6a6b5da...443e73f6 - 8 commits from branch master
• 1a6ab4d5 - Merge branch 'master' into 'opa-deny-unallowed-docker-registries'

Compare with previous version

resolved all threads

approved this merge request

enabled an automatic merge when the pipeline for 1a6ab4d5 succeeds

mentioned in merge request !693 (merged)

resolved all threads

aborted the automatic merge because source branch was updated

added 1 commit

• a3e4b540 - fixed alignment

Compare with previous version

approved this merge request

merged

mentioned in commit ae6a0d70