add non-root-user-istio exception

General MR

Summary

Using upstream recommended template to exclude resources to exclude all istio-init containers from require-non-root-user ClusterPolicy

https://kyverno.io/docs/writing-policies/exceptions/

Relates #54

Relevant logs/screenshots

(Include any relevant logs/screenshots)

added statusreview label

assigned to @massey.robert

added statusdoing label and removed statusreview label

changed the description

changed milestone to %2.15.0

added kindenhancement kyvernoPolicies labels

added 1 commit

• ea7d057d - Update name

Compare with previous version

BB MR with run-as-non-root set to enforce with passing kyverno-policies-test here: https://repo1.dso.mil/big-bang/bigbang/-/jobs/27758266

marked this merge request as ready

added statusreview label and removed statusdoing label

requested review from @mlunato47, @alieberman, @staskiewicz.blane, and @michaelmartin

I have a general question on these changes -- do we need these changes when we have the existing exceptions in bigbang/chart/templates/kyverno-policies/values.yaml e.g.:

      excludeContainers:
        - istio-init

These excludes are on the require-non-root-group and require-non-root-user` rules.

resolved all threads

added 1 commit

• 48593d4d - Update ruleName

Compare with previous version

resolved all threads

approved this merge request

mentioned in commit f8458b33

merged

mentioned in merge request big-bang/bigbang!3434 (merged)