diff --git a/resources/ekman-cluster/kyverno-policies/sync-keyvault-secret.yaml b/resources/ekman-cluster/kyverno-policies/sync-keyvault-secret.yaml new file mode 100644 index 00000000..48f0277e --- /dev/null +++ b/resources/ekman-cluster/kyverno-policies/sync-keyvault-secret.yaml @@ -0,0 +1,32 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + annotations: + policies.kyverno.io/category: Sample + policies.kyverno.io/description: 'Access dataprotection keys from Azure Key Vault' + creationTimestamp: "2024-01-15T11:58:24Z" + name: sync-keyvault-secrets +spec: + admission: true + background: true + generateExisting: true + rules: + - generate: + apiVersion: v1 + clone: + name: azure-keyvault + namespace: sorcerer + kind: Secret + name: azure-keyvault + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + names: + - "*-sorcerer" + name: sync-keyvault-secrets + + diff --git a/resources/oceanbox-cluster/kyverno-policies/sync-keyvault-secret.yaml b/resources/oceanbox-cluster/kyverno-policies/sync-keyvault-secret.yaml new file mode 100644 index 00000000..eb6ec222 --- /dev/null +++ b/resources/oceanbox-cluster/kyverno-policies/sync-keyvault-secret.yaml @@ -0,0 +1,32 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + annotations: + policies.kyverno.io/category: Sample + policies.kyverno.io/description: 'Access dataprotection keys from Azure Key Vault' + creationTimestamp: "2024-01-15T11:58:24Z" + name: sync-keyvault-secrets +spec: + admission: true + background: true + generateExisting: true + rules: + - generate: + apiVersion: v1 + clone: + name: azure-keyvault + namespace: atlantis + kind: Secret + name: azure-keyvault + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + names: + - "*-atlantis" + name: sync-keyvault-secrets + +