From 414c993fe1addbdc401a4c70f371e601ca1646c5 Mon Sep 17 00:00:00 2001
From: Jonas Juselius <jonas.juselius@oceanbox.io>
Date: Mon, 18 Nov 2024 10:33:34 +0100
Subject: [PATCH] feat: add cpol to sync azure keyvault credentials

---
 .../sync-keyvault-secret.yaml                 | 32 +++++++++++++++++++
 .../sync-keyvault-secret.yaml                 | 32 +++++++++++++++++++
 2 files changed, 64 insertions(+)
 create mode 100644 resources/ekman-cluster/kyverno-policies/sync-keyvault-secret.yaml
 create mode 100644 resources/oceanbox-cluster/kyverno-policies/sync-keyvault-secret.yaml

diff --git a/resources/ekman-cluster/kyverno-policies/sync-keyvault-secret.yaml b/resources/ekman-cluster/kyverno-policies/sync-keyvault-secret.yaml
new file mode 100644
index 00000000..48f0277e
--- /dev/null
+++ b/resources/ekman-cluster/kyverno-policies/sync-keyvault-secret.yaml
@@ -0,0 +1,32 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  annotations:
+    policies.kyverno.io/category: Sample
+    policies.kyverno.io/description: 'Access dataprotection keys from Azure Key Vault'
+  creationTimestamp: "2024-01-15T11:58:24Z"
+  name: sync-keyvault-secrets
+spec:
+  admission: true
+  background: true
+  generateExisting: true
+  rules:
+  - generate:
+      apiVersion: v1
+      clone:
+        name: azure-keyvault
+        namespace: sorcerer
+      kind: Secret
+      name: azure-keyvault
+      namespace: '{{request.object.metadata.name}}'
+      synchronize: true
+    match:
+      any:
+      - resources:
+          kinds:
+          - Namespace
+          names:
+          - "*-sorcerer"
+    name: sync-keyvault-secrets
+
+
diff --git a/resources/oceanbox-cluster/kyverno-policies/sync-keyvault-secret.yaml b/resources/oceanbox-cluster/kyverno-policies/sync-keyvault-secret.yaml
new file mode 100644
index 00000000..eb6ec222
--- /dev/null
+++ b/resources/oceanbox-cluster/kyverno-policies/sync-keyvault-secret.yaml
@@ -0,0 +1,32 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  annotations:
+    policies.kyverno.io/category: Sample
+    policies.kyverno.io/description: 'Access dataprotection keys from Azure Key Vault'
+  creationTimestamp: "2024-01-15T11:58:24Z"
+  name: sync-keyvault-secrets
+spec:
+  admission: true
+  background: true
+  generateExisting: true
+  rules:
+  - generate:
+      apiVersion: v1
+      clone:
+        name: azure-keyvault
+        namespace: atlantis
+      kind: Secret
+      name: azure-keyvault
+      namespace: '{{request.object.metadata.name}}'
+      synchronize: true
+    match:
+      any:
+      - resources:
+          kinds:
+          - Namespace
+          names:
+          - "*-atlantis"
+    name: sync-keyvault-secrets
+
+