feat: remove rabbitmq secret from atlantis chart and put it in kustomizations

charts/atlantis/templates/secrets.yaml

@@ -1,13 +1,3 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  annotations:
-    kyverno/clone: "true"
-  name: {{ .Release.Name }}-rabbitmq
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-data:
----
 {{- if not .Values.cluster.enabled }}
 apiVersion: v1
 kind: Secret

policies/oceanbox/kyverno/sync-atlantis-secrets.yaml

@@ -1,12 +1,37 @@
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
-  name: sync-dev-atlantis-secrets
+  name: sync-atlantis-secrets
 spec:
   background: true
   generateExisting: false
   rules:
-  - name: sync-rabbitmq-secret
+  - name: sync-prod-rabbitmq-secret
+    generate:
+      apiVersion: v1
+      kind: Secret
+      name: '{{ request.object.metadata.name }}'
+      namespace: '{{ request.object.metadata.namespace }}'
+      synchronize: true
+      clone:
+        name: prod-rabbitmq
+        namespace: rabbitmq
+    match:
+     any:
+     - resources:
+         kinds:
+         - Secret
+         names:
+         - "*-rabbitmq"
+         annotations:
+           kyverno/clone: "true"
+           kyverno/env: "prod"
+    exclude:
+      any:
+      - resources:
+          annotations:
+            vcluster.loft.sh/controlled-by: secret/v1/GenericImport
+  - name: sync-dev-rabbitmq-secret
     generate:
       apiVersion: v1
       kind: Secret
@@ -25,6 +50,7 @@ spec:
          - "*-rabbitmq"
          annotations:
            kyverno/clone: "true"
+           kyverno/env: "staging"
     exclude:
       any:
       - resources:

values/atlantis/prod/kustomization.yaml

@@ -12,6 +12,7 @@ patches:
     path: deployment_patch.yaml
 resources:
   - ../base
+  - secrets.yaml
   - rbac.yaml
   - tracing.yaml
   - bindings.yaml

values/atlantis/prod/secrets.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    kyverno/clone: "true"
+    kyverno/env: "prod"
+  name: preprod-atlantis-rabbitmq
+type: Opaque
+data:

values/atlantis/staging/secrets.yaml

@@ -22,4 +22,15 @@ metadata:
   name: dapr-api-token
 type: Opaque
 data:
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    kyverno/clone: "true"
+    kyverno/env: "staging"
+  name: staging-atlantis-rabbitmq
+type: Opaque
+data:
+