diff --git a/resources/atlantis/host-manifests/sync-atlantis-secrets.yaml b/resources/atlantis/host-manifests/sync-atlantis-secrets.yaml new file mode 100644 index 00000000..54c3217c --- /dev/null +++ b/resources/atlantis/host-manifests/sync-atlantis-secrets.yaml @@ -0,0 +1,73 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: sync-dev-atlantis-secrets +spec: + background: true + generateExisting: false + rules: + - name: sync-rabbitmq-secret + generate: + apiVersion: v1 + kind: Secret + name: '{{ request.object.metadata.name }}' + namespace: '{{ request.object.metadata.namespace }}' + synchronize: true + clone: + name: staging-rabbitmq + namespace: rabbitmq + match: + any: + - resources: + kinds: + - Secret + names: + - "*-rabbitmq" + annotations: + kyverno/clone: "true" + - name: sync-redis-secret + generate: + apiVersion: v1 + kind: Secret + name: '{{ request.object.metadata.name }}' + namespace: '{{ request.object.metadata.namespace }}' + synchronize: true + clone: + name: staging-redis + namespace: redis + match: + any: + - resources: + kinds: + - Secret + names: + - "*-redis" + annotations: + kyverno/clone: "true" + - name: sync-archmaester-secret + generate: + apiVersion: v1 + kind: Secret + name: '{{ request.object.metadata.name }}' + namespace: '{{ request.object.metadata.namespace }}' + synchronize: true + clone: + name: staging-archmeister-superuser + namespace: staging-vcluster + match: + any: + - resources: + kinds: + - Secret + names: + - "*-db-app" + annotations: + kyverno/clone: "true" + # exclude: + # any: + # - resources: + # kinds: + # - Secret + # selector: + # matchLabels: + # generate.kyverno.io/clone-source: ""