From c75378a0e3e67e50da4ca74b65ac9015ead06ccf Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Wed, 20 Nov 2024 20:09:22 +0100 Subject: [PATCH] fix: fix atlantis secrets policies --- .../kyverno/sync-atlantis-secrets.yaml | 60 +++---------------- 1 file changed, 7 insertions(+), 53 deletions(-) diff --git a/policies/oceanbox/kyverno/sync-atlantis-secrets.yaml b/policies/oceanbox/kyverno/sync-atlantis-secrets.yaml index 3c1a3a2a..dbbe4833 100644 --- a/policies/oceanbox/kyverno/sync-atlantis-secrets.yaml +++ b/policies/oceanbox/kyverno/sync-atlantis-secrets.yaml @@ -25,7 +25,7 @@ spec: - "*-rabbitmq" annotations: kyverno/clone: "true" - - name: sync-redis-secret + - name: sync-atlantis-secret generate: apiVersion: v1 kind: Secret @@ -33,18 +33,18 @@ spec: namespace: '{{ request.object.metadata.namespace }}' synchronize: true clone: - name: staging-redis - namespace: redis + name: staging-atlantis-env + namespace: staging-atlantis match: any: - resources: kinds: - Secret names: - - "*-redis" + - "*-atlantis-env" annotations: kyverno/clone: "true" - - name: sync-archmaester-secret + - name: sync-azure-keyvault-secret generate: apiVersion: v1 kind: Secret @@ -52,7 +52,7 @@ spec: namespace: '{{ request.object.metadata.namespace }}' synchronize: true clone: - name: prod-archmeister-superuser + name: azure-keyvault namespace: atlantis match: any: @@ -60,52 +60,6 @@ spec: kinds: - Secret names: - - "*-db-superuser" + - azure-keyvault annotations: kyverno/clone: "true" - - name: sync-archmaester-replication-secret - generate: - apiVersion: v1 - kind: Secret - name: '{{ request.object.metadata.name }}' - namespace: '{{ request.object.metadata.namespace }}' - synchronize: true - clone: - name: prod-archmeister-replication - namespace: atlantis - match: - any: - - resources: - kinds: - - Secret - names: - - prod-archmeister-replication - annotations: - kyverno/clone: "true" - - name: sync-archmaester-ca - generate: - apiVersion: v1 - kind: Secret - name: '{{ request.object.metadata.name }}' - namespace: '{{ request.object.metadata.namespace }}' - synchronize: true - clone: - name: prod-archmeister-ca - namespace: atlantis - match: - any: - - resources: - kinds: - - Secret - names: - - prod-archmeister-ca - annotations: - kyverno/clone: "true" - # exclude: - # any: - # - resources: - # kinds: - # - Secret - # selector: - # matchLabels: - # generate.kyverno.io/clone-source: ""