{{- $name := include "vCluster.releaseName" . -}} apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: "sync-{{ $name }}-vcluster-secrets" spec: background: true generateExistingOnPolicyUpdate: true rules: - name: sync-redis-secrets generate: apiVersion: v1 kind: Secret name: staging-redis namespace: {{ printf "{{request.object.metadata.name}}" | quote }} synchronize: true clone: namespace: redis name: staging-redis match: resources: kinds: - Namespace names: - "vcluster-009dba7e-*" selector: matchLabels: vcluster.loft.sh/vcluster-namespace: '{{ .Release.Namespace }}' - name: sync-rabbitmq-secrets generate: apiVersion: v1 kind: Secret name: staging-rabbitmq namespace: {{ printf "{{request.object.metadata.name}}" | quote }} synchronize: true clone: namespace: rabbitmq name: staging-rabbitmq match: resources: kinds: - Namespace names: - "vcluster-009dba7e-*" selector: matchLabels: vcluster.loft.sh/vcluster-namespace: '{{ .Release.Namespace }}' - name: sync-archmeister-superuser generate: apiVersion: v1 kind: Secret name: '{{ $name }}-archmeister-app' namespace: {{ printf "{{request.object.metadata.name}}" | quote }} synchronize: true clone: namespace: '{{ .Release.Namespace }}' name: '{{ $name }}-archmeister-superuser' match: resources: kinds: - Namespace names: - "vcluster-009dba7e-*" selector: matchLabels: vcluster.loft.sh/vcluster-namespace: '{{ .Release.Namespace }}' # - name: sync-atlantis-env # generate: # apiVersion: v1 # kind: Secret # name: archmeister-env # namespace: {{ printf "{{request.object.metadata.name}}" | quote }} # synchronize: true # cloneList: # namespace: atlantis # kinds: # - Secret # selector: # matchLabels: # oceanbox.io/atlantis-env: sync # match: # resources: # kinds: # - Namespace # names: # - "vcluster-009dba7e-*" # selector: # matchLabels: # vcluster.loft.sh/vcluster-namespace: '{{ .Release.Namespace }}'