apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  annotations:
    policies.kyverno.io/category: Sample
    policies.kyverno.io/description: 'Secrets like registry credentials often need
      to exist in multiple Namespaces so Pods there have access. Manually duplicating
      those Secrets is time consuming and error prone. This policy will copy a Secret
      called `regcred` which exists in the `default` Namespace to new Namespaces when
      they are created. It will also push updates to the copied Secrets should the
      source Secret be changed.            '
  creationTimestamp: "2024-01-15T11:58:24Z"
  name: sync-regcred
spec:
  admission: true
  background: true
  generateExisting: true
  rules:
  - generate:
      apiVersion: v1
      clone:
        # name: oceanbox-regcred
        name: gitlab-pull-secret
        namespace: default
      kind: Secret
      # name: oceanbox-regcred
      name: gitlab-pull-secret
      namespace: '{{`{{request.object.metadata.name}}`}}'
      synchronize: true
    exclude:
      any:
      - resources:
          annotations:
            vcluster.loft.sh/controlled-by: secret/v1/GenericImport
    match:
      any:
      - resources:
          kinds:
          - Namespace
    name: sync-oceanbox-regcred