apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: sync-prod-archmaester-replication-secrets
spec:
  background: true
  generateExisting: false
  rules:
  - name: sync-archmaester-ca
    generate:
      apiVersion: v1
      kind: Secret
      name: prod-archmeister-ca
      namespace: '{{ request.object.metadata.namespace }}'
      synchronize: true
      clone:
        namespace: atlantis
        name: prod-archmeister-ca
    match:
     any:
     - resources:
         kinds:
         - Secret
         names:
         - prod-archmeister-ca
         annotations:
           kyverno/clone: "true"
  - name: sync-archmaester-replication
    generate:
      apiVersion: v1
      kind: Secret
      name: prod-archmeister-replication
      namespace: '{{ request.object.metadata.namespace }}'
      synchronize: true
      clone:
        namespace: atlantis
        name: prod-archmeister-replication
    match:
     any:
     - resources:
         kinds:
         - Secret
         names:
         - prod-archmeister-replication
         annotations:
           kyverno/clone: "true"