apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: sync-dev-atlantis-secrets spec: background: true generateExisting: false rules: - name: sync-rabbitmq-secret generate: apiVersion: v1 kind: Secret name: '{{ request.object.metadata.name }}' namespace: '{{ request.object.metadata.namespace }}' synchronize: true clone: name: staging-rabbitmq namespace: rabbitmq match: any: - resources: kinds: - Secret names: - "*-rabbitmq" annotations: kyverno/clone: "true" exclude: any: - resources: annotations: vcluster.loft.sh/controlled-by: secret/v1/GenericImport - name: sync-atlantis-secret generate: apiVersion: v1 kind: Secret name: '{{ request.object.metadata.name }}' namespace: '{{ request.object.metadata.namespace }}' synchronize: true clone: name: staging-atlantis-env namespace: staging-atlantis match: any: - resources: kinds: - Secret names: - "*-atlantis-env" annotations: kyverno/clone: "true" exclude: any: - resources: annotations: vcluster.loft.sh/controlled-by: secret/v1/GenericImport - name: sync-azure-keyvault-secret generate: apiVersion: v1 kind: Secret name: '{{ request.object.metadata.name }}' namespace: '{{ request.object.metadata.namespace }}' synchronize: true clone: name: azure-keyvault namespace: atlantis match: any: - resources: kinds: - Secret names: - azure-keyvault annotations: kyverno/clone: "true" exclude: any: - resources: annotations: vcluster.loft.sh/controlled-by: secret/v1/GenericImport - name: sync-dapr-api-token generate: apiVersion: v1 kind: Secret name: '{{ request.object.metadata.name }}' namespace: '{{ request.object.metadata.namespace }}' synchronize: true clone: name: dapr-api-token namespace: staging-atlantis match: any: - resources: kinds: - Secret names: - dapr-api-token annotations: kyverno/clone: "true" exclude: any: - resources: annotations: vcluster.loft.sh/controlled-by: secret/v1/GenericImport