# {{- if .Values.clusterConfig.kyverno.enabled }}
# apiVersion: kyverno.io/v1
# kind: ClusterPolicy
# metadata:
#   annotations:
#     policies.clusterConfig.kyverno.io/description: 'This policy will sync the s3 secret in kube-system namespace across namespaces'
#     policies.clusterConfig.kyverno.io/subject: Secret
#     policies.clusterConfig.kyverno.io/title: Sync s3 Secrets
#   name: sync-s3-credentials
# spec:
#   generateExistingOnPolicyUpdate: true
#   background: true
#   rules:
#   - generate:
#       apiVersion: v1
#       clone:
#         name: s3-credentials
#         namespace: kube-system
#       kind: Secret
#       name: s3-credentials
#       namespace: '{{`{{request.object.metadata.name}}`}}'
#       synchronize: true
#     match:
#       resources:
#         kinds:
#         - Namespace
#         names:
#         - "velero"
#         - "loki"
#         - "tempo"
#     name: sync-s3-secret
#     skipBackgroundRequests: true
#   validationFailureAction: audit
# {{- end }}