# {{- $name := include "vCluster.releaseName" . -}}
# apiVersion: kyverno.io/v1
# kind: ClusterPolicy
# metadata:
#   name: "sync-{{ $name }}-vcluster-secrets"
# spec:
#   background: true
#   generateExisting: true
#   rules:
#   - name: sync-rabbitmq-secrets
#     generate:
#       apiVersion: v1
#       kind: Secret
#       name: staging-rabbitmq
#       namespace: {{ printf "{{request.object.metadata.name}}" | quote }}
#       synchronize: true
#       clone:
#         namespace: rabbitmq
#         name: staging-rabbitmq
#     match:
#       resources:
#         kinds:
#         - Namespace
#         names:
#           - "vcluster-009dba7e-*"
#         selector:
#           matchLabels:
#             vcluster.loft.sh/vcluster-namespace: '{{ .Release.Namespace }}'
#   - name: sync-redis-secrets
#     generate:
#       apiVersion: v1
#       kind: Secret
#       name: staging-redis
#       namespace: {{ printf "{{request.object.metadata.name}}" | quote }}
#       synchronize: true
#       clone:
#         namespace: redis
#         name: staging-redis
#     match:
#       resources:
#         kinds:
#         - Namespace
#         names:
#           - "vcluster-009dba7e-*"
#         selector:
#           matchLabels:
#             vcluster.loft.sh/vcluster-namespace: '{{ .Release.Namespace }}'
#   - name: sync-archmeister-superuser
#     generate:
#       apiVersion: v1
#       kind: Secret
#       name: '{{ $name }}-archmeister-app'
#       namespace: {{ printf "{{request.object.metadata.name}}" | quote }}
#       synchronize: true
#       clone:
#         namespace: '{{ .Release.Namespace }}'
#         name: '{{ $name }}-archmeister-superuser'
#     match:
#       resources:
#         kinds:
#         - Namespace
#         names:
#           - "vcluster-009dba7e-*"
#         selector:
#           matchLabels:
#             vcluster.loft.sh/vcluster-namespace: '{{ .Release.Namespace }}'