apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  annotations:
    policies.kyverno.io/category: Sample
    policies.kyverno.io/description: 'Access dataprotection keys from Azure Key Vault'
  creationTimestamp: "2024-01-15T11:58:24Z"
  name: sync-keyvault-secrets
spec:
  admission: true
  background: true
  generateExisting: true
  rules:
  - generate:
      apiVersion: v1
      clone:
        name: azure-keyvault
        namespace: sorcerer
      kind: Secret
      name: azure-keyvault
      namespace: '{{`{{request.object.metadata.namespace}}`}}'
      synchronize: true
    match:
      any:
      - resources:
          kinds:
          - Secret
          names:
          - azure-keyvault
          annotations:
            kyverno/clone: "true"
    name: sync-keyvault-secrets