{{- if .Values.clusterConfig.kyverno.enabled }}
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: sync-slurm-token
spec:
  background: true
  generateExisting: false
  rules:
  - name: sync-slurmrestd-token
    skipBackgroundRequests: true
    generate:
      apiVersion: v1
      kind: Secret
      name: '{{`{{ request.object.metadata.name }}`}}'
      namespace: '{{`{{ request.object.metadata.namespace }}`}}'
      synchronize: true
      clone:
        name: slurm-access-token
        namespace: prod-atlantis
    match:
     any:
     - resources:
         kinds:
         - Secret
         names:
         - slurm-access-token
         annotations:
           kyverno/clone: "true"
    exclude:
      any:
      - resources:
          annotations:
            vcluster.loft.sh/controlled-by: secret/v1/GenericImport
{{- end }}