{{- $fullname := include "vCluster.fullname" . -}}
{{- $name := include "vCluster.releaseName" . -}}
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  annotations:
    policies.kyverno.io/category: Sample
    policies.kyverno.io/description: 'Secrets like registry credentials often need
      to exist in multiple Namespaces so Pods there have access. Manually duplicating
      those Secrets is time consuming and error prone. This policy will copy a Secret
      called `regcred` which exists in the `default` Namespace to new Namespaces when
      they are created. It will also push updates to the copied Secrets should the
      source Secret be changed.            '
  creationTimestamp: "2024-01-15T11:58:24Z"
  name: sync-{{ $name }}-vcluster-oceanbox-regcred
spec:
  admission: true
  background: true
  generateExisting: true
  rules:
  - generate:
      apiVersion: v1
      clone:
        # name: oceanbox-regcred
        name: gitlab-pull-secret
        namespace: default
      kind: Secret
      # name: oceanbox-regcred
      name: gitlab-pull-secret
      namespace: {{ printf "{{request.object.metadata.name}}" | quote }}
      synchronize: false
    match:
      any:
      - resources:
          kinds:
          - Namespace
          selector:
            matchLabels:
              vcluster.loft.sh/vcluster-name: {{ $fullname }}
    name: sync-vcluster-oceanbox-regcred