{{- $name := include "vCluster.releaseName" . -}}
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: "sync-{{ $name }}-vcluster-secrets"
spec:
  background: true
  generateExistingOnPolicyUpdate: true
  rules:
  - name: sync-redis-secrets
    generate:
      apiVersion: v1
      kind: Secret
      name: staging-redis
      namespace: {{ printf "{{request.object.metadata.name}}" | quote }}
      synchronize: true
      clone:
        namespace: redis
        name: staging-redis
    match:
      resources:
        kinds:
        - Namespace
        names:
          - "vcluster-009dba7e-*"
        selector:
          matchLabels:
            vcluster.loft.sh/vcluster-namespace: '{{ .Release.Namespace }}'
  - name: sync-rabbitmq-secrets
    generate:
      apiVersion: v1
      kind: Secret
      name: staging-rabbitmq
      namespace: {{ printf "{{request.object.metadata.name}}" | quote }}
      synchronize: true
      clone:
        namespace: rabbitmq
        name: staging-rabbitmq
    match:
      resources:
        kinds:
        - Namespace
        names:
          - "vcluster-009dba7e-*"
        selector:
          matchLabels:
            vcluster.loft.sh/vcluster-namespace: '{{ .Release.Namespace }}'
  - name: sync-archmeister-superuser
    generate:
      apiVersion: v1
      kind: Secret
      name: '{{ $name }}-archmeister-app'
      namespace: {{ printf "{{request.object.metadata.name}}" | quote }}
      synchronize: true
      clone:
        namespace: '{{ .Release.Namespace }}'
        name: '{{ $name }}-archmeister-superuser'
    match:
      resources:
        kinds:
        - Namespace
        names:
          - "vcluster-009dba7e-*"
        selector:
          matchLabels:
            vcluster.loft.sh/vcluster-namespace: '{{ .Release.Namespace }}'