apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: sync-redis-secrets
spec:
  background: true
  generateExisting: true
  rules:
  - name: sync-prod-redis-secret
    generate:
      apiVersion: v1
      kind: Secret
      name: '{{ request.object.metadata.name }}'
      namespace: '{{ request.object.metadata.namespace }}'
      synchronize: true
      clone:
        name: prod-redis
        namespace: redis
    match:
     any:
     - resources:
         kinds:
         - Secret
         names:
         - prod-redis
    exclude:
     any:
     - resources:
         kinds:
         - Secret
         selector:
           matchLabels:
             generate.kyverno.io/clone-source: ""
  - name: sync-staging-redis-secret
    generate:
      apiVersion: v1
      kind: Secret
      name: '{{ request.object.metadata.name }}'
      namespace: '{{ request.object.metadata.namespace }}'
      synchronize: true
      clone:
        name: staging-redis
        namespace: redis
    match:
     any:
     - resources:
         kinds:
         - Secret
         names:
         - staging-redis
    exclude:
     any:
     - resources:
         kinds:
         - Secret
         selector:
           matchLabels:
             generate.kyverno.io/clone-source: ""