37 lines
1.0 KiB
YAML
37 lines
1.0 KiB
YAML
{{- if and (.Values.kyverno.enabled) (.Values.postgres_operator.enabled) (.Values.velero.enabled) }}
|
|
apiVersion : kyverno.io/v1
|
|
kind: ClusterPolicy
|
|
metadata:
|
|
name: cnpg-clone-s3-credentials
|
|
annotations:
|
|
policies.kyverno.io/title: add backup section to cnpg cluster spec
|
|
policies.kyverno.io/category: Other
|
|
policies.kyverno.io/severity: medium
|
|
kyverno.io/kyverno-version: 1.6.0
|
|
policies.kyverno.io/minversion: 1.6.0
|
|
kyverno.io/kubernetes-version: "1.23"
|
|
policies.kyverno.io/subject: Cluster
|
|
policies.kyverno.io/description: >-
|
|
When a CNPG cluster is created, s3 credentials and CA secrets
|
|
should be synced from the velero namespace
|
|
spec:
|
|
background: false
|
|
rules:
|
|
- name: clone-s3-credentials
|
|
match:
|
|
any:
|
|
- resources:
|
|
kinds:
|
|
- Cluster
|
|
generate:
|
|
apiVersion: v1
|
|
kind: Secret
|
|
name: nutanix-s3
|
|
namespace: {{` "{{request.object.metadata.namespace}}" `}}
|
|
synchronize: true
|
|
clone:
|
|
namespace: velero
|
|
name: nutanix-s3
|
|
{{- end }}
|
|
|