mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-09 17:37:12 +00:00
35 lines
1.1 KiB
YAML
35 lines
1.1 KiB
YAML
---
|
|
apiVersion: kyverno.io/v1
|
|
kind: ClusterPolicy
|
|
metadata:
|
|
annotations:
|
|
policies.kyverno.io/category: Sample
|
|
policies.kyverno.io/description: 'Secrets like registry credentials often need
|
|
to exist in multiple Namespaces so Pods there have access. Manually duplicating
|
|
those Secrets is time consuming and error prone. This policy will copy a Secret
|
|
called `regcred` which exists in the `default` Namespace to new Namespaces when
|
|
they are created. It will also push updates to the copied Secrets should the
|
|
source Secret be changed. '
|
|
policies.kyverno.io/subject: Secret
|
|
policies.kyverno.io/title: Sync Secrets
|
|
name: sync-secrets
|
|
spec:
|
|
admission: true
|
|
background: true
|
|
rules:
|
|
- generate:
|
|
apiVersion: v1
|
|
clone:
|
|
name: regcred
|
|
namespace: default
|
|
kind: Secret
|
|
name: regcred
|
|
namespace: '{{request.object.metadata.name}}'
|
|
synchronize: true
|
|
match:
|
|
any:
|
|
- resources:
|
|
kinds:
|
|
- Namespace
|
|
name: sync-image-pull-secret
|
|
validationFailureAction: Audit
|