pub/kyverno-2026-example
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
34fbdd14124eb5ed68a58ad25b5b894fb4d75678
kyverno-2026-example/04-generation/01-configmaps-secrets/clone-registry-secret.yaml
Vassiliy Yegorov 34fbdd1412 init
2026-04-08 20:22:14 +07:00

40 lines
1.4 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: clone-registry-secret
annotations:
policies.kyverno.io/title: "Копирование Registry Secret во все Namespace"
policies.kyverno.io/category: Security
policies.kyverno.io/severity: medium
policies.kyverno.io/subject: Namespace
policies.kyverno.io/description: >-
При создании Namespace копирует Secret с кредентиалами реестра
из namespace kyverno (мастер-копия) в новый namespace.
synchronize: true — при обновлении мастер-секрета все копии обновятся.
Создайте мастер-секрет: kubectl create secret docker-registry
registry-credentials-master -n kyverno ...
spec:
rules:
- name: clone-registry-credentials
match:
resources:
kinds:
- Namespace
exclude:
resources:
names:
- kube-system
- kube-public
- kube-node-lease
- kyverno
generate:
apiVersion: v1
kind: Secret
name: registry-credentials
namespace: "{{ request.object.metadata.name }}"
synchronize: true
# clone копирует существующий ресурс вместо создания из шаблона
clone:
namespace: kyverno
name: registry-credentials-master
Reference in New Issue View Git Blame Copy Permalink