k8s_flux_infra/components/admission/configs/base/sync-configmaps.yaml

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: sync-flux-configmaps
  annotations:
    kustomize.toolkit.fluxcd.io/force: "Enabled"
spec:
  validationFailureAction: Enforce
  background: false
  generateExisting: true
  rules:
    # This rule ensures that all namespaces
    # have a copy of the flux-runtime-info configmap from the flux-system namespace.
    - name: sync-configmaps
      match:
        any:
          - resources:
              kinds:
                - v1/Namespace
      generate:
        namespace: "{{request.object.metadata.name}}"
        synchronize: true
        cloneList:
          namespace: flux-system
          kinds:
            - v1/ConfigMap
          selector:
            matchLabels:
              toolkit.fluxcd.io/runtime: "true"
Initial commit - working through the Flux D1 reference architecture@ 2025-11-15 17:03:21 +00:00			`apiVersion: kyverno.io/v1`
			`kind: ClusterPolicy`
			`metadata:`
			`name: sync-flux-configmaps`
			`annotations:`
			`kustomize.toolkit.fluxcd.io/force: "Enabled"`
			`spec:`
			`validationFailureAction: Enforce`
			`background: false`
			`generateExisting: true`
			`rules:`
			`# This rule ensures that all namespaces`
			`# have a copy of the flux-runtime-info configmap from the flux-system namespace.`
			`- name: sync-configmaps`
			`match:`
			`any:`
			`- resources:`
			`kinds:`
			`- v1/Namespace`
			`generate:`
			`namespace: "{{request.object.metadata.name}}"`
			`synchronize: true`
			`cloneList:`
			`namespace: flux-system`
			`kinds:`
			`- v1/ConfigMap`
			`selector:`
			`matchLabels:`
			`toolkit.fluxcd.io/runtime: "true"`