apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: restart-deployment-on-secret-change
  annotations:
    policies.kyverno.io/title: Restart Deployment On Secret Change
    policies.kyverno.io/category: Other
    policies.kyverno.io/severity: medium
    policies.kyverno.io/subject: Deployment
    kyverno.io/kyverno-version: 1.7.0
    policies.kyverno.io/minversion: 1.7.0
    kyverno.io/kubernetes-version: "1.23"
spec:
  mutateExistingOnPolicyUpdate: false
  rules:
    - name: update-secret
      skipBackgroundRequests: false
      match:
        any:
          - resources:
              kinds:
                - Secret
              names:
                - authelia-acl
              namespaces:
                - authelia
      preconditions:
        all:
          - key: "{{request.operation || 'BACKGROUND'}}"
            operator: Equals
            value: UPDATE
      mutate:
        targets:
          - apiVersion: apps/v1
            kind: Deployment
            name: authelia
            namespace: authelia
        patchStrategicMerge:
          spec:
            template:
              metadata:
                annotations:
                  config.huizinga.dev/triggerRestart: "{{request.object.metadata.resourceVersion}}"