From 0955767ae647861068ec46caa6d73a697fe016a3 Mon Sep 17 00:00:00 2001
From: Danijel Simeunovic <danijel.simeunovic@trumf.no>
Date: Fri, 6 Mar 2026 09:32:36 +0100
Subject: [PATCH] shuffle

---
 cluster-resources/kyverno-config.yaml         | 18 ++++++++++
 .../policies/replicaset-cleaner.yaml          | 18 ----------
 cluster-resources/policies/secret-cloner.yaml | 34 -------------------
 3 files changed, 18 insertions(+), 52 deletions(-)

diff --git a/cluster-resources/kyverno-config.yaml b/cluster-resources/kyverno-config.yaml
index b6ff2cc..bab6b29 100644
--- a/cluster-resources/kyverno-config.yaml
+++ b/cluster-resources/kyverno-config.yaml
@@ -1,5 +1,23 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
+metadata:
+  name: kyverno:pods-replicasets:manage
+  labels:
+    rbac.kyverno.io/aggregate-to-cleanup-controller: "true"
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - replicasets
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+  - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
 metadata:
   name: kyverno:secrets:view
   labels:
diff --git a/cluster-resources/policies/replicaset-cleaner.yaml b/cluster-resources/policies/replicaset-cleaner.yaml
index 48a2960..1e0466c 100644
--- a/cluster-resources/policies/replicaset-cleaner.yaml
+++ b/cluster-resources/policies/replicaset-cleaner.yaml
@@ -1,21 +1,3 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:pods-replicasets:manage
-  labels:
-    rbac.kyverno.io/aggregate-to-cleanup-controller: "true"
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - replicasets
-  - pods
-  verbs:
-  - get
-  - list
-  - watch
-  - delete
----
 apiVersion: kyverno.io/v2
 kind: ClusterCleanupPolicy
 metadata:
diff --git a/cluster-resources/policies/secret-cloner.yaml b/cluster-resources/policies/secret-cloner.yaml
index d7cd791..0f801f8 100644
--- a/cluster-resources/policies/secret-cloner.yaml
+++ b/cluster-resources/policies/secret-cloner.yaml
@@ -1,37 +1,3 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:secrets:view
-  labels:
-    rbac.kyverno.io/aggregate-to-admission-controller: "true"
-    rbac.kyverno.io/aggregate-to-reports-controller: "true"
-    rbac.kyverno.io/aggregate-to-background-controller: "true"
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kyverno:secrets:manage
-  labels:
-    rbac.kyverno.io/aggregate-to-background-controller: "true"
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - create
-  - update
-  - delete
----
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata: