This message was deleted.

We use a combination of gitops, local and downstream kyverno generate/mutate policies, and local external-secrets PushSecrets to accomplish something similar. A kyverno-generated, per-cluster Secret with dynamic project and cluster properties is pushed to each downstream cluster using PushSecrets upon Project creation. Kyverno generate policies also configure downstream perms and workloads like prometheus-feferator.

@billowy-apple-60989, were you able to create projects programatically?

No i kinda gave up since i couldn't find a simple way, @creamy-wolf-46823 approach might be worth looking into but sounded a bit to complicated for our use-case.