All Policies

Generate Backup Policy by Preset

Generate a K10 backup policy for a namespace that includes a valid "dataprotection" label, if the policy does not already exist.

Policy Definition

/kasten/k10-generate-policy-by-preset-label/k10-generate-policy-by-preset-label.yaml

 1# NOTE: This example assumes that K10 policy presets named "gold", "silver", and "bronze" have been pre-created and K10 was deployed into the `kasten-io` namespace. And the kyverno:generate ClusterRole has been updated with the following additional permissions:
 2# - apiGroups:
 3#   - config.kio.kasten.io
 4#   resources:
 5#   - policies
 6#   verbs:
 7#   - create
 8#   - update
 9#   - list
10#   - get
11apiVersion: kyverno.io/v1
12kind: ClusterPolicy
13metadata:
14  name: k10-generate-policy-by-preset-label
15  annotations:
16    policies.kyverno.io/title: Generate Backup Policy by Preset
17    policies.kyverno.io/category: Kasten K10 by Veeam
18    policies.kyverno.io/subject: Policy
19    kyverno.io/kyverno-version: 1.9.0
20    policies.kyverno.io/minversion: 1.9.0
21    kyverno.io/kubernetes-version: "1.23"
22    policies.kyverno.io/description: >-
23      Generate a K10 backup policy for a namespace that includes a valid "dataprotection" label, if the policy does not already exist.      
24spec:
25  background: false
26  rules:
27  - name: k10-generate-policy-by-preset-label
28    match:
29      any:
30      - resources:
31          kinds:
32            - Namespace
33          selector:
34            matchExpressions:
35              - key: dataprotection 
36                operator: In
37                values: 
38                - gold
39                - silver
40                - bronze
41    context:
42    - name: existingPolicy
43      apiCall:
44        urlPath: "/apis/config.kio.kasten.io/v1alpha1/namespaces/kasten-io/policies/" # returns list of K10 policies from kasten-io namespace
45        jmesPath: "items[][[@.spec.presetRef][?name=='{{ request.object.metadata.labels.dataprotection }}'] && [@.spec.selector.matchExpressions[].values[?@=='{{ request.namespace }}']]][][][][] | length(@)" # queries if a policy based on the dataprotection label value, covering that app namespace already exists 
46    preconditions:
47      any:
48      - key: "{{ existingPolicy }}"
49        operator: Equals
50        value: 0 # Only generate the policy if it does not already exist
51    generate:
52      apiVersion: config.kio.kasten.io/v1alpha1
53      kind: Policy
54      name: "{{ request.namespace }}-{{ request.object.metadata.labels.dataprotection }}-backup"
55      namespace: kasten-io
56      data:
57        spec:
58          comment: "Auto-generated by Kyverno"
59          paused: false
60          actions:
61            - action: backup
62          presetRef:
63            name: "{{ request.object.metadata.labels.dataprotection }}"
64            namespace: kasten-io
65          selector:
66            matchExpressions:
67              - key: k10.kasten.io/appNamespace
68                operator: In
69                values:
70                  - "{{ request.namespace }}"
Create policy issue