Check Hourly RPO in CEL expressions

K10 Policy resources can be educated to adhere to common Recovery Point Objective (RPO) best practices. This policy is advising to use an RPO frequency that with hourly granularity if it has the appPriority: Mission Critical

Policy Definition

/kasten-cel/k10-hourly-rpo/k10-hourly-rpo.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: k10-policy-hourly-rpo
 5  annotations:
 6    policies.kyverno.io/title: Check Hourly RPO in CEL expressions
 7    policies.kyverno.io/category: Kasten K10 by Veeam in CEL 
 8    kyverno.io/kyverno-version: 1.11.0
 9    policies.kyverno.io/minversion: 1.11.0
10    kyverno.io/kubernetes-version: "1.26-1.27"
11    policies.kyverno.io/subject: Policy
12    policies.kyverno.io/description: >-
13      K10 Policy resources can be educated to adhere to common Recovery Point Objective (RPO) best practices. 
14      This policy is advising to use an RPO frequency that with hourly granularity if it has the appPriority: Mission Critical
15spec:
16  validationFailureAction: Audit  
17  rules:
18  - name: k10-policy-hourly-rpo
19    match:
20      any:
21      - resources:
22          kinds:
23          - config.kio.kasten.io/v1alpha1/Policy
24          operations:
25          - CREATE
26          - UPDATE
27          selector:
28            matchLabels:
29              appPriority: Mission-Critical
30    validate:
31      cel:
32        expressions:
33          - expression: "has(object.spec.frequency) && object.spec.frequency == '@hourly'"
34            message: "Mission Critical RPO frequency should use no shorter than @hourly frequency"

Create policy issue