Check Kasten 3-2-1 Backup Policy

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: kasten-3-2-1-backup-policy
 5  annotations:
 6    policies.kyverno.io/title: Check Kasten 3-2-1 Backup Policy
 7    policies.kyverno.io/category: Veeam Kasten
 8    policies.kyverno.io/severity: medium
 9    kyverno.io/kyverno-version: 1.12.1
10    policies.kyverno.io/minversion: 1.12.0
11    kyverno.io/kubernetes-version: "1.24-1.30"
12    policies.kyverno.io/subject: Policy
13    policies.kyverno.io/description: >-
14      The 3-2-1 rule of data protection recommends that you have at least 3 copies of data, on 2 different storage targets, with 1 being offsite. This approach ensures a health mix of redundancy options for data recovery of the application for localized & multi-region cloud failures or compromise. In Kubernetes, this translates to the original running resources, a local snapshot, and a copy of all application resources and volume data exported to an external repository.
15      This policy accomplishes 3-2-1 validation by ensuring each policy contains both 'action: backup' and 'action: export'.
16spec:
17  validationFailureAction: Audit  
18  rules:
19  - name: kasten-3-2-1-backup-policy
20    match:
21      any:
22      - resources:
23          kinds:
24          - config.kio.kasten.io/v1alpha1/Policy
25    exclude:
26      any:
27      - resources:
28          operations:
29          - DELETE
30    validate:
31      message: "The Kasten 3-2-1 policy requires both 'action: backup' and 'action: export' be defined in the Policy."
32      deny:
33        conditions:
34          all:
35          - key:
36            - backup
37            - export
38            operator: AnyNotIn
39            value: "{{ request.object.spec.actions[].action }}"