All Policies

Validate Data Protection with Kasten Preset Label

Kubernetes applications are typically deployed into a single, logical namespace. Veeam Kasten policies will discover and protect all resources within the selected namespace(s). This policy ensures all new namespaces include a label referencing a valid Kasten SLA (Policy Preset) for data protection.This policy can be used in combination with /Users/the `kasten-generate-policy-by-preset-label` ClusterPolicy to automatically create a Kasten policy based on the specified SLA. The combination ensures that new applications are not inadvertently left unprotected.

Policy Definition

/kasten/kasten-validate-ns-by-preset-label/kasten-validate-ns-by-preset-label.yaml

 1#NOTE: This example assumes that Kasten policy presets named "gold", "silver", and "bronze" have been pre-created and Kasten was deployed into the `kasten-io` namespace.
 2apiVersion: kyverno.io/v1
 3kind: ClusterPolicy
 4metadata:
 5  name: kasten-validate-ns-by-preset-label
 6  annotations:
 7    policies.kyverno.io/title: Validate Data Protection with Kasten Preset Label
 8    policies.kyverno.io/category: Veeam Kasten
 9    policies.kyverno.io/subject: Namespace
10    kyverno.io/kyverno-version: 1.12.1
11    policies.kyverno.io/minversion: 1.9.0
12    kyverno.io/kubernetes-version: "1.24-1.30"
13    policies.kyverno.io/description: >-
14      Kubernetes applications are typically deployed into a single, logical namespace. 
15      Veeam Kasten policies will discover and protect all resources within the selected namespace(s). 
16      This policy ensures all new namespaces include a label referencing a valid Kasten SLA 
17      (Policy Preset) for data protection.This policy can be used in combination with /Users/the `kasten-generate-policy-by-preset-label` ClusterPolicy to automatically create a Kasten policy based on the specified SLA. 
18      The combination ensures that new applications are not inadvertently left unprotected.
19spec:
20  validationFailureAction: Audit
21  rules:
22  - name: kasten-validate-ns-by-preset-label
23    match:
24      any:
25      - resources:
26          kinds:
27          - Namespace
28    validate:
29      message: >-
30        Namespaces must specify a "dataprotection" label with a value corresponding to a Kasten Policy Preset:
31        
32          "gold" - <Insert human readable settings of each preset option>
33          "silver" - <For example, hourly backups, exported to immutable S3 storage>
34          "bronze" - <Or, daily local snapshots, NOT exported to external storage>
35          "none" - No local snapshots or backups
36      pattern:
37        metadata:
38          labels:
39            dataprotection: gold|silver|bronze|none
Create policy issue