All Policies

Generate Gold Backup Policy

Generate a backup policy for any Deployment or StatefulSet that adds the labels "dataprotection: k10-goldpolicy" This policy works best to decide the data protection objectives and simply assign backup via application labels.

Policy Definition

/kasten/k10-data-protection-by-label/k10-generate-gold-backup-policy.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: k10-generate-gold-backup-policy
 5  annotations:
 6    policies.kyverno.io/title: Generate Gold Backup Policy
 7    policies.kyverno.io/category: Kasten K10 by Veeam
 8    kyverno.io/kyverno-version: 1.6.2
 9    policies.kyverno.io/minversion: 1.6.2
10    kyverno.io/kubernetes-version: "1.21-1.22"
11    policies.kyverno.io/subject: Policy
12    policies.kyverno.io/description: >-
13      Generate a backup policy for any Deployment or StatefulSet that adds the labels "dataprotection: k10-goldpolicy"
14      This policy works best to decide the data protection objectives and simply assign backup via application labels.      
15spec:
16  background: false
17  rules:
18  - name: k10-generate-gold-backup-policy
19    match:
20      any:
21      - resources:
22          kinds:
23            - Deployment
24            - StatefulSet
25          selector:
26            matchLabels:
27              dataprotection: k10-goldpolicy # match with a corresponding ClusterPolicy that checks for this label
28    generate:
29      apiVersion: config.kio.kasten.io/v1alpha1
30      kind: Policy
31      name: k10-{{request.namespace}}-gold-backup-policy
32      namespace: "{{request.namespace}}"
33      data:   
34        metadata: 
35          name: k10-{{request.namespace}}-gold-backup-policy
36          namespace: "{{request.namespace}}"
37        spec:
38          comment: K10 "gold" immutable production backup policy
39          frequency: '@daily'
40          retention:
41            daily: 7
42            weekly: 4
43            monthly: 12
44            yearly: 7
45          actions:
46          - action: backup
47          - action: export
48            exportParameters:
49              frequency: '@monthly'
50              profile:
51                name: object-lock-s3
52                namespace: kasten-io
53              exportData:
54                enabled: true
55            retention:
56              monthly: 12
57              yearly: 5
58          selector:
59            matchExpressions:
60              - key: k10.kasten.io/appNamespace
61                operator: In
62                values:
63                  - "{{request.namespace}}"
Create policy issue