Check 3-2-1 Backup Policy

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: k10-3-2-1-backup-policy
 5  annotations:
 6    policies.kyverno.io/title: Check 3-2-1 Backup Policy
 7    policies.kyverno.io/category: Kasten K10 by Veeam
 8    policies.kyverno.io/severity: medium
 9    kyverno.io/kyverno-version: 1.6.2
10    policies.kyverno.io/minversion: 1.6.2
11    kyverno.io/kubernetes-version: "1.21-1.22"
12    policies.kyverno.io/subject: Policy
13    policies.kyverno.io/description: >-
14      The rule of 3-2-1 recommends that you have at least 3 copies of data, on 2 different storage targets, and 1 being offsite. 
15      3-2-1 ensures a health mix of redundancy options for data recovery of the application for localized & multi-region cloud failures or compromise.
16      In K8s/K10, this translates to the original StatefulSet (the original PersistentVolumeClaim), a backup (a snapshot of the PVC on prod storage),
17      and an export to cloud object storage (a secondary cloud copy of the PVC snapshot).      
18spec:
19  validationFailureAction: audit  
20  rules:
21  - name: k10-3-2-1-backup-policy
22    match:
23      any:
24      - resources:
25          kinds:
26          - config.kio.kasten.io/v1alpha1/Policy
27    validate:
28      message: "The rule of 3-2-1 recommends you have 'action: backup' followed by an 'action: export' defined in the backup Policy."
29      deny:
30        conditions:
31          all:
32          - key:
33            - backup
34            - export
35            operator: AllNotIn
36            value: "{{ request.object.spec.actions[].action }}"