All Policies

Validate Schedule

A Velero Schedule is given in Cron format and must be accurate to ensure operation. This policy validates that the schedule is a valid Cron format.

Policy Definition

/velero/validate-cron-schedule/validate-cron-schedule.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: validate-cron-schedule
 5  annotations:
 6    policies.kyverno.io/title: Validate Schedule
 7    policies.kyverno.io/category: Velero
 8    policies.kyverno.io/subject: Schedule
 9    policies.kyverno.io/description: >-
10      A Velero Schedule is given in Cron format and must be accurate to ensure
11      operation. This policy validates that the schedule is a valid Cron format.      
12spec:
13  background: true
14  validationFailureAction: audit
15  rules:
16  - name: validate-cron
17    match:
18      any:
19      - resources:
20          kinds:
21          - velero.io/v1/Schedule
22    validate:
23      message: The backup schedule must be in a valid cron format.
24      deny:
25        conditions:
26          any:
27          - key: "{{ regex_match('^((?:\\*|[0-5]?[0-9](?:(?:-[0-5]?[0-9])|(?:,[0-5]?[0-9])+)?)(?:\\/[0-9]+)?)\\s+((?:\\*|(?:1?[0-9]|2[0-3])(?:(?:-(?:1?[0-9]|2[0-3]))|(?:,(?:1?[0-9]|2[0-3]))+)?)(?:\\/[0-9]+)?)\\s+((?:\\*|(?:[1-9]|[1-2][0-9]|3[0-1])(?:(?:-(?:[1-9]|[1-2][0-9]|3[0-1]))|(?:,(?:[1-9]|[1-2][0-9]|3[0-1]))+)?)(?:\\/[0-9]+)?)\\s+((?:\\*|(?:[1-9]|1[0-2])(?:(?:-(?:[1-9]|1[0-2]))|(?:,(?:[1-9]|1[0-2]))+)?)(?:\\/[0-9]+)?)\\s+((?:\\*|[0-7](?:-[0-7]|(?:,[0-7])+)?)(?:\\/[0-9]+)?)$', '{{request.object.spec.schedule}}') }}"
28            operator: Equals
29            value: false
Create policy issue