REFACTOR(repo): restructure infra folder structure

- Remove argocd/, helm-values/, ingress/ subdirectories - Move files to parent directory with standardized names - Add namespace.yaml to all apps with Goldilocks labels - Preserve vault/ subdirectories (falco, velero) - Update main kustomization.yaml to reference argocd.yaml files directly - Comment out argocd.yaml in each app's kustomization.yaml to prevent circular reference Applications restructured: - cert-manager (2 ArgoCD apps) - external-secrets - reloader - vault (2 ArgoCD apps) - velero (2 ArgoCD apps) - falco - cnpg - haproxy - metallb - vpa - argocd
2025-12-29 02:21:00 +09:00
parent abbc4304fc
commit 55380edbd4
10 changed files with 20 additions and 5 deletions
--- a/velero/helm-values.yaml
+++ b/velero/helm-values.yaml
@@ -0,0 +1,125 @@
+# Velero Helm Values
+# Chart: https://github.com/vmware-tanzu/helm-charts/tree/main/charts/velero
+
+# Image configuration
+image:
+  repository: velero/velero
+  tag: v1.17.1
+  pullPolicy: IfNotPresent
+
+# Resource requests
+resources:
+  requests:
+    cpu: 50m
+    memory: 128Mi
+  limits:
+    # cpu: removed to prevent throttling
+    memory: 512Mi
+
+# Init containers for plugins
+initContainers:
+  # AWS plugin for S3-compatible storage (Minio)
+  - name: velero-plugin-for-aws
+    image: velero/velero-plugin-for-aws:v1.13.1
+    volumeMounts:
+      - mountPath: /target
+        name: plugins
+
+# Deploy node-agent for file-system backups
+deployNodeAgent: true
+
+# Node agent configuration
+nodeAgent:
+  podVolumePath: /var/lib/kubelet/pods
+  privileged: false
+  resources:
+    requests:
+      cpu: 30m  # Reduced to 30m to fit on mayne-worker-2 (99% CPU usage)
+      memory: 256Mi
+    limits:
+      # cpu: removed to prevent throttling
+      memory: 1Gi
+
+# Configuration for backup storage
+configuration:
+  # Use existing BackupStorageLocation and VolumeSnapshotLocation
+  backupStorageLocation:
+    - name: default
+      provider: aws
+      bucket: velero-backups
+      config:
+        region: minio
+        s3ForcePathStyle: "true"
+        s3Url: http://minio.minio.svc.cluster.local:9000
+        publicUrl: https://s3.minio0213.kro.kr
+
+  volumeSnapshotLocation:
+    - name: default
+      provider: aws
+      config:
+        region: minio
+
+  # Default backup retention
+  defaultBackupTTL: 168h  # 7 days (reduced for storage efficiency)
+
+  # Enable file-system backup by default for all PVs
+  defaultVolumesToFsBackup: true
+
+  # Restore only mode (for disaster recovery)
+  restoreOnlyMode: false
+
+# Credentials for S3 access (from Vault via External Secrets)
+credentials:
+  useSecret: true
+  existingSecret: velero-s3-credentials
+  secretContents: {}
+
+# Backup schedules
+schedules:
+  # Weekly full cluster backup
+  weekly-backup:
+    disabled: false
+    schedule: "0 19 * * 4"  # Every Friday 4 AM KST (Thursday 19:00 UTC)
+    template:
+      ttl: 720h  # 30 days
+      includedNamespaces:
+        - "*"
+      excludedNamespaces:
+        # System namespaces
+        - kube-system
+        - kube-public
+        - kube-node-lease
+        # Non-essential namespaces (to save storage)
+        - postgresql-dev  # Dev database not needed in disaster recovery
+        - harbor          # Rebuildable container images
+        # Note: minio namespace is now included in backup
+        # MinIO PVC data is excluded via pod annotation (backup.velero.io/backup-volumes-excludes)
+        # This backs up MinIO resources but not the data (prevents circular backup)
+      snapshotVolumes: true
+      defaultVolumesToFsBackup: true
+
+# Metrics
+metrics:
+  enabled: true
+  serviceMonitor:
+    enabled: true
+  prometheusRule:
+    enabled: false
+
+# RBAC
+serviceAccount:
+  server:
+    create: true
+    name: velero
+
+rbac:
+  create: true
+
+# Node selector (optional)
+nodeSelector: {}
+
+# Tolerations (optional)
+tolerations: []
+
+# Affinity (optional)
+affinity: {}