FEAT(velero): configure velero

- for full k3s cluster backup
- Enable node-agent for PV file-system backups
- Add defaultVolumesToFsBackup configuration
- Optimize backup schedule (daily, 7-day retention)
- Exclude non-essential namespaces (postgresql-dev, harbor)
- Update Velero to v1.17.1
- Update velero-plugin-for-aws to v1.13.1

Full cluster disaster recovery backup now active.

postgresql/helm-values/postgresql.yaml

@@ -52,6 +52,10 @@ readReplicas:
     size: 20Gi
     storageClass: local-path
 
+  # Exclude read replicas from Velero backup (only backup primary)
+  podAnnotations:
+    backup.velero.io/backup-volumes-excludes: "data"
+
   # PostgreSQL configuration (must match primary for replication)
   extendedConfiguration: |
     max_connections = 200

velero/helm-values/velero.yaml

@@ -25,6 +25,21 @@ initContainers:
       - mountPath: /target
         name: plugins
 
+# Deploy node-agent for file-system backups
+deployNodeAgent: true
+
+# Node agent configuration
+nodeAgent:
+  podVolumePath: /var/lib/kubelet/pods
+  privileged: false
+  resources:
+    requests:
+      cpu: 100m
+      memory: 256Mi
+    limits:
+      cpu: 1000m
+      memory: 1Gi
+
 # Configuration for backup storage
 configuration:
   # Use existing BackupStorageLocation and VolumeSnapshotLocation
@@ -45,7 +60,10 @@ configuration:
         region: minio
 
   # Default backup retention
-  defaultBackupTTL: 720h  # 30 days
+  defaultBackupTTL: 168h  # 7 days (reduced for storage efficiency)
+
+  # Enable file-system backup by default for all PVs
+  defaultVolumesToFsBackup: true
 
   # Restore only mode (for disaster recovery)
   restoreOnlyMode: false
@@ -58,19 +76,24 @@ credentials:
 
 # Backup schedules
 schedules:
-  # Daily full cluster backup
+  # Weekly full cluster backup
-  daily-backup:
+  weekly-backup:
     disabled: false
-    schedule: "0 2 * * *"  # 2 AM daily
+    schedule: "0 19 * * 4"  # Every Friday 4 AM KST (Thursday 19:00 UTC)
     template:
       ttl: 720h  # 30 days
       includedNamespaces:
         - "*"
       excludedNamespaces:
+        # System namespaces
         - kube-system
         - kube-public
         - kube-node-lease
+        # Non-essential namespaces (to save storage)
+        - postgresql-dev  # Dev database not needed in disaster recovery
+        - harbor          # Rebuildable container images
       snapshotVolumes: true
+      defaultVolumesToFsBackup: true
 
 # Metrics
 metrics: