FEAT(velero): configure velero

- for full k3s cluster backup - Enable node-agent for PV file-system backups - Add defaultVolumesToFsBackup configuration - Optimize backup schedule (daily, 7-day retention) - Exclude non-essential namespaces (postgresql-dev, harbor) - Update Velero to v1.17.1 - Update velero-plugin-for-aws to v1.13.1 Full cluster disaster recovery backup now active.
2025-12-25 23:53:06 +09:00
parent 4ef5497fd5
commit b0cd9274b1
2 changed files with 31 additions and 4 deletions
--- a/postgresql/helm-values/postgresql.yaml
+++ b/postgresql/helm-values/postgresql.yaml
@@ -52,6 +52,10 @@ readReplicas:
    size: 20Gi
    storageClass: local-path

+  # Exclude read replicas from Velero backup (only backup primary)
+  podAnnotations:
+    backup.velero.io/backup-volumes-excludes: "data"
+
  # PostgreSQL configuration (must match primary for replication)
  extendedConfiguration: |
    max_connections = 200
--- a/velero/helm-values/velero.yaml
+++ b/velero/helm-values/velero.yaml
@@ -25,6 +25,21 @@ initContainers:
      - mountPath: /target
        name: plugins

+# Deploy node-agent for file-system backups
+deployNodeAgent: true
+
+# Node agent configuration
+nodeAgent:
+  podVolumePath: /var/lib/kubelet/pods
+  privileged: false
+  resources:
+    requests:
+      cpu: 100m
+      memory: 256Mi
+    limits:
+      cpu: 1000m
+      memory: 1Gi
+
 # Configuration for backup storage
 configuration:
  # Use existing BackupStorageLocation and VolumeSnapshotLocation
@@ -45,7 +60,10 @@ configuration:
        region: minio

  # Default backup retention
-  defaultBackupTTL: 720h  # 30 days
+  defaultBackupTTL: 168h  # 7 days (reduced for storage efficiency)
+
+  # Enable file-system backup by default for all PVs
+  defaultVolumesToFsBackup: true

  # Restore only mode (for disaster recovery)
  restoreOnlyMode: false
@@ -58,19 +76,24 @@ credentials:

 # Backup schedules
 schedules:
-  # Daily full cluster backup
-  daily-backup:
+  # Weekly full cluster backup
+  weekly-backup:
    disabled: false
-    schedule: "0 2 * * *"  # 2 AM daily
+    schedule: "0 19 * * 4"  # Every Friday 4 AM KST (Thursday 19:00 UTC)
    template:
      ttl: 720h  # 30 days
      includedNamespaces:
        - "*"
      excludedNamespaces:
+        # System namespaces
        - kube-system
        - kube-public
        - kube-node-lease
+        # Non-essential namespaces (to save storage)
+        - postgresql-dev  # Dev database not needed in disaster recovery
+        - harbor          # Rebuildable container images
      snapshotVolumes: true
+      defaultVolumesToFsBackup: true

 # Metrics
 metrics: