# Velero Helm Values
# Chart: https://github.com/vmware-tanzu/helm-charts/tree/main/charts/velero

# Skip CRD upgrade job (avoids kubectl image dependency)
upgradeCRDs: false

# Image configuration
image:
  repository: velero/velero
  tag: v1.17.1
  pullPolicy: IfNotPresent

# Replica count (Velero does not support multiple replicas)
replicaCount: 1

# Resource settings (VPA lowerBound/target)
resources:
  requests:
    cpu: 10m
    memory: 50Mi
  limits:
    cpu: 14m
    memory: 50Mi

# Init containers for plugins
initContainers:
  # AWS plugin for S3-compatible storage (Minio)
  - name: velero-plugin-for-aws
    image: velero/velero-plugin-for-aws:v1.13.1
    volumeMounts:
      - mountPath: /target
        name: plugins

# Deploy node-agent for file-system backups
deployNodeAgent: true

# Node agent configuration
nodeAgent:
  podVolumePath: /var/lib/kubelet/pods
  privileged: false
  # Resource settings (VPA lowerBound/target)
  resources:
    requests:
      cpu: 15m
      memory: 100Mi
    limits:
      cpu: 15m
      memory: 100Mi
# Configuration for backup storage
configuration:
  # Use existing BackupStorageLocation and VolumeSnapshotLocation
  backupStorageLocation:
    - name: default
      provider: aws
      bucket: velero-backups
      config:
        region: minio
        s3ForcePathStyle: "true"
        s3Url: http://minio.minio.svc.cluster.local:9000
        publicUrl: https://s3.minio0213.kro.kr

  volumeSnapshotLocation:
    - name: default
      provider: aws
      config:
        region: minio

  # Default backup retention
  defaultBackupTTL: 168h  # 7 days (reduced for storage efficiency)

  # Enable file-system backup by default for all PVs
  defaultVolumesToFsBackup: true

  # Restore only mode (for disaster recovery)
  restoreOnlyMode: false

  # Disable BackupStorageLocation validation (user only uses manual backups)
  # This prevents status updates that trigger ArgoCD refreshes
  storeValidationFrequency: 0s

  # Disable backup-sync (user only uses manual backups)
  backupSyncPeriod: 0s

# Credentials for S3 access (from Vault via External Secrets)
credentials:
  useSecret: true
  existingSecret: velero-s3-credentials
  secretContents: {}

# Metrics
metrics:
  enabled: true
  serviceMonitor:
    enabled: true
  prometheusRule:
    enabled: false

# RBAC
serviceAccount:
  server:
    create: true
    name: velero

rbac:
  create: true

# Affinity (disabled - single replica on master)
affinity: {}