# Velero Helm Values
# Chart: https://github.com/vmware-tanzu/helm-charts/tree/main/charts/velero

# Skip CRD upgrade job (avoids kubectl image dependency)
upgradeCRDs: false

# Image configuration
image:
  repository: velero/velero
  tag: v1.17.1
  pullPolicy: IfNotPresent

# Replica count (Velero does not support multiple replicas)
replicaCount: 1

# Resource requests (VPA recommendation: 11m CPU)
resources:
  requests:
    cpu: 11m
    memory: 75Mi
  limits:
    memory: 75Mi

# Init containers for plugins
initContainers:
  # AWS plugin for S3-compatible storage (Minio)
  - name: velero-plugin-for-aws
    image: velero/velero-plugin-for-aws:v1.13.1
    volumeMounts:
      - mountPath: /target
        name: plugins

# Deploy node-agent for file-system backups
deployNodeAgent: true

# Node agent configuration
nodeAgent:
  podVolumePath: /var/lib/kubelet/pods
  privileged: false
  resources:
    requests:
      cpu: 15m
      memory: 100Mi
    limits:
      memory: 100Mi
  # Run on all nodes including control-plane for full backup coverage
  tolerations:
    - key: "node-role.kubernetes.io/control-plane"
      operator: "Exists"
      effect: "NoSchedule"

# Configuration for backup storage
configuration:
  # Use existing BackupStorageLocation and VolumeSnapshotLocation
  backupStorageLocation:
    - name: default
      provider: aws
      bucket: velero-backups
      config:
        region: minio
        s3ForcePathStyle: "true"
        s3Url: http://minio.minio.svc.cluster.local:9000
        publicUrl: https://s3.minio0213.kro.kr

  volumeSnapshotLocation:
    - name: default
      provider: aws
      config:
        region: minio

  # Default backup retention
  defaultBackupTTL: 168h  # 7 days (reduced for storage efficiency)

  # Enable file-system backup by default for all PVs
  defaultVolumesToFsBackup: true

  # Restore only mode (for disaster recovery)
  restoreOnlyMode: false

  # Disable BackupStorageLocation validation (user only uses manual backups)
  # This prevents status updates that trigger ArgoCD refreshes
  storeValidationFrequency: 0s

  # Note: backup-sync is enabled to show backups in velero-ui

# Credentials for S3 access (from Vault via External Secrets)
credentials:
  useSecret: true
  existingSecret: velero-s3-credentials
  secretContents: {}

# Metrics
metrics:
  enabled: true
  serviceMonitor:
    enabled: true
  prometheusRule:
    enabled: false

# RBAC
serviceAccount:
  server:
    create: true
    name: velero

rbac:
  create: true

# Node selector - Run on control-plane node for stability
nodeSelector:
  node-role.kubernetes.io/control-plane: "true"

# Tolerations - Allow scheduling on control-plane node
tolerations:
  - key: "node-role.kubernetes.io/control-plane"
    operator: "Exists"
    effect: "NoSchedule"

# Affinity (disabled - single replica on master)
affinity: {}