storage/velero/helm-values/velero.yaml

# Velero Helm Values
# Chart: https://github.com/vmware-tanzu/helm-charts/tree/main/charts/velero

# Image configuration
image:
  repository: velero/velero
  tag: v1.17.1
  pullPolicy: IfNotPresent

# Resource requests
resources:
  requests:
    cpu: 50m
    memory: 128Mi
  limits:
    cpu: 500m
    memory: 512Mi

# Init containers for plugins
initContainers:
  # AWS plugin for S3-compatible storage (Minio)
  - name: velero-plugin-for-aws
    image: velero/velero-plugin-for-aws:v1.13.1
    volumeMounts:
      - mountPath: /target
        name: plugins

# Deploy node-agent for file-system backups
deployNodeAgent: true

# Node agent configuration
nodeAgent:
  podVolumePath: /var/lib/kubelet/pods
  privileged: false
  resources:
    requests:
      cpu: 30m  # Reduced to 30m to fit on mayne-worker-2 (99% CPU usage)
      memory: 256Mi
    limits:
      cpu: 1000m
      memory: 1Gi

# Configuration for backup storage
configuration:
  # Use existing BackupStorageLocation and VolumeSnapshotLocation
  backupStorageLocation:
    - name: default
      provider: aws
      bucket: velero-backups
      config:
        region: minio
        s3ForcePathStyle: "true"
        s3Url: http://minio.minio.svc.cluster.local:9000
        publicUrl: https://s3.minio0213.kro.kr

  volumeSnapshotLocation:
    - name: default
      provider: aws
      config:
        region: minio

  # Default backup retention
  defaultBackupTTL: 168h  # 7 days (reduced for storage efficiency)

  # Enable file-system backup by default for all PVs
  defaultVolumesToFsBackup: true

  # Restore only mode (for disaster recovery)
  restoreOnlyMode: false

# Credentials for S3 access (from Vault via External Secrets)
credentials:
  useSecret: true
  existingSecret: velero-s3-credentials
  secretContents: {}

# Backup schedules
schedules:
  # Weekly full cluster backup
  weekly-backup:
    disabled: false
    schedule: "0 19 * * 4"  # Every Friday 4 AM KST (Thursday 19:00 UTC)
    template:
      ttl: 720h  # 30 days
      includedNamespaces:
        - "*"
      excludedNamespaces:
        # System namespaces
        - kube-system
        - kube-public
        - kube-node-lease
        # Non-essential namespaces (to save storage)
        - postgresql-dev  # Dev database not needed in disaster recovery
        - harbor          # Rebuildable container images
        - minio           # Backup storage itself (prevents circular backup)
      snapshotVolumes: true
      defaultVolumesToFsBackup: true

# Metrics
metrics:
  enabled: true
  serviceMonitor:
    enabled: true
  prometheusRule:
    enabled: false

# RBAC
serviceAccount:
  server:
    create: true
    name: velero

rbac:
  create: true

# Node selector (optional)
nodeSelector: {}

# Tolerations (optional)
tolerations: []

# Affinity (optional)
affinity: {}