Mayne0213
b59c5618ea
- to prevent throttling Removed CPU limits from all infrastructure components while keeping memory limits for protection: - cnpg: removed 500m CPU limit - external-secrets: removed 200m, 100m CPU limits (operator, webhook, certController) - falco: removed 500m CPU limit (falcosidekick webui) - vault: removed 500m CPU limit - velero: removed 500m, 1000m CPU limits (server, node-agent) Benefits: - ✅ Prevents CPU throttling - ✅ Better performance and lower latency - ✅ More efficient resource utilization - ✅ Simpler management (only requests to tune) Memory limits are kept to prevent memory leaks and OOM issues.
126 lines
3.0 KiB
YAML
126 lines
3.0 KiB
YAML
# Velero Helm Values
|
|
# Chart: https://github.com/vmware-tanzu/helm-charts/tree/main/charts/velero
|
|
|
|
# Image configuration
|
|
image:
|
|
repository: velero/velero
|
|
tag: v1.17.1
|
|
pullPolicy: IfNotPresent
|
|
|
|
# Resource requests
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 128Mi
|
|
limits:
|
|
# cpu: removed to prevent throttling
|
|
memory: 512Mi
|
|
|
|
# Init containers for plugins
|
|
initContainers:
|
|
# AWS plugin for S3-compatible storage (Minio)
|
|
- name: velero-plugin-for-aws
|
|
image: velero/velero-plugin-for-aws:v1.13.1
|
|
volumeMounts:
|
|
- mountPath: /target
|
|
name: plugins
|
|
|
|
# Deploy node-agent for file-system backups
|
|
deployNodeAgent: true
|
|
|
|
# Node agent configuration
|
|
nodeAgent:
|
|
podVolumePath: /var/lib/kubelet/pods
|
|
privileged: false
|
|
resources:
|
|
requests:
|
|
cpu: 30m # Reduced to 30m to fit on mayne-worker-2 (99% CPU usage)
|
|
memory: 256Mi
|
|
limits:
|
|
# cpu: removed to prevent throttling
|
|
memory: 1Gi
|
|
|
|
# Configuration for backup storage
|
|
configuration:
|
|
# Use existing BackupStorageLocation and VolumeSnapshotLocation
|
|
backupStorageLocation:
|
|
- name: default
|
|
provider: aws
|
|
bucket: velero-backups
|
|
config:
|
|
region: minio
|
|
s3ForcePathStyle: "true"
|
|
s3Url: http://minio.minio.svc.cluster.local:9000
|
|
publicUrl: https://s3.minio0213.kro.kr
|
|
|
|
volumeSnapshotLocation:
|
|
- name: default
|
|
provider: aws
|
|
config:
|
|
region: minio
|
|
|
|
# Default backup retention
|
|
defaultBackupTTL: 168h # 7 days (reduced for storage efficiency)
|
|
|
|
# Enable file-system backup by default for all PVs
|
|
defaultVolumesToFsBackup: true
|
|
|
|
# Restore only mode (for disaster recovery)
|
|
restoreOnlyMode: false
|
|
|
|
# Credentials for S3 access (from Vault via External Secrets)
|
|
credentials:
|
|
useSecret: true
|
|
existingSecret: velero-s3-credentials
|
|
secretContents: {}
|
|
|
|
# Backup schedules
|
|
schedules:
|
|
# Weekly full cluster backup
|
|
weekly-backup:
|
|
disabled: false
|
|
schedule: "0 19 * * 4" # Every Friday 4 AM KST (Thursday 19:00 UTC)
|
|
template:
|
|
ttl: 720h # 30 days
|
|
includedNamespaces:
|
|
- "*"
|
|
excludedNamespaces:
|
|
# System namespaces
|
|
- kube-system
|
|
- kube-public
|
|
- kube-node-lease
|
|
# Non-essential namespaces (to save storage)
|
|
- postgresql-dev # Dev database not needed in disaster recovery
|
|
- harbor # Rebuildable container images
|
|
# Note: minio namespace is now included in backup
|
|
# MinIO PVC data is excluded via pod annotation (backup.velero.io/backup-volumes-excludes)
|
|
# This backs up MinIO resources but not the data (prevents circular backup)
|
|
snapshotVolumes: true
|
|
defaultVolumesToFsBackup: true
|
|
|
|
# Metrics
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
prometheusRule:
|
|
enabled: false
|
|
|
|
# RBAC
|
|
serviceAccount:
|
|
server:
|
|
create: true
|
|
name: velero
|
|
|
|
rbac:
|
|
create: true
|
|
|
|
# Node selector (optional)
|
|
nodeSelector: {}
|
|
|
|
# Tolerations (optional)
|
|
tolerations: []
|
|
|
|
# Affinity (optional)
|
|
affinity: {}
|