github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/velero/values.yaml (about) 1 ## 2 ## Configuration settings that directly affect the Velero deployment YAML. 3 ## 4 5 # Details of the container image to use in the Velero deployment & daemonset (if 6 # enabling restic). Required. 7 image: 8 repository: velero/velero 9 tag: v1.9.0 10 # Digest value example: sha256:d238835e151cec91c6a811fe3a89a66d3231d9f64d09e5f3c49552672d271f38. 11 # If used, it will take precedence over the image.tag. 12 # digest: 13 pullPolicy: IfNotPresent 14 # One or more secrets to be used when pulling images 15 imagePullSecrets: [] 16 # - registrySecretName 17 18 # Annotations to add to the Velero deployment's. Optional. 19 # 20 # If you are using reloader use the following annotation with your VELERO_SECRET_NAME 21 annotations: {} 22 # secret.reloader.stakater.com/reload: "<VELERO_SECRET_NAME>" 23 24 # Labels to add to the Velero deployment's. Optional. 25 labels: {} 26 27 # Annotations to add to the Velero deployment's pod template. Optional. 28 # 29 # If using kube2iam or kiam, use the following annotation with your AWS_ACCOUNT_ID 30 # and VELERO_ROLE_NAME filled in: 31 podAnnotations: {} 32 # iam.amazonaws.com/role: "arn:aws:iam::<AWS_ACCOUNT_ID>:role/<VELERO_ROLE_NAME>" 33 34 # Additional pod labels for Velero deployment's template. Optional 35 # ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ 36 podLabels: {} 37 38 # Resource requests/limits to specify for the Velero deployment. 39 # https://velero.io/docs/v1.6/customize-installation/#customize-resource-requests-and-limits 40 resources: 41 requests: 42 cpu: 500m 43 memory: 128Mi 44 limits: 45 cpu: 1000m 46 memory: 512Mi 47 48 # Configure the dnsPolicy of the Velero deployment 49 # See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy 50 dnsPolicy: ClusterFirst 51 52 # Init containers to add to the Velero deployment's pod spec. At least one plugin provider image is required. 53 # If the value is a string then it is evaluated as a template. 54 initContainers: 55 # - name: velero-plugin-for-csi 56 # image: velero/velero-plugin-for-csi:v0.3.0 57 # imagePullPolicy: IfNotPresent 58 # volumeMounts: 59 # - mountPath: /target 60 # name: plugins 61 # - name: velero-plugin-for-aws 62 # image: velero/velero-plugin-for-aws:v1.5.0 63 # imagePullPolicy: IfNotPresent 64 # volumeMounts: 65 # - mountPath: /target 66 # name: plugins 67 68 # SecurityContext to use for the Velero deployment. Optional. 69 # Set fsGroup for `AWS IAM Roles for Service Accounts` 70 # see more informations at: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html 71 podSecurityContext: {} 72 # fsGroup: 1337 73 74 # Container Level Security Context for the 'velero' container of the Velero deployment. Optional. 75 # See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container 76 containerSecurityContext: {} 77 # allowPrivilegeEscalation: false 78 # capabilities: 79 # drop: ["ALL"] 80 # add: [] 81 # readOnlyRootFilesystem: true 82 83 # Pod priority class name to use for the Velero deployment. Optional. 84 priorityClassName: "" 85 86 # Tolerations to use for the Velero deployment. Optional. 87 tolerations: [] 88 89 # Affinity to use for the Velero deployment. Optional. 90 affinity: {} 91 92 # Node selector to use for the Velero deployment. Optional. 93 nodeSelector: {} 94 95 # Extra volumes for the Velero deployment. Optional. 96 extraVolumes: [] 97 98 # Extra volumeMounts for the Velero deployment. Optional. 99 extraVolumeMounts: [] 100 101 # Extra K8s manifests to deploy 102 extraObjects: [] 103 # - apiVersion: secrets-store.csi.x-k8s.io/v1 104 # kind: SecretProviderClass 105 # metadata: 106 # name: velero-secrets-store 107 # spec: 108 # provider: aws 109 # parameters: 110 # objects: | 111 # - objectName: "velero" 112 # objectType: "secretsmanager" 113 # jmesPath: 114 # - path: "access_key" 115 # objectAlias: "access_key" 116 # - path: "secret_key" 117 # objectAlias: "secret_key" 118 # secretObjects: 119 # - data: 120 # - key: access_key 121 # objectName: client-id 122 # - key: client-secret 123 # objectName: client-secret 124 # secretName: velero-secrets-store 125 # type: Opaque 126 127 # Settings for Velero's prometheus metrics. Enabled by default. 128 metrics: 129 enabled: true 130 scrapeInterval: 30s 131 scrapeTimeout: 10s 132 133 # service metdata if metrics are enabled 134 service: 135 annotations: {} 136 labels: {} 137 138 # Pod annotations for Prometheus 139 podAnnotations: 140 prometheus.io/scrape: "true" 141 prometheus.io/port: "8085" 142 prometheus.io/path: "/metrics" 143 144 serviceMonitor: 145 enabled: false 146 additionalLabels: {} 147 # ServiceMonitor namespace. Default to Velero namespace. 148 # namespace: 149 150 kubectl: 151 image: 152 repository: docker.io/bitnami/kubectl 153 # Digest value example: sha256:d238835e151cec91c6a811fe3a89a66d3231d9f64d09e5f3c49552672d271f38. 154 # If used, it will take precedence over the kubectl.image.tag. 155 # digest: 156 # kubectl image tag. If used, it will take precedence over the cluster Kubernetes version. 157 # tag: 1.16.15 158 # Container Level Security Context for the 'kubectl' container of the crd jobs. Optional. 159 # See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container 160 containerSecurityContext: {} 161 # Resource requests/limits to specify for the upgrade/cleanup job. Optional 162 resources: {} 163 # Annotations to set for the upgrade/cleanup job. Optional. 164 annotations: {} 165 # Labels to set for the upgrade/cleanup job. Optional. 166 labels: {} 167 168 # This job upgrades the CRDs. 169 upgradeCRDs: true 170 171 # This job is meant primarily for cleaning up CRDs on CI systems. 172 # Using this on production systems, especially those that have multiple releases of Velero, will be destructive. 173 cleanUpCRDs: false 174 175 ## 176 ## End of deployment-related settings. 177 ## 178 179 180 ## 181 ## Parameters for the `default` BackupStorageLocation and VolumeSnapshotLocation, 182 ## and additional server settings. 183 ## 184 configuration: 185 # Cloud provider being used (e.g. aws, azure, gcp). 186 provider: 187 188 # Parameters for the `default` BackupStorageLocation. See 189 # https://velero.io/docs/v1.6/api-types/backupstoragelocation/ 190 backupStorageLocation: 191 # name is the name of the backup storage location where backups should be stored. If a name is not provided, 192 # a backup storage location will be created with the name "default". Optional. 193 name: 194 # provider is the name for the backup storage location provider. If omitted 195 # `configuration.provider` will be used instead. 196 provider: 197 # bucket is the name of the bucket to store backups in. Required. 198 bucket: 199 # caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider. Optional. 200 caCert: 201 # prefix is the directory under which all Velero data should be stored within the bucket. Optional. 202 prefix: 203 # default indicates this location is the default backup storage location. Optional. 204 default: 205 # accessMode determines if velero can write to this backup storage location. Optional. 206 # default to ReadWrite, ReadOnly is used during migrations and restores. 207 accessMode: ReadWrite 208 # Additional provider-specific configuration. See link above 209 # for details of required/optional fields for your provider. 210 config: {} 211 # region: 212 # s3ForcePathStyle: 213 # s3Url: 214 # kmsKeyId: 215 # resourceGroup: 216 # The ID of the subscription containing the storage account, if different from the cluster’s subscription. (Azure only) 217 # subscriptionId: 218 # storageAccount: 219 # publicUrl: 220 # Name of the GCP service account to use for this backup storage location. Specify the 221 # service account here if you want to use workload identity instead of providing the key file.(GCP only) 222 # serviceAccount: 223 224 # Parameters for the `default` VolumeSnapshotLocation. See 225 # https://velero.io/docs/v1.6/api-types/volumesnapshotlocation/ 226 volumeSnapshotLocation: 227 # name is the name of the volume snapshot location where snapshots are being taken. Required. 228 name: 229 # provider is the name for the volume snapshot provider. If omitted 230 # `configuration.provider` will be used instead. 231 provider: 232 # Additional provider-specific configuration. See link above 233 # for details of required/optional fields for your provider. 234 config: {} 235 # region: 236 # apiTimeout: 237 # resourceGroup: 238 # The ID of the subscription where volume snapshots should be stored, if different from the cluster’s subscription. If specified, also requires `configuration.volumeSnapshotLocation.config.resourceGroup`to be set. (Azure only) 239 # subscriptionId: 240 # incremental: 241 # snapshotLocation: 242 # project: 243 244 # These are server-level settings passed as CLI flags to the `velero server` command. Velero 245 # uses default values if they're not passed in, so they only need to be explicitly specified 246 # here if using a non-default value. The `velero server` default values are shown in the 247 # comments below. 248 # -------------------- 249 # `velero server` default: 1m 250 backupSyncPeriod: 251 # `velero server` default: 1h 252 resticTimeout: 253 # `velero server` default: namespaces,persistentvolumes,persistentvolumeclaims,secrets,configmaps,serviceaccounts,limitranges,pods 254 restoreResourcePriorities: 255 # `velero server` default: false 256 restoreOnlyMode: 257 # `velero server` default: 20.0 258 clientQPS: 259 # `velero server` default: 30 260 clientBurst: 261 # `velero server` default: empty 262 disableControllers: 263 # 264 265 # additional key/value pairs to be used as environment variables such as "AWS_CLUSTER_NAME: 'yourcluster.domain.tld'" 266 extraEnvVars: {} 267 268 # Comma separated list of velero feature flags. default: empty 269 # features: EnableCSI 270 features: 271 272 # Set log-level for Velero pod. Default: info. Other options: debug, warning, error, fatal, panic. 273 logLevel: 274 275 # Set log-format for Velero pod. Default: text. Other option: json. 276 logFormat: 277 278 # Set true for backup all pod volumes without having to apply annotation on the pod when used restic Default: false. Other option: false. 279 defaultVolumesToRestic: 280 281 # How often 'restic prune' is run for restic repositories by default. Default: 168h. Optional. 282 defaultResticPruneFrequency: 283 284 ## 285 ## End of backup/snapshot location settings. 286 ## 287 288 289 ## 290 ## Settings for additional Velero resources. 291 ## 292 293 rbac: 294 # Whether to create the Velero role and role binding to give all permissions to the namespace to Velero. 295 create: true 296 # Whether to create the cluster role binding to give administrator permissions to Velero 297 clusterAdministrator: true 298 # Name of the ClusterRole. 299 clusterAdministratorName: cluster-admin 300 301 # Information about the Kubernetes service account Velero uses. 302 serviceAccount: 303 server: 304 create: true 305 name: 306 annotations: 307 labels: 308 309 # Info about the secret to be used by the Velero deployment, which 310 # should contain credentials for the cloud provider IAM account you've 311 # set up for Velero. 312 credentials: 313 # Whether a secret should be used. Set to false if, for examples: 314 # - using kube2iam or kiam to provide AWS IAM credentials instead of providing the key file. (AWS only) 315 # - using workload identity instead of providing the key file. (GCP only) 316 useSecret: true 317 # Name of the secret to create if `useSecret` is true and `existingSecret` is empty 318 name: 319 # Name of a pre-existing secret (if any) in the Velero namespace 320 # that should be used to get IAM account credentials. Optional. 321 existingSecret: 322 # Data to be stored in the Velero secret, if `useSecret` is true and `existingSecret` is empty. 323 # As of the current Velero release, Velero only uses one secret key/value at a time. 324 # The key must be named `cloud`, and the value corresponds to the entire content of your IAM credentials file. 325 # Note that the format will be different for different providers, please check their documentation. 326 # Here is a list of documentation for plugins maintained by the Velero team: 327 # [AWS] https://github.com/vmware-tanzu/velero-plugin-for-aws/blob/main/README.md 328 # [GCP] https://github.com/vmware-tanzu/velero-plugin-for-gcp/blob/main/README.md 329 # [Azure] https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure/blob/main/README.md 330 secretContents: {} 331 # cloud: | 332 # [default] 333 # aws_access_key_id=<REDACTED> 334 # aws_secret_access_key=<REDACTED> 335 # additional key/value pairs to be used as environment variables such as "DIGITALOCEAN_TOKEN: <your-key>". Values will be stored in the secret. 336 extraEnvVars: {} 337 # Name of a pre-existing secret (if any) in the Velero namespace 338 # that will be used to load environment variables into velero and restic. 339 # Secret should be in format - https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables 340 extraSecretRef: "" 341 342 # Whether to create backupstoragelocation crd, if false => do not create a default backup location 343 backupsEnabled: true 344 # Whether to create volumesnapshotlocation crd, if false => disable snapshot feature 345 snapshotsEnabled: true 346 347 # Whether to deploy the restic daemonset. 348 deployRestic: false 349 350 restic: 351 podVolumePath: /var/lib/kubelet/pods 352 privileged: false 353 # Pod priority class name to use for the Restic daemonset. Optional. 354 priorityClassName: "" 355 # Resource requests/limits to specify for the Restic daemonset deployment. Optional. 356 # https://velero.io/docs/v1.6/customize-installation/#customize-resource-requests-and-limits 357 resources: 358 requests: 359 cpu: 500m 360 memory: 512Mi 361 limits: 362 cpu: 1000m 363 memory: 1024Mi 364 365 # Tolerations to use for the Restic daemonset. Optional. 366 tolerations: [] 367 368 # Annotations to set for the Restic daemonset. Optional. 369 annotations: {} 370 371 # labels to set for the Restic daemonset. Optional. 372 labels: {} 373 374 # will map /scratch to emptyDir. Set to false and specify your own volume 375 # via extraVolumes and extraVolumeMounts that maps to /scratch 376 # if you don't want to use emptyDir. 377 useScratchEmptyDir: true 378 379 # Extra volumes for the Restic daemonset. Optional. 380 extraVolumes: [] 381 382 # Extra volumeMounts for the Restic daemonset. Optional. 383 extraVolumeMounts: [] 384 385 # Configure the dnsPolicy of the Restic daemonset 386 # See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy 387 dnsPolicy: ClusterFirst 388 389 # SecurityContext to use for the Velero deployment. Optional. 390 # Set fsGroup for `AWS IAM Roles for Service Accounts` 391 # see more informations at: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html 392 podSecurityContext: 393 runAsUser: 0 394 # fsGroup: 1337 395 396 # Container Level Security Context for the 'restic' container of the restic DaemonSet. Optional. 397 # See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container 398 containerSecurityContext: {} 399 400 # Node selector to use for the Restic daemonset. Optional. 401 nodeSelector: {} 402 403 # Backup schedules to create. 404 # Eg: 405 # schedules: 406 # mybackup: 407 # disabled: false 408 # labels: 409 # myenv: foo 410 # annotations: 411 # myenv: foo 412 # schedule: "0 0 * * *" 413 # useOwnerReferencesInBackup: false 414 # template: 415 # ttl: "240h" 416 # includedNamespaces: 417 # - foo 418 schedules: {} 419 420 # Velero ConfigMaps. 421 # Eg: 422 # configMaps: 423 # restic-restore-action-config: 424 # labels: 425 # velero.io/plugin-config: "" 426 # velero.io/restic: RestoreItemAction 427 # data: 428 # image: velero/velero-restic-restore-helper:v1.9.0 429 configMaps: {} 430 431 ## 432 ## End of additional Velero resource settings. 433 ##