Use this if you intend to have Velero store the backup snapshots in MinIO which is an AWS s3 "compatible" object storage. The MinIO access credentials are securely managed in a centralized Vault Server. This configuration utilizes the controller's turnkey integration with Vault and can be made operational in minutes with a simple annotation.
# To fetch MinIO IAM credentials from vault
podAnnotations:
rafay.dev/secretstore: vault
vault.secretstore.rafay.dev/role: "km-velero"
vault.secretstore.rafay.dev/filesecret-config-velero-credentials: |
{
"vaultSecretRef": "velero-secrets/data/s3-credentials#data.cloud",
"secretFileName": "cloud",
"volumeMountPath": "/credentials"
}
# Velero plugin to use (since we are backing upto AWS S3 or minio, we are using AWS plugin).
initContainers:
- name: velero-plugin-for-aws
image: velero/velero-plugin-for-aws:v1.1.0
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: plugins
## Parameters for the `default` BackupStorageLocation and VolumeSnapshotLocation,
## and additional server settings.
##
configuration:
# Cloud provider being used (e.g. aws, azure, gcp).
provider: aws
# Parameters for the `default` BackupStorageLocation. See
# https://velero.io/docs/v1.0.0/api-types/backupstoragelocation/
backupStorageLocation:
# Cloud provider where backups should be stored. Usually should
# match `configuration.provider`. Required.
name: aws
# Provider for the backup storage location. If omitted
# `configuration.provider` will be used instead.
provider:
# Bucket to store backups in. Required.
bucket: velero-backups
# Prefix within bucket under which to store backups. Optional.
prefix:
# Additional provider-specific configuration. See link above
# for details of required/optional fields for your provider.
config:
region: minio
s3ForcePathStyle: "true"
s3Url: "https://km-minio.dev.rafay-edge.net"
publicUrl: "https://km-minio.dev.rafay-edge.net"
# Parameters for the `default` VolumeSnapshotLocation. See
# https://velero.io/docs/v1.0.0/api-types/volumesnapshotlocation/
volumeSnapshotLocation:
# Cloud provider where volume snapshots are being taken. Usually
# should match `configuration.provider`. Required.,
name: aws
# Provider for the backup storage location. If omitted
# `configuration.provider` will be used instead.
provider:
# Additional provider-specific configuration. See link above
# for details of required/optional fields for your provider.
config:
region: minio
# additional key/value pairs to be used as environment variables such as "AWS_CLUSTER_NAME: 'yourcluster.domain.tld'"
extraEnvVars:
AWS_SHARED_CREDENTIALS_FILE: /credentials/cloud
serviceAccount:
server:
create: true
name: velero-demo
annotations:
# Info about the secret to be used by the Velero deployment, which
# should contain credentials for the cloud provider IAM account you've
# set up for Velero.
credentials:
# Whether a secret should be used as the source of IAM account
# credentials. Set to false if, for example, using kube2iam or
# kiam to provide IAM credentials for the Velero pod.
useSecret: false
# Whether to deploy the restic daemonset for backing up pvc's
deployRestic: true
# Automatic backup of the cluster every hour
schedules:
mybackup:
schedule: "0 * * * *"
template:
ttl: "240h"
storageLocation: aws
Important
If you do not have vault setup, AWS/MinIO credentials have to be specified in the following format in custom values.yaml as credentials.secretContents
cloud: |-
[default]
aws_access_key_id: "APIKEY"
aws_secret_access_key: "SECRETKEY"