-
Notifications
You must be signed in to change notification settings - Fork 0
/
velero-gcp-values.yaml
297 lines (258 loc) · 10.6 KB
/
velero-gcp-values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
##
## Configuration settings that directly affect the Velero deployment YAML.
##
# Annotations to add to the Velero deployment's. Optional.
#
# If you are using reloader use the following annotation with your VELERO_SECRET_NAME
annotations: {}
# secret.reloader.stakater.com/reload: "<VELERO_SECRET_NAME>"
# Labels to add to the Velero deployment's. Optional.
labels: {}
# Annotations to add to the Velero deployment's pod template. Optional.
#
# If using kube2iam or kiam, use the following annotation with your AWS_ACCOUNT_ID
# and VELERO_ROLE_NAME filled in:
podAnnotations: {}
# iam.amazonaws.com/role: "arn:aws:iam::<AWS_ACCOUNT_ID>:role/<VELERO_ROLE_NAME>"
# Additional pod labels for Velero deployment's template. Optional
# ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
podLabels: {}
# check the latest from https://github.com/vmware-tanzu/velero-plugin-for-gcp/releases
initContainers:
- name: velero-plugin-for-gcp
image: velero/velero-plugin-for-gcp:v1.4.1 # <-- !
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: plugins
# Extra volumes for the Velero deployment. Optional.
extraVolumes: []
# Extra volumeMounts for the Velero deployment. Optional.
extraVolumeMounts: []
# Extra K8s manifests to deploy
extraObjects: []
# - apiVersion: secrets-store.csi.x-k8s.io/v1
# kind: SecretProviderClass
# metadata:
# name: velero-secrets-store
# spec:
# provider: aws
# parameters:
# objects: |
# - objectName: "velero"
# objectType: "secretsmanager"
# jmesPath:
# - path: "access_key"
# objectAlias: "access_key"
# - path: "secret_key"
# objectAlias: "secret_key"
# secretObjects:
# - data:
# - key: access_key
# objectName: client-id
# - key: client-secret
# objectName: client-secret
# secretName: velero-secrets-store
# type: Opaque
# Settings for Velero's prometheus metrics. Enabled by default.
metrics:
enabled: true
scrapeInterval: 30s
scrapeTimeout: 10s
# service metdata if metrics are enabled
service:
annotations: {}
labels: {}
# Pod annotations for Prometheus
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8085"
prometheus.io/path: "/metrics"
serviceMonitor:
enabled: false
additionalLabels: {}
# ServiceMonitor namespace. Default to Velero namespace.
# namespace:
# This job upgrades the CRDs.
upgradeCRDs: true
# This job is meant primarily for cleaning up CRDs on CI systems.
# Using this on production systems, especially those that have multiple releases of Velero, will be destructive.
cleanUpCRDs: false
##
## Parameters for the `default` BackupStorageLocation and VolumeSnapshotLocation,
## and additional server settings.
##
configuration:
# Cloud provider being used (e.g. aws, azure, gcp).
provider: gcp # <-- !
# Parameters for the `default` BackupStorageLocation. See
# https://velero.io/docs/v1.6/api-types/backupstoragelocation/
backupStorageLocation:
# name is the name of the backup storage location where backups should be stored. If a name is not provided,
# a backup storage location will be created with the name "default". Optional.
#name: lge-nonprod-mongodb-backup
# bucket is the name of the bucket to store backups in. Required.
bucket: lge-nonprod-mongodb-backup # <-- !
# prefix is the directory under which all Velero data should be stored within the bucket. Optional.
prefix: velero
# default indicates this location is the default backup storage location. Optional.
default:
# Additional provider-specific configuration. See link above
# for details of required/optional fields for your provider.
# Parameters for the `default` VolumeSnapshotLocation. See
# https://velero.io/docs/v1.6/api-types/volumesnapshotlocation/
volumeSnapshotLocation:
# name is the name of the volume snapshot location where snapshots are being taken. Required.
name:
# Additional provider-specific configuration. See link above
# for details of required/optional fields for your provider.
config: {}
# region:
# apiTimeout:
# resourceGroup:
# The ID of the subscription where volume snapshots should be stored, if different from the cluster’s subscription. If specified, also requires `configuration.volumeSnapshotLocation.config.resourceGroup`to be set. (Azure only)
# subscriptionId:
# incremental:
# snapshotLocation:
# project:
# These are server-level settings passed as CLI flags to the `velero server` command. Velero
# uses default values if they're not passed in, so they only need to be explicitly specified
# here if using a non-default value. The `velero server` default values are shown in the
# comments below.
# --------------------
# `velero server` default: 1m
backupSyncPeriod:
# `velero server` default: 1h
resticTimeout:
# `velero server` default: namespaces,persistentvolumes,persistentvolumeclaims,secrets,configmaps,serviceaccounts,limitranges,pods
restoreResourcePriorities:
# `velero server` default: false
restoreOnlyMode:
# `velero server` default: 20.0
clientQPS:
# `velero server` default: 30
clientBurst:
# `velero server` default: empty
disableControllers:
#
# Set log-level for Velero pod. Default: info. Other options: debug, warning, error, fatal, panic.
logLevel:
# Set log-format for Velero pod. Default: text. Other option: json.
logFormat:
# Set true for backup all pod volumes without having to apply annotation on the pod when used restic Default: false. Other option: false.
defaultVolumesToRestic:
# How often 'restic prune' is run for restic repositories by default. Default: 168h. Optional.
defaultResticPruneFrequency:
# Information about the Kubernetes service account Velero uses.
serviceAccount:
server:
create: true
name:
annotations:
labels:
# Info about the secret to be used by the Velero deployment, which
# should contain credentials for the cloud provider IAM account you've
# set up for Velero.
credentials:
# Whether a secret should be used. Set to false if, for examples:
# - using kube2iam or kiam to provide AWS IAM credentials instead of providing the key file. (AWS only)
# - using workload identity instead of providing the key file. (GCP only)
useSecret: true
# Name of the secret to create if `useSecret` is true and `existingSecret` is empty
# name:
# Name of a pre-existing secret (if any) in the Velero namespace
# that should be used to get IAM account credentials. Optional.
existingSecret: cloud-credentials # <-- !
# Data to be stored in the Velero secret, if `useSecret` is true and `existingSecret` is empty.
# As of the current Velero release, Velero only uses one secret key/value at a time.
# The key must be named `cloud`, and the value corresponds to the entire content of your IAM credentials file.
# Note that the format will be different for different providers, please check their documentation.
# Here is a list of documentation for plugins maintained by the Velero team:
# [AWS] https://github.com/vmware-tanzu/velero-plugin-for-aws/blob/main/README.md
# [GCP] https://github.com/vmware-tanzu/velero-plugin-for-gcp/blob/main/README.md
# [Azure] https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure/blob/main/README.md
secretContents: {}
# cloud: |
# [default]
# aws_access_key_id=<REDACTED>
# aws_secret_access_key=<REDACTED>
# additional key/value pairs to be used as environment variables such as "DIGITALOCEAN_TOKEN: <your-key>". Values will be stored in the secret.
extraEnvVars: {}
# Name of a pre-existing secret (if any) in the Velero namespace
# that will be used to load environment variables into velero and restic.
# Secret should be in format - https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables
extraSecretRef: ""
# Whether to create backupstoragelocation crd, if false => do not create a default backup location
backupsEnabled: true
# Whether to create volumesnapshotlocation crd, if false => disable snapshot feature
snapshotsEnabled: true
# Whether to deploy the restic daemonset.
deployRestic: false
restic:
podVolumePath: /var/lib/kubelet/pods
privileged: false
# Pod priority class name to use for the Restic daemonset. Optional.
priorityClassName: ""
# Resource requests/limits to specify for the Restic daemonset deployment. Optional.
# https://velero.io/docs/v1.6/customize-installation/#customize-resource-requests-and-limits
resources:
requests:
cpu: 500m
memory: 512Mi
limits:
cpu: 1000m
memory: 1024Mi
# Tolerations to use for the Restic daemonset. Optional.
tolerations: []
# Annotations to set for the Restic daemonset. Optional.
annotations: {}
# labels to set for the Restic daemonset. Optional.
labels: {}
# will map /scratch to emptyDir. Set to false and specify your own volume
# via extraVolumes and extraVolumeMounts that maps to /scratch
# if you don't want to use emptyDir.
useScratchEmptyDir: true
# Extra volumes for the Restic daemonset. Optional.
extraVolumes: []
# Extra volumeMounts for the Restic daemonset. Optional.
extraVolumeMounts: []
# Configure the dnsPolicy of the Restic daemonset
# See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
dnsPolicy: ClusterFirst
# SecurityContext to use for the Velero deployment. Optional.
# Set fsGroup for `AWS IAM Roles for Service Accounts`
# see more informations at: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
podSecurityContext:
runAsUser: 0
# fsGroup: 1337
# Container Level Security Context for the 'restic' container of the restic DaemonSet. Optional.
# See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
containerSecurityContext: {}
# Node selector to use for the Restic daemonset. Optional.
nodeSelector: {}
# Backup schedules to create.
# Eg:
# schedules:
# mybackup:
# disabled: false
# labels:
# myenv: foo
# annotations:
# myenv: foo
# schedule: "0 0 * * *"
# useOwnerReferencesInBackup: false
# template:
# ttl: "240h"
# includedNamespaces:
# - foo
schedules: {}
# Velero ConfigMaps.
# Eg:
# configMaps:
# restic-restore-action-config:
# labels:
# velero.io/plugin-config: ""
# velero.io/restic: RestoreItemAction
# data:
# image: velero/velero-restic-restore-helper:v1.8.0
configMaps: {}