namespace changes

infrastructure/velero/helmrelease.yaml

@@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: velero
-  namespace: backups
+  namespace: velero
 spec:
   interval: 15m
   releaseName: velero

infrastructure/velero/kustomization.yaml

@@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - namespace.yaml
-#- values.yaml
+- values.yaml
 - helmrelease.yaml

infrastructure/velero/namespace.yaml

@@ -1,4 +1,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: backups
+  name: velero

infrastructure/velero/values.yaml

@@ -1,13 +1,31 @@
-#yes
+configuration:
-env:
+  backupStorageLocation:
-  - name: kimaiAdminEmail
+    - name: default
-    valueFrom:
+      provider: aws
-      secretKeyRef:
+      bucket: test
-        name: kimai-secrets
+      default: true
-        key: kimai-admin-username
+      config:
+        #region: us-east-1
+        s3ForcePathStyle: true
+        s3Url: https://eu2.contabostorage.com/
 
-  - name: kimaiAdminPassword
+  volumeSnapshotLocation:
-    valueFrom:
+    - name: default
-      secretKeyRef:
+      provider: aws
-        name: kimai-secrets
+      config:
-        key: kimai-admin-password
+        #region: us-east-1
+
+credentials:
+  useSecret: true
+  existingSecret: velero-credentials
+
+initContainers:
+  - name: velero-plugin-for-aws
+    image: velero/velero-plugin-for-aws:v1.8.2
+    volumeMounts:
+      - mountPath: /target
+        name: plugins
+
+deployNodeAgent: true
+
+snapshotsEnabled: false

infrastructure/velero/values.yaml.base

@@ -0,0 +1,812 @@
+##
+## Configuration settings related to Velero installation namespace
+##
+
+# Labels settings in namespace
+namespace:
+  labels: {}
+    # Enforce Pod Security Standards with Namespace Labels
+    # https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels/
+    # pod-security.kubernetes.io/enforce: privileged
+    # pod-security.kubernetes.io/enforce-version: latest
+    # pod-security.kubernetes.io/audit: privileged
+    # pod-security.kubernetes.io/audit-version: latest
+    # pod-security.kubernetes.io/warn: privileged
+    # pod-security.kubernetes.io/warn-version: latest
+
+##
+## End of namespace-related settings.
+##
+
+
+##
+## Configuration settings that directly affect the Velero deployment YAML.
+##
+
+# Details of the container image to use in the Velero deployment & daemonset (if
+# enabling node-agent). Required.
+image:
+  repository: docker.io/velero/velero
+  tag: v1.18.0
+  # Digest value example: sha256:73266e6bd7e2fe3f65fb20677d36c4a8df76d417d9ba76bd9932e0d983a776ec.
+  # If used, it will take precedence over the image.tag.
+  # digest:
+  pullPolicy: IfNotPresent
+  # One or more secrets to be used when pulling images
+  imagePullSecrets: []
+  # - registrySecretName
+
+nameOverride: ""
+fullnameOverride: ""
+
+# Annotations to add to the Velero deployment's. Optional.
+#
+# If you are using reloader use the following annotation with your VELERO_SECRET_NAME
+annotations: {}
+# secret.reloader.stakater.com/reload: "<VELERO_SECRET_NAME>"
+
+# Annotations to add to secret
+secretAnnotations: {}
+
+# Labels to add to the Velero deployment's. Optional.
+labels: {}
+
+# Annotations to add to the Velero deployment's pod template. Optional.
+#
+# If using kube2iam or kiam, use the following annotation with your AWS_ACCOUNT_ID
+# and VELERO_ROLE_NAME filled in:
+podAnnotations: {}
+  #  iam.amazonaws.com/role: "arn:aws:iam::<AWS_ACCOUNT_ID>:role/<VELERO_ROLE_NAME>"
+
+# Additional pod labels for Velero deployment's template. Optional
+# ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+podLabels: {}
+
+# Number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10)
+# revisionHistoryLimit: 1
+
+# Resource requests/limits to specify for the Velero deployment.
+# https://velero.io/docs/v1.6/customize-installation/#customize-resource-requests-and-limits
+resources: {}
+  # requests:
+  #   cpu: 500m
+  #   memory: 128Mi
+  # limits:
+  #   cpu: 1000m
+  #   memory: 512Mi
+
+# Container resize policy for the Velero deployment.
+# See: https://kubernetes.io/docs/tasks/configure-pod-container/resize-container-resources/
+resizePolicy: []
+  # - resourceName: cpu
+  #   restartPolicy: NotRequired
+  # - resourceName: memory
+  #   restartPolicy: RestartContainer
+
+# Configure hostAliases for Velero deployment. Optional
+# For more information, check: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/
+hostAliases: []
+  # - ip: "127.0.0.1"
+  #   hostnames:
+  #     - "foo.local"
+  #     - "bar.local"
+
+# Resource requests/limits to specify for the upgradeCRDs job pod. Need to be adjusted by user accordingly.
+upgradeJobResources: {}
+# requests:
+#     cpu: 50m
+#     memory: 128Mi
+#   limits:
+#     cpu: 100m
+#     memory: 256Mi
+upgradeCRDsJob:
+  # Extra volumes for the Upgrade CRDs Job. Optional.
+  extraVolumes: []
+  # Extra volumeMounts for the Upgrade CRDs Job. Optional.
+  extraVolumeMounts: []
+  # Additional values to be used as environment variables. Optional.
+  extraEnvVars: []
+    # Simple value
+    # - name: SIMPLE_VAR
+    #   value: "simple-value"
+
+    # FieldRef example
+    # - name: MY_POD_LABEL
+    #   valueFrom:
+    #     fieldRef:
+    #       fieldPath: metadata.labels['my_label']
+
+  # Configure if API credential for Service Account is automounted.
+  automountServiceAccountToken: true
+  # Configure the shell cmd in case you are using custom image
+  # shellCmd: /tmp/sh
+  # updateCmd: /velero install --crds-only --dry-run -o yaml | /tmp/kubectl apply -f -
+
+# Configure the dnsPolicy of the Velero deployment
+# See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
+dnsPolicy: ClusterFirst
+
+# Init containers to add to the Velero deployment's pod spec. At least one plugin provider image is required.
+# If the value is a string then it is evaluated as a template.
+initContainers:
+  # - name: velero-plugin-for-aws
+  #   image: velero/velero-plugin-for-aws:v1.13.1
+  #   imagePullPolicy: IfNotPresent
+  #   volumeMounts:
+  #     - mountPath: /target
+  #       name: plugins
+
+# SecurityContext to use for the Velero deployment. Optional.
+# Set fsGroup for `AWS IAM Roles for Service Accounts`
+# see more informations at: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
+podSecurityContext: {}
+  # fsGroup: 1337
+
+# Container Level Security Context for the 'velero' container of the Velero deployment. Optional.
+# See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+containerSecurityContext: {}
+  # allowPrivilegeEscalation: false
+  # capabilities:
+  #   drop: ["ALL"]
+  #   add: []
+  # readOnlyRootFilesystem: true
+
+# Container Lifecycle Hooks to use for the Velero deployment. Optional.
+lifecycle: {}
+
+# Pod priority class name to use for the Velero deployment. Optional.
+priorityClassName: ""
+
+# Pod runtime class name to use for the Velero deployment. Optional.
+runtimeClassName: ""
+
+# The number of seconds to allow for graceful termination of the pod. Optional.
+terminationGracePeriodSeconds: 3600
+
+# Liveness probe of the pod
+livenessProbe:
+  httpGet:
+    path: /metrics
+    port: http-monitoring
+    scheme: HTTP
+  initialDelaySeconds: 10
+  periodSeconds: 30
+  timeoutSeconds: 5
+  successThreshold: 1
+  failureThreshold: 5
+
+# Readiness probe of the pod
+readinessProbe:
+  httpGet:
+    path: /metrics
+    port: http-monitoring
+    scheme: HTTP
+  initialDelaySeconds: 10
+  periodSeconds: 30
+  timeoutSeconds: 5
+  successThreshold: 1
+  failureThreshold: 5
+
+# Tolerations to use for the Velero deployment. Optional.
+tolerations: []
+
+# Affinity to use for the Velero deployment. Optional.
+affinity: {}
+
+# Node selector to use for the Velero deployment. Optional.
+nodeSelector: {}
+
+# DNS configuration to use for the Velero deployment. Optional.
+dnsConfig: {}
+
+# Extra volumes for the Velero deployment. Optional.
+extraVolumes: []
+
+# Extra volumeMounts for the Velero deployment. Optional.
+extraVolumeMounts: []
+
+# Extra K8s manifests to deploy
+extraObjects: []
+  # - apiVersion: secrets-store.csi.x-k8s.io/v1
+  #   kind: SecretProviderClass
+  #   metadata:
+  #     name: velero-secrets-store
+  #   spec:
+  #     provider: aws
+  #     parameters:
+  #       objects: |
+  #         - objectName: "velero"
+  #           objectType: "secretsmanager"
+  #           jmesPath:
+  #               - path: "access_key"
+  #                 objectAlias: "access_key"
+  #               - path: "secret_key"
+  #                 objectAlias: "secret_key"
+  #     secretObjects:
+  #       - data:
+  #         - key: access_key
+  #           objectName: client-id
+  #         - key: client-secret
+  #           objectName: client-secret
+  #         secretName: velero-secrets-store
+  #         type: Opaque
+
+# Settings for Velero's prometheus metrics. Enabled by default.
+metrics:
+  enabled: true
+  scrapeInterval: 30s
+  scrapeTimeout: 10s
+
+  # service metdata if metrics are enabled
+  service:
+    annotations: {}
+    type: ClusterIP
+    labels: {}
+    nodePort: null
+
+    # External/Internal traffic policy setting (Cluster, Local)
+    # https://kubernetes.io/docs/reference/networking/virtual-ips/#traffic-policies
+    externalTrafficPolicy: ""
+    internalTrafficPolicy: ""
+
+    # the IP family policy for the metrics Service to be able to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services).
+    ipFamilyPolicy: ""
+    # a list of IP families for the metrics Service that should be supported, in the order in which they should be applied to ClusterIP. Can be "IPv4" and/or "IPv6".
+    ipFamilies: []
+
+  # Pod annotations for Prometheus
+  podAnnotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "8085"
+    prometheus.io/path: "/metrics"
+
+  serviceMonitor:
+    autodetect: true
+    enabled: false
+    annotations: {}
+    additionalLabels: {}
+
+    # metrics.serviceMonitor.metricRelabelings Specify Metric Relabelings to add to the scrape endpoint
+    # ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+    # metricRelabelings: []
+    # metrics.serviceMonitor.relabelings [array] Prometheus relabeling rules
+    # relabelings: []
+    # ServiceMonitor namespace. Default to Velero namespace.
+    # namespace:
+    # ServiceMonitor connection scheme. Defaults to HTTP.
+    # scheme: ""
+    # ServiceMonitor connection tlsConfig. Defaults to {}.
+    # tlsConfig: {}
+  nodeAgentPodMonitor:
+    autodetect: true
+    enabled: false
+    annotations: {}
+    additionalLabels: {}
+    # metrics.nodeAgentPodMonitor.metricRelabelings Specify Metric Relabelings to add to the scrape endpoint
+    # ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+    # metricRelabelings: []
+    # metrics.nodeAgentPodMonitor.relabelings [array] Prometheus relabeling rules
+    # relabelings: []
+    # PodMonitor namespace. Default to Velero namespace.
+    # namespace:
+    # PodMonitor connection scheme. Defaults to HTTP.
+    # scheme: ""
+    # PodMonitor connection tlsConfig. Defaults to {}.
+    # tlsConfig: {}
+
+  prometheusRule:
+    autodetect: true
+    enabled: false
+    # Additional labels to add to deployed PrometheusRule
+    additionalLabels: {}
+    # PrometheusRule namespace. Defaults to Velero namespace.
+    # namespace: ""
+    # Rules to be deployed
+    spec: []
+    # - alert: VeleroBackupFailed
+    #   annotations:
+    #     message: Velero backup {{ $labels.schedule }} has failed
+    #   expr: |-
+    #     velero_backup_last_status{schedule!=""} != 1
+    #   for: 15m
+    #   labels:
+    #     severity: warning
+    # - alert: VeleroBackupFailing
+    #   annotations:
+    #     message: Velero backup {{ $labels.schedule }} has been failing for the last 12h
+    #   expr: |-
+    #     velero_backup_last_status{schedule!=""} != 1
+    #   for: 12h
+    #   labels:
+    #     severity: critical
+    # - alert: VeleroNoNewBackup
+    #   annotations:
+    #     message: Velero backup {{ $labels.schedule }} has not run successfully in the last 25h
+    #   expr: |-
+    #     (
+    #     (time() - velero_backup_last_successful_timestamp{schedule!=""}) >bool (25 * 3600)
+    #     or
+    #     absent(velero_backup_last_successful_timestamp{schedule!=""})
+    #     ) == 1
+    #   for: 1h
+    #   labels:
+    #     severity: critical
+    # - alert: VeleroBackupPartialFailures
+    #   annotations:
+    #     message: Velero backup {{ $labels.schedule }} has {{ $value | humanizePercentage }} partialy failed backups
+    #   expr: |-
+    #     rate(velero_backup_partial_failure_total{schedule!=""}[25m])
+    #       / rate(velero_backup_attempt_total{schedule!=""}[25m]) > 0.5
+    #   for: 15m
+    #   labels:
+    #     severity: warning
+
+kubectl:
+  image:
+    repository: registry.k8s.io/kubectl
+    # Digest value example: sha256:c7bf8cf6e79f474fda2623a7b98572a1b909c4d912b05062b444ffe79883fdbe.
+    # If used, it will take precedence over the kubectl.image.tag.
+    # digest:
+    # kubectl image tag. If used, it will take precedence over the cluster Kubernetes version.
+    # tag: v1.34.5
+  # Container Level Security Context for the 'kubectl' container of the crd jobs. Optional.
+  # See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+  containerSecurityContext: {}
+  # Resource requests/limits to specify for the upgrade/cleanup job. Optional
+  resources: {}
+  # Annotations to set for the upgrade/cleanup job. Optional.
+  annotations: {}
+  # Labels to set for the upgrade/cleanup job. Optional.
+  labels: {}
+  # Extra volumes for the upgrade/cleanup job. Optional.
+  extraVolumes: []
+  # Extra volumeMounts for the upgrade/cleanup job.. Optional.
+  extraVolumeMounts: []
+
+# This job upgrades the CRDs.
+upgradeCRDs: true
+
+# This job is meant primarily for cleaning up CRDs on CI systems.
+# Using this on production systems, especially those that have multiple releases of Velero, will be destructive.
+cleanUpCRDs: false
+
+##
+## End of deployment-related settings.
+##
+
+
+##
+## Parameters for the `default` BackupStorageLocation and VolumeSnapshotLocation,
+## and additional server settings.
+##
+configuration:
+  # Parameters for the BackupStorageLocation(s). Configure multiple by adding other element(s) to the backupStorageLocation slice.
+  # See https://velero.io/docs/v1.6/api-types/backupstoragelocation/
+  backupStorageLocation:
+    # name is the name of the backup storage location where backups should be stored. If a name is not provided,
+    # a backup storage location will be created with the name "default". Optional.
+  - name:
+    # provider is the name for the backup storage location provider.
+    provider: ""
+    # bucket is the name of the bucket to store backups in. Required.
+    bucket: ""
+    # caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider. Optional.
+    caCert:
+    # prefix is the directory under which all Velero data should be stored within the bucket. Optional.
+    prefix:
+    # default indicates this location is the default backup storage location. Optional.
+    default: false
+    # validationFrequency defines how frequently Velero should validate the object storage. Optional.
+    validationFrequency:
+    # accessMode determines if velero can write to this backup storage location. Optional.
+    # default to ReadWrite, ReadOnly is used during migrations and restores.
+    accessMode: ReadWrite
+    credential:
+      # name of the secret used by this backupStorageLocation.
+      name:
+      # name of key that contains the secret data to be used.
+      key:
+    # Additional provider-specific configuration. See link above
+    # for details of required/optional fields for your provider.
+    config: {}
+    #  region:
+    #  s3ForcePathStyle:
+    #  s3Url:
+    #  kmsKeyId:
+    #  resourceGroup:
+    #  The ID of the subscription containing the storage account, if different from the cluster’s subscription. (Azure only)
+    #  subscriptionId:
+    #  storageAccount:
+    #  publicUrl:
+    #  Name of the GCP service account to use for this backup storage location. Specify the
+    #  service account here if you want to use workload identity instead of providing the key file.(GCP only)
+    #  serviceAccount:
+    #  Option to skip certificate validation or not if insecureSkipTLSVerify is set to be true, the client side should set the
+    #  flag. For Velero client Command like velero backup describe, velero backup logs needs to add the flag --insecure-skip-tls-verify
+    #  insecureSkipTLSVerify:
+
+    # annotations allows adding arbitrary annotations to this BackupStorageLocation resource. Optional.
+    annotations: {}
+
+  # Parameters for the VolumeSnapshotLocation(s). Configure multiple by adding other element(s) to the volumeSnapshotLocation slice.
+  # See https://velero.io/docs/v1.6/api-types/volumesnapshotlocation/
+  volumeSnapshotLocation:
+    # name is the name of the volume snapshot location where snapshots are being taken. If a name is not provided,
+    # a volume snapshot location will be created with the name "default". Optional.
+  - name:
+    # provider is the name for the volume snapshot provider.
+    provider: ""
+    credential:
+      # name of the secret used by this volumeSnapshotLocation.
+      name:
+      # name of key that contains the secret data to be used.
+      key:
+    # Additional provider-specific configuration. See link above
+    # for details of required/optional fields for your provider.
+    config: {}
+  #    region:
+  #    apiTimeout:
+  #    resourceGroup:
+  #    The ID of the subscription where volume snapshots should be stored, if different from the cluster’s subscription. If specified, also requires `configuration.volumeSnapshotLocation.config.resourceGroup`to be set. (Azure only)
+  #    subscriptionId:
+  #    incremental:
+  #    snapshotLocation:
+  #    project:
+
+    # annotations allows adding arbitrary annotations to this VolumeSnapshotLocation resource. Optional.
+    annotations: {}
+
+  # These are server-level settings passed as CLI flags to the `velero server` command. Velero
+  # uses default values if they're not passed in, so they only need to be explicitly specified
+  # here if using a non-default value. The `velero server` default values are shown in the
+  # comments below.
+  # --------------------
+  # `velero server` default: kopia
+  uploaderType:
+  # `velero server` default: 1m
+  backupSyncPeriod:
+  # `velero server` default: 4h
+  fsBackupTimeout:
+  # `velero server` default: 30
+  clientBurst:
+  # `velero server` default: 500
+  clientPageSize:
+  # `velero server` default: 20.0
+  clientQPS:
+  # Name of the default backup storage location. Default: default
+  defaultBackupStorageLocation:
+  # The default duration any single item operation can take before timing out, especially important for large volume schedules. Default 4h
+  defaultItemOperationTimeout:
+  # How long to wait by default before backups can be garbage collected. Default: 72h
+  defaultBackupTTL:
+  # Name of the default volume snapshot location.
+  defaultVolumeSnapshotLocations:
+  # `velero server` default: empty
+  disableControllers:
+  # `velero server` default: false
+  disableInformerCache: false
+  # `velero server` default: 1h
+  garbageCollectionFrequency:
+  # `velero server` default: 1
+  itemBlockWorkerCount:
+  # Set log-format for Velero pod. Default: text. Other option: json.
+  logFormat:
+  # Set log-level for Velero pod. Default: info. Other options: debug, warning, error, fatal, panic.
+  logLevel:
+  # The address to expose prometheus metrics. Default: :8085
+  metricsAddress:
+  # Directory containing Velero plugins. Default: /plugins
+  pluginDir:
+  # The address to expose the pprof profiler. Default: localhost:6060
+  profilerAddress:
+  # `velero server` default: false
+  restoreOnlyMode:
+  # `velero server` default: customresourcedefinitions,namespaces,storageclasses,volumesnapshotclass.snapshot.storage.k8s.io,volumesnapshotcontents.snapshot.storage.k8s.io,volumesnapshots.snapshot.storage.k8s.io,persistentvolumes,persistentvolumeclaims,secrets,configmaps,serviceaccounts,limitranges,pods,replicasets.apps,clusterclasses.cluster.x-k8s.io,clusters.cluster.x-k8s.io,clusterresourcesets.addons.cluster.x-k8s.io
+  restoreResourcePriorities:
+  # `velero server` default: 1m
+  storeValidationFrequency:
+  # How long to wait on persistent volumes and namespaces to terminate during a restore before timing out. Default: 10m
+  terminatingResourceTimeout:
+  # Bool flag to configure Velero server to move data by default for all snapshots supporting data movement. Default: false
+  defaultSnapshotMoveData:
+  # Comma separated list of velero feature flags. default: empty
+  # features: EnableCSI
+  features:
+  # Configures the timeout for provisioning the volume created from the CSI snapshot. Default: 30m
+  dataMoverPrepareTimeout:
+  # Resource requests/limits to specify for the repository-maintenance job. Optional.
+  # https://velero.io/docs/v1.14/repository-maintenance/#resource-limitation
+  repositoryMaintenanceJob:
+    # Per-repository resource settings ConfigMap
+    # This ConfigMap allows specifying different settings for different repositories
+    # See: https://velero.io/docs/main/repository-maintenance/
+    repositoryConfigData:
+      # Name of the ConfigMap to create. If not provided, will use "velero-repo-maintenance"
+      name: "velero-repo-maintenance"
+      # Global configuration applied to all repositories
+      # This configuration is used when no specific repository configuration is found
+      # global:
+      #   podResources:
+      #     cpuRequest: "100m"
+      #     cpuLimit: "200m"
+      #     memoryRequest: "100Mi"
+      #     memoryLimit: "200Mi"
+      #   keepLatestMaintenanceJobs: 1
+      #   loadAffinity:
+      #     - nodeSelector:
+      #         matchExpressions:
+      #           - key: "cloud.google.com/machine-family"
+      #             operator: "In"
+      #             values: ["e2"]
+      #     - nodeSelector:
+      #         matchExpressions:
+      #           - key: "topology.kubernetes.io/zone"
+      #             operator: "In"
+      #             values: ["us-central1-a", "us-central1-b", "us-central1-c"]
+      #   priorityClassName: "low-priority"  # Note: priorityClassName is only supported in global configuration
+      global:
+        keepLatestMaintenanceJobs: 3
+      # Repository-specific configurations
+      # Repository keys are formed as: "{namespace}-{storageLocation}-{repositoryType}"
+      # For example: "default-default-kopia" or "prod-s3-backup-kopia"
+      # Note: priorityClassName is NOT supported in repository-specific configurations
+      # repositories:
+      #   "kibishii-default-kopia":
+      #     podResources:
+      #       cpuRequest: "200m"
+      #       cpuLimit: "400m"
+      #       memoryRequest: "200Mi"
+      #       memoryLimit: "400Mi"
+      #     keepLatestMaintenanceJobs: 2
+      repositories: {}
+  # `velero server` default: velero
+  namespace:
+  # additional command-line arguments that will be passed to the `velero server`
+  # e.g.: extraArgs: ["--foo=bar"]
+  extraArgs: []
+
+  # Additional values to be used as environment variables. Optional.
+  extraEnvVars: []
+    # Simple value
+    # - name: SIMPLE_VAR
+    #   value: "simple-value"
+
+    # FieldRef example
+    # - name: MY_POD_LABEL
+    #   valueFrom:
+    #     fieldRef:
+    #       fieldPath: metadata.labels['my_label']
+
+  # Set true for backup all pod volumes without having to apply annotation on the pod when used file system backup Default: false.
+  defaultVolumesToFsBackup:
+
+  # How often repository maintain is run for repositories by default.
+  defaultRepoMaintainFrequency:
+
+##
+## End of backup/snapshot location settings.
+##
+
+
+##
+## Settings for additional Velero resources.
+##
+
+rbac:
+  # Whether to create the Velero role and role binding to give all permissions to the namespace to Velero.
+  create: true
+  # Whether to create the cluster role binding to give administrator permissions to Velero
+  clusterAdministrator: true
+  # Name of the ClusterRole.
+  clusterAdministratorName: cluster-admin
+
+# Information about the Kubernetes service account Velero uses.
+serviceAccount:
+  server:
+    create: true
+    name:
+    annotations:
+    labels:
+    imagePullSecrets: []
+    # - registrySecretName
+    # Configure if API credential for Service Account is automounted.
+    automountServiceAccountToken: true
+
+# Info about the secret to be used by the Velero deployment, which
+# should contain credentials for the cloud provider IAM account you've
+# set up for Velero.
+credentials:
+  # Whether a secret should be used. Set to false if, for examples:
+  # - using kube2iam or kiam to provide AWS IAM credentials instead of providing the key file. (AWS only)
+  # - using workload identity instead of providing the key file. (Azure/GCP only)
+  useSecret: true
+  # Name of the secret to create if `useSecret` is true and `existingSecret` is empty
+  name:
+  # Name of a pre-existing secret (if any) in the Velero namespace
+  # that should be used to get IAM account credentials. Optional.
+  existingSecret:
+  # Data to be stored in the Velero secret, if `useSecret` is true and `existingSecret` is empty.
+  # As of the current Velero release, Velero only uses one secret key/value at a time.
+  # The key must be named `cloud`, and the value corresponds to the entire content of your IAM credentials file.
+  # Note that the format will be different for different providers, please check their documentation.
+  # Here is a list of documentation for plugins maintained by the Velero team:
+  # [AWS] https://github.com/vmware-tanzu/velero-plugin-for-aws/blob/main/README.md
+  # [GCP] https://github.com/vmware-tanzu/velero-plugin-for-gcp/blob/main/README.md
+  # [Azure] https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure/blob/main/README.md
+  secretContents: {}
+  #  cloud: |
+  #    [default]
+  #    aws_access_key_id=<REDACTED>
+  #    aws_secret_access_key=<REDACTED>
+  # additional key/value pairs to be used as environment variables such as "DIGITALOCEAN_TOKEN: <your-key>". Values will be stored in the secret.
+  extraEnvVars: {}
+  # Name of a pre-existing secret (if any) in the Velero namespace
+  # that will be used to load environment variables into velero and node-agent.
+  # Secret should be in format - https://kubernetes.io/docs/concepts/configuration/secret/#use-case-as-container-environment-variables
+  extraSecretRef: ""
+
+# Whether to create backupstoragelocation crd, if false => do not create a default backup location
+backupsEnabled: true
+# Whether to create volumesnapshotlocation crd, if false => disable snapshot feature
+snapshotsEnabled: true
+
+# Whether to deploy the node-agent daemonset.
+deployNodeAgent: false
+
+nodeAgent:
+  # Disables Host Path volumes for node-agent.
+  disableHostPath: false
+  podVolumePath: /var/lib/kubelet/pods
+  pluginVolumePath: /var/lib/kubelet/plugins
+  # Pod priority class name to use for the node-agent daemonset. Optional.
+  priorityClassName: ""
+  # Pod runtime class name to use for the node-agent daemonset. Optional.
+  runtimeClassName: ""
+  # Resource requests/limits to specify for the node-agent daemonset deployment. Optional.
+  # https://velero.io/docs/v1.6/customize-installation/#customize-resource-requests-and-limits
+  resources: {}
+    # requests:
+    #   cpu: 500m
+    #   memory: 512Mi
+    # limits:
+    #   cpu: 1000m
+    #   memory: 1024Mi
+  # Container resize policy for the node-agent daemonset.
+  # See: https://kubernetes.io/docs/tasks/configure-pod-container/resize-container-resources/
+  resizePolicy: []
+    # - resourceName: cpu
+    #   restartPolicy: NotRequired
+    # - resourceName: memory
+    #   restartPolicy: RestartContainer
+
+  # Tolerations to use for the node-agent daemonset. Optional.
+  tolerations: []
+
+  # Annotations to set for the node-agent daemonset. Optional.
+  annotations: {}
+
+  # labels to set for the node-agent daemonset. Optional.
+  labels: {}
+
+  # Additional pod labels for the node-agent daemonset. Optional
+  # ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+  podLabels: {}
+
+  # will map /scratch to emptyDir. Set to false and specify your own volume
+  # via extraVolumes and extraVolumeMounts that maps to /scratch
+  # if you don't want to use emptyDir.
+  useScratchEmptyDir: true
+
+  # Extra volumes for the node-agent daemonset. Optional.
+  extraVolumes: []
+
+  # Extra volumeMounts for the node-agent daemonset. Optional.
+  extraVolumeMounts: []
+
+  # Additional values to be used as environment variables for node-agent daemonset. Optional.
+  extraEnvVars: []
+    # Simple key/value
+    # - name: SIMPLE_VAR
+    #   value: "simple-value"
+
+    # FieldRef example
+    # - name: MY_POD_LABEL
+    #   valueFrom:
+    #     fieldRef:
+    #       fieldPath: metadata.labels['my_label']
+
+  # Additional command-line arguments that will be passed to the node-agent. Optional.
+  # e.g.: extraArgs: ["--foo=bar"]
+  extraArgs: []
+
+  # Configure the dnsPolicy of the node-agent daemonset
+  # See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
+  dnsPolicy: ClusterFirst
+
+  # Configure hostAliases for node-agent daemonset. Optional
+  # For more information, check: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/
+  hostAliases: []
+    # - ip: "127.0.0.1"
+    #   hostnames:
+    #   - "foo.local"
+    #   - "bar.local"
+
+  # SecurityContext to use for the Velero deployment. Optional.
+  # Set fsGroup for `AWS IAM Roles for Service Accounts`
+  # see more informations at: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
+  podSecurityContext:
+    runAsUser: 0
+    # fsGroup: 1337
+
+  # Container Level Security Context for the 'node-agent' container of the node-agent daemonset. Optional.
+  # See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+  containerSecurityContext: {}
+
+  # Container Lifecycle Hooks to use for the node-agent daemonset. Optional.
+  lifecycle: {}
+
+  # Node selector to use for the node-agent daemonset. Optional.
+  nodeSelector: {}
+
+  # Affinity to use with node-agent daemonset. Optional.
+  affinity: {}
+
+  # DNS configuration to use for the node-agent daemonset. Optional.
+  dnsConfig: {}
+
+  # Update strategy to use for the node-agent daemonset. Optional.
+  updateStrategy: {}
+
+# Backup schedules to create.
+# Eg:
+# schedules:
+#   mybackup:
+#     disabled: false
+#     labels:
+#       myenv: foo
+#     annotations:
+#       myenv: foo
+#     schedule: "0 0 * * *"
+#     useOwnerReferencesInBackup: false
+#     paused: false
+#     skipImmediately: false
+#     template:
+#       ttl: "240h"
+#       storageLocation: default
+#       includedNamespaces:
+#       - foo
+#       # See: https://velero.io/docs/v1.14/resource-filtering/#excludes
+#       excludedNamespaceScopedResources:
+#       - persistentVolumeClaims
+#       excludedClusterScopedResources:
+#       - persistentVolumes
+schedules: {}
+
+# Velero ConfigMaps.
+# Eg:
+# configMaps:
+    # See: https://velero.io/docs/v1.11/file-system-backup/
+#   fs-restore-action-config:
+#     labels:
+#       velero.io/plugin-config: ""
+#       velero.io/pod-volume-restore: RestoreItemAction
+#     data:
+#       image: velero/velero:v1.17.1
+#       cpuRequest: 200m
+#       memRequest: 128Mi
+#       cpuLimit: 200m
+#       memLimit: 128Mi
+#       secCtx: |
+#         capabilities:
+#           drop:
+#           - ALL
+#           add: []
+#         allowPrivilegeEscalation: false
+#         readOnlyRootFilesystem: true
+#         runAsUser: 1001
+#         runAsGroup: 999
+configMaps: {}
+
+##
+## End of additional Velero resource settings.
+##