Credentials - MinIO

Use this if you intend to have Velero store the backup snapshots in MinIO which is an AWS s3 "compatible" object storage. The MinIO access credentials are securely managed in a centralized Vault Server. This configuration utilizes the controller's turnkey integration with Vault and can be made operational in minutes with a simple annotation.

# To fetch MinIO IAM credentials from vault
podAnnotations:
  rafay.dev/secretstore: vault
  vault.secretstore.rafay.dev/role: "km-velero"
  vault.secretstore.rafay.dev/filesecret-config-velero-credentials: |
      {
          "vaultSecretRef": "velero-secrets/data/s3-credentials#data.cloud",
          "secretFileName": "cloud",
          "volumeMountPath": "/credentials"
      }

# Velero plugin to use (since we are backing upto AWS S3 or minio, we are using AWS plugin).
initContainers:
   - name: velero-plugin-for-aws
     image: velero/velero-plugin-for-aws:v1.1.0
     imagePullPolicy: IfNotPresent
     volumeMounts:
       - mountPath: /target
         name: plugins
## Parameters for the `default` BackupStorageLocation and VolumeSnapshotLocation,
## and additional server settings.
##
configuration:
  # Cloud provider being used (e.g. aws, azure, gcp).
  provider: aws

  # Parameters for the `default` BackupStorageLocation. See
  # https://velero.io/docs/v1.0.0/api-types/backupstoragelocation/
  backupStorageLocation:
    # Cloud provider where backups should be stored. Usually should
    # match `configuration.provider`. Required.
    name: aws
    # Provider for the backup storage location. If omitted
    # `configuration.provider` will be used instead.
    provider:
    # Bucket to store backups in. Required.
    bucket: velero-backups
    # Prefix within bucket under which to store backups. Optional.
    prefix:
    # Additional provider-specific configuration. See link above
    # for details of required/optional fields for your provider.
    config:
      region: minio
      s3ForcePathStyle: "true"
      s3Url: "https://km-minio.dev.rafay-edge.net"
      publicUrl: "https://km-minio.dev.rafay-edge.net"


  # Parameters for the `default` VolumeSnapshotLocation. See
  # https://velero.io/docs/v1.0.0/api-types/volumesnapshotlocation/
  volumeSnapshotLocation:
    # Cloud provider where volume snapshots are being taken. Usually
    # should match `configuration.provider`. Required.,
    name: aws
    # Provider for the backup storage location. If omitted
    # `configuration.provider` will be used instead.
    provider:
    # Additional provider-specific configuration. See link above
    # for details of required/optional fields for your provider.
    config:
      region: minio

  # additional key/value pairs to be used as environment variables such as "AWS_CLUSTER_NAME: 'yourcluster.domain.tld'"
  extraEnvVars:
    AWS_SHARED_CREDENTIALS_FILE: /credentials/cloud


serviceAccount:
  server:
    create: true
    name: velero-demo
    annotations:

# Info about the secret to be used by the Velero deployment, which
# should contain credentials for the cloud provider IAM account you've
# set up for Velero.
credentials:
  # Whether a secret should be used as the source of IAM account
  # credentials. Set to false if, for example, using kube2iam or
  # kiam to provide IAM credentials for the Velero pod.
  useSecret: false

# Whether to deploy the restic daemonset for backing up pvc's
deployRestic: true

# Automatic backup of the cluster every hour
schedules:
   mybackup:
     schedule: "0 * * * *"
     template:
       ttl: "240h"
       storageLocation: aws

Important

If you do not have vault setup, AWS/MinIO credentials have to be specified in the following format in custom values.yaml as credentials.secretContents

 cloud: |-
  [default]
  aws_access_key_id: "APIKEY"
  aws_secret_access_key: "SECRETKEY"

---