Use this if you intend to have Velero store the backup snapshots in MinIO which is an AWS s3 "compatible" object storage. The MinIO access credentials are securely managed in a centralized Vault Server. This configuration utilizes the controller's turnkey integration with Vault and can be made operational in minutes with a simple annotation.

# To fetch MinIO IAM credentials from vault
podAnnotations:
  rafay.dev/secretstore: vault
  vault.secretstore.rafay.dev/role: "km-velero"
  vault.secretstore.rafay.dev/filesecret-config-velero-credentials: |
      {
          "vaultSecretRef": "velero-secrets/data/s3-credentials#data.cloud",
          "secretFileName": "cloud",
          "volumeMountPath": "/credentials"
      }

# Velero plugin to use (since we are backing upto AWS S3 or minio, we are using AWS plugin).
initContainers:
   - name: velero-plugin-for-aws
     image: velero/velero-plugin-for-aws:v1.1.0
     imagePullPolicy: IfNotPresent
     volumeMounts:
       - mountPath: /target
         name: plugins
## Parameters for the `default` BackupStorageLocation and VolumeSnapshotLocation,
## and additional server settings.
##
configuration:
  # Cloud provider being used (e.g. aws, azure, gcp).
  provider: aws

  # Parameters for the `default` BackupStorageLocation. See
  # https://velero.io/docs/v1.0.0/api-types/backupstoragelocation/
  backupStorageLocation:
    # Cloud provider where backups should be stored. Usually should
    # match `configuration.provider`. Required.
    name: aws
    # Provider for the backup storage location. If omitted
    # `configuration.provider` will be used instead.
    provider:
    # Bucket to store backups in. Required.
    bucket: velero-backups
    # Prefix within bucket under which to store backups. Optional.
    prefix:
    # Additional provider-specific configuration. See link above
    # for details of required/optional fields for your provider.
    config:
      region: minio
      s3ForcePathStyle: "true"
      s3Url: "https://km-minio.dev.rafay-edge.net"
      publicUrl: "https://km-minio.dev.rafay-edge.net"


  # Parameters for the `default` VolumeSnapshotLocation. See
  # https://velero.io/docs/v1.0.0/api-types/volumesnapshotlocation/
  volumeSnapshotLocation:
    # Cloud provider where volume snapshots are being taken. Usually
    # should match `configuration.provider`. Required.,
    name: aws
    # Provider for the backup storage location. If omitted
    # `configuration.provider` will be used instead.
    provider:
    # Additional provider-specific configuration. See link above
    # for details of required/optional fields for your provider.
    config:
      region: minio

  # additional key/value pairs to be used as environment variables such as "AWS_CLUSTER_NAME: 'yourcluster.domain.tld'"
  extraEnvVars:
    AWS_SHARED_CREDENTIALS_FILE: /credentials/cloud


serviceAccount:
  server:
    create: true
    name: velero-demo
    annotations:

# Info about the secret to be used by the Velero deployment, which
# should contain credentials for the cloud provider IAM account you've
# set up for Velero.
credentials:
  # Whether a secret should be used as the source of IAM account
  # credentials. Set to false if, for example, using kube2iam or
  # kiam to provide IAM credentials for the Velero pod.
  useSecret: false

# Whether to deploy the restic daemonset for backing up pvc's
deployRestic: true

# Automatic backup of the cluster every hour
schedules:
   mybackup:
     schedule: "0 * * * *"
     template:
       ttl: "240h"
       storageLocation: aws

Important

If you do not have vault setup, AWS/MinIO credentials have to be specified in the following format in custom values.yaml as credentials.secretContents

 cloud: |-
  [default]
  aws_access_key_id: "APIKEY"
  aws_secret_access_key: "SECRETKEY"