velero:
  backupsEnabled: true
  snapshotsEnabled: false
  metrics:
    serviceMonitor:
      enabled: true
    prometheusRule:
      enabled: true
      spec:
      - alert: VeleroBackupFailed
        annotations:
          message: Velero backup {{ $labels.schedule }} has failed
        expr: |-
          velero_backup_last_status{schedule!=""} != 1
        for: 15m
        labels:
          severity: warning
      - alert: VeleroBackupFailing
        annotations:
          message: Velero backup {{ $labels.schedule }} has been failing for the last 12h
        expr: |-
          velero_backup_last_status{schedule!=""} != 1
        for: 12h
        labels:
          severity: critical
      - alert: VeleroNoNewBackup
        annotations:
          message: Velero backup {{ $labels.schedule }} has not run successfully in the last 25h
        expr: |-
          (
          (time() - velero_backup_last_successful_timestamp{schedule!=""}) >bool (25 * 3600)
          or
          absent(velero_backup_last_successful_timestamp{schedule!=""})
          ) == 1
        for: 1h
        labels:
          severity: critical
      - alert: VeleroBackupPartialFailures
        annotations:
          message: Velero backup {{ $labels.schedule }} has {{ $value | humanizePercentage }} partialy failed backups
        expr: |-
          rate(velero_backup_partial_failure_total{schedule!=""}[25m])
            / rate(velero_backup_attempt_total{schedule!=""}[25m]) > 0.5
        for: 15m
        labels:
          severity: warning
  configuration:
    backupStorageLocation:
    - name: weyma-truenas
      provider: velero.io/aws
      bucket: weyma-talos-velero
      default: true
      credential:
        name: weyma-truenas-s3-auth
        key: credentials
      config:
        s3Url: "http://10.105.15.20:9000"
        region: minio
        insecureSkipTLSVerify: "true"
  initContainers:
  - name: velero-plugin-for-aws
    image: velero/velero-plugin-for-aws:v1.13.1
    imagePullPolicy: IfNotPresent
    volumeMounts:
      - mountPath: /target
        name: plugins
  deployNodeAgent: true
  configMaps:
    default-storageclass:
      labels:
        velero.io/plugin-config: ""
        velero.io/change-storage-class: RestoreItemAction
      data:
        ceph-block: weyma-shared
  kubectl:
    image:
      tag: "1.33.4"
  extraObjects:
  - apiVersion: external-secrets.io/v1
    kind: ExternalSecret
    metadata:
      name: weyma-truenas-s3-auth
      namespace: velero
    spec:
      refreshInterval: 1h
      secretStoreRef:
        name: weyma-vault
        kind: ClusterSecretStore
      target:
        name: weyma-truenas-s3-auth
        creationPolicy: Owner
      data:
      - secretKey: credentials
        remoteRef:
          key: velero
          property: credentials