There's no variable in values.yaml equivalent to `--node-agent-disable-host-path`

[agusdallalba]

Describe the problem/challenge you have

I'm trying to use Velero for PVC backups.

I already use FluxCD to deploy manifests and keep things updated automatically. I decided to install Velero using the Helm chart because I couldn't find a simpler way to do it with FluxCD. Ideally Helm would provide a minimal manifest bundle that can be applied with a Kustomization, but whatever I could found was years out of date.

I intend to use the CSI data mover to get consistent filesystem backups that can be easily migrated somewhere else if needed.

To use the CSI data mover I need to enable the node agent.

I intend to give the velero service account the least privileges possible. In particular, I'd like the velero namespace to adhere to the baseline pod security standards.

If I want the velero namespace to pass baseline pod security standards, I need to remove the hostPath mounts.

The website actually documents how to do this with the CLI:

Velero built-in data mover doesn't require the host path for pod volumes into Node Agent pods. The installation by default creates it in order to support fs-backup. If you don't use fs-backup and want to remove it from Node Agent, you can specify the --node-agent-disable-host-path flag.

Unfortunately the current version of the Helm chart does not support this:

https://github.com/vmware-tanzu/helm-charts/blob/velero-10.1.2/charts/velero/templates/node-agent-daemonset.yaml#L81-L86

Describe the solution you'd like

• A variable in values.yaml to skip these lines in the node-agent DaemonSet: https://github.com/vmware-tanzu/helm-charts/blob/velero-10.1.2/charts/velero/templates/node-agent-daemonset.yaml#L81-L86
  or
• For the Velero git repository to keep a minimal set of manifests that I can easily patch with a Kustomization to fit my needs.

Environment:

• helm version (use helm version): v3.18.6
• helm chart version and app version (use helm list -n <YOUR NAMESPACE>): not deployed yet
• Kubernetes version (use kubectl version): v1.33.5
• Kubernetes installer & version: Talos v1.10.7
• Cloud provider or hardware configuration: bare metal, single node
• OS (e.g. from /etc/os-release): Talos v1.10.7

Kind regards :)

[fancl20]

Set the flag to true will cause deployment failure:

Helm upgrade failed for release velero/velero with chart velero@11.3.1: failed to create resource: DaemonSet.apps "node-agent" is invalid: [spec.template.spec.containers[0].volumeMounts[1].name: Not found: "host-pods", spec.template.spec.containers[0].volumeMounts[2].name: Not found: "host-plugins"]

volumeMounts also need to be conditional:

          volumeMounts:
            {{- if .Values.credentials.useSecret }}
            - name: cloud-credentials
              mountPath: /credentials
            {{- end }}
            - name: host-pods
              mountPath: /host_pods
              mountPropagation: HostToContainer
            - name: host-plugins
              mountPath: /host_plugins
              mountPropagation: HostToContainer