What Is Velero?
Velero backs up Kubernetes resources and persistent volumes, enabling disaster recovery, cluster migration, and data protection. 9K+ GitHub stars.
What Gets Backed Up
- All Kubernetes resources (Deployments, Services, ConfigMaps, Secrets, CRDs)
- Persistent Volume data (via CSI snapshots or Restic/Kopia)
- Namespace-level or cluster-level backups
- Label-selected subsets
Installation
velero install \
--provider aws \
--plugins velero/velero-plugin-for-aws:v1.10.0 \
--bucket velero-backups \
--backup-location-config region=eu-west-1 \
--snapshot-location-config region=eu-west-1 \
--secret-file ./credentials-velero \
--use-node-agent \
--default-volumes-to-fs-backupScheduled Backups
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: daily-production
namespace: velero
spec:
schedule: "0 2 * * *" # Daily at 2 AM
template:
includedNamespaces:
- production
- payments
- database
storageLocation: default
volumeSnapshotLocations:
- default
ttl: 720h # Retain 30 days
defaultVolumesToFsBackup: true
---
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: hourly-critical
spec:
schedule: "0 * * * *" # Hourly
template:
includedNamespaces:
- database
labelSelector:
matchLabels:
backup: critical
ttl: 168h # Retain 7 daysRestore
# List available backups
velero backup get
# Restore entire namespace
velero restore create --from-backup daily-production-20260605020000
# Restore specific resources only
velero restore create --from-backup daily-production-20260605020000 \
--include-resources deployments,services,configmaps \
--include-namespaces payments
# Restore to different namespace (migration)
velero restore create --from-backup daily-production-20260605020000 \
--namespace-mappings production:stagingCross-Cluster Migration
# Source cluster: create backup
velero backup create migration-backup --include-namespaces app1,app2
# Destination cluster: restore (same object storage configured)
velero restore create --from-backup migration-backupWorks across cloud providers β back up from EKS, restore to GKE.
Backup Strategies
| Strategy | RPO | RTO | Cost |
|---|---|---|---|
| Hourly snapshots | 1h | 15min | Medium |
| Daily full + hourly PV | 1h (data), 24h (config) | 30min | Low |
| Continuous (Kopia) | Minutes | 10min | High |
| Cross-region replication | 1h | 1h (failover) | Medium |
Disaster Recovery Runbook
# 1. Verify backup health
velero backup describe daily-production-latest --details
# 2. If cluster is lost, deploy new cluster
# 3. Install Velero (same object storage config)
velero install --provider aws --bucket velero-backups ...
# 4. Verify backups are visible
velero backup get
# 5. Restore
velero restore create disaster-recovery --from-backup daily-production-latest
# 6. Verify
kubectl get pods -A
velero restore describe disaster-recovery --detailsTesting Restores (Critical!)
# CronJob to test restore weekly
apiVersion: batch/v1
kind: CronJob
metadata:
name: velero-restore-test
spec:
schedule: "0 4 * * 0" # Sunday 4 AM
jobTemplate:
spec:
template:
spec:
containers:
- name: test
image: bitnami/kubectl
command:
- /bin/sh
- -c
- |
velero restore create test-$(date +%s) \
--from-backup daily-production-latest \
--namespace-mappings production:restore-test
sleep 300
kubectl get pods -n restore-test
kubectl delete namespace restore-test
