IT Get in touch

Velero: backup and disaster recovery for Kubernetes

Velero (August 2017, Heptio, now VMware) by Andy Goldstein: backup, restore, migration and DR of Kubernetes clusters. Backup of API resources + persistent volumes, cron schedule, S3/GCS/Azure Blob providers. Kubernetes backup standard.

Open Source
Open Source VeleroHeptioVMwareKubernetesBackupDisaster RecoveryOpen Source
Linux Services & Systems

Linux Services & Systems

Domains, hosting, PEC, email infrastructure, network services and Linux systems. Open Source infrastructure support and management.

Discover →

Kubernetes backup: not just volumes

A Kubernetes cluster has two state axes to protect:

  • API resources — Deployments, Services, ConfigMaps, Secrets, CRDs, namespaces
  • Persistent Volumes — application data (databases, files)

Traditional tools (etcdctl snapshot) save etcd but not PVs; cloud-provider snapshots save volumes but not K8s context. A tool is needed that does both and orchestrates a coherent restore.

The release

Velero is published by Heptio (Craig McLuckie, Joe Beda, Kubernetes cofounders) in August 2017 with the original name “Ark”. Written in Go, Apache 2.0 licence.

Features

  • On-demand and scheduled backups (cron)
  • Namespace filtering — selective resource backup
  • Label selector — backup only labelled resources
  • Volume snapshots — via CSI or plugin-specific (AWS EBS, Azure Disk, GCP PD)
  • Restic/Kopia integration — file-level backup when CSI doesn’t support
  • Object storage — S3, GCS, Azure Blob, MinIO-compatible
  • Hooks — pre/post backup for application consistency (e.g. PostgreSQL fsfreeze)
  • Cross-cluster restore — migration between clusters
velero backup create daily-$(date +%Y%m%d) \
  --include-namespaces prod,staging \
  --snapshot-volumes \
  --ttl 720h

Use cases

  • Disaster Recovery — complete restore in new cluster after loss
  • Cluster migration — from on-prem to cloud, from one cloud to another
  • Kubernetes upgrade — pre-upgrade backup for safety
  • Dev/staging refresh — anonymised production clones
  • Compliance — backup retention (GDPR, ISO 27001, healthcare)

Alternatives

  • Kasten K10 (Veeam) — commercial, rich UI
  • Portworx PX-Backup (Pure Storage) — commercial
  • Trilio — enterprise
  • Stash (AppsCode) — similar OSS
  • CSI VolumeSnapshot native — without API resource backup
  • etcdctl snapshot — etcd only, no PV

Plugin ecosystem

Plugins for storage and cloud providers:

  • Official AWS, Azure, GCP
  • vSphere, OpenStack
  • S3-compatible MinIO, Ceph RGW
  • Community plugins for custom backends

In the Italian context

Velero is adopted in:

  • Banks and insurance — mandatory DR for K8s production
  • Digital PA — projects with regulatory backup requirements
  • Digital health — regional FSEs with historical retention
  • Italian hosting providers — multi-client K8s-as-a-Service
  • MSPs — managed backup for K8s clients

Often integrated with on-prem MinIO as S3-compatible backend to avoid cloud egress.

References: Velero (Heptio, August 2017, originally “Ark”). Andy Goldstein. Apache 2.0 licence. Written in Go. Backup API resources + PV. Restic/Kopia integration.

Need support? Under attack? Service Status
Need support? Under attack? Service Status