IT Get in touch

Velero: backup and disaster recovery for Kubernetes

Velero (August 2017, Heptio, now VMware) by Andy Goldstein: backup, restore, migration and DR of Kubernetes clusters. Backup of API resources + persistent volumes, cron schedule, S3/GCS/Azure Blob providers. Kubernetes backup standard.

Open Source
Open Source VeleroHeptioVMwareKubernetesBackupDisaster RecoveryOpen Source
Linux Services & Systems

Linux Services & Systems

Domains, hosting, PEC, email infrastructure, network services and Linux systems. Assistance and management of Open Source infrastructure.

Discover →

Kubernetes backup: not just volumes

A Kubernetes cluster has two state axes to protect:

  • API resources — Deployments, Services, ConfigMaps, Secrets, CRDs, namespaces
  • Persistent Volumes — application data (databases, files)

Traditional tools (etcdctl snapshot) save etcd but not PVs; cloud-provider snapshots save volumes but not K8s context. A tool is needed that does both and orchestrates a coherent restore.

The release

Velero is published by Heptio (Craig McLuckie, Joe Beda, Kubernetes cofounders) in August 2017 with the original name “Ark”. Renamed Velero with the v0.11.0 release on 28 February 2019, after VMware acquired Heptio (December 2018). Written in Go, Apache 2.0 licence.

Features

  • On-demand and scheduled backups (cron)
  • Namespace filtering — selective resource backup
  • Label selector — backup only labelled resources
  • Volume snapshots — via CSI or plugin-specific (AWS EBS, Azure Disk, GCP PD)
  • Restic/Kopia integration — file-level backup when CSI doesn’t support
  • Object storage — S3, GCS, Azure Blob, MinIO-compatible
  • Hooks — pre/post backup for application consistency (e.g. PostgreSQL fsfreeze)
  • Cross-cluster restore — migration between clusters
velero backup create daily-$(date +%Y%m%d) \
  --include-namespaces prod,staging \
  --snapshot-volumes \
  --ttl 720h

Use cases

  • Disaster Recovery — complete restore in new cluster after loss
  • Cluster migration — from on-prem to cloud, from one cloud to another
  • Kubernetes upgrade — pre-upgrade backup for safety
  • Dev/staging refresh — anonymised production clones
  • Compliance — backup retention (GDPR, ISO 27001, healthcare)

Alternatives

  • Kasten K10 (Veeam) — commercial, rich UI
  • Portworx PX-Backup (Pure Storage) — commercial
  • Trilio — enterprise
  • Stash (AppsCode) — similar OSS
  • CSI VolumeSnapshot native — without API resource backup
  • etcdctl snapshot — etcd only, no PV

Plugin ecosystem

Plugins for storage and cloud providers:

  • Official AWS, Azure, GCP
  • vSphere, OpenStack
  • S3-compatible MinIO, Ceph RGW
  • Community plugins for custom backends

In the Italian context

Velero is adopted in:

  • Banks and insurance — mandatory DR for K8s production
  • Digital PA — projects with regulatory backup requirements
  • Digital health — regional FSEs with historical retention
  • Italian hosting providers — multi-client K8s-as-a-Service
  • MSPs — managed backup for K8s clients

Often integrated with on-prem MinIO as S3-compatible backend to avoid cloud egress.

References: Velero (Heptio, August 2017, originally “Ark”). Andy Goldstein. Renamed v0.11.0 on 28 February 2019 (VMware). Apache 2.0 licence. Written in Go. Backup API resources + PV. Restic/Kopia integration.

Need support? Under attack? Service Status
Need support? Under attack? Service Status