How to Back Up and Restore Kubernetes Resources with Velero

How to Back Up and Restore Kubernetes Resources with Velero

Velero is an open-source tool for backing up, restoring, and migrating Kubernetes cluster resources and persistent volumes. It is essential for disaster recovery, cluster migration, and development environment cloning on your Breeze infrastructure.

How Velero Works

Velero runs as a deployment in your cluster and stores backups in object storage (S3-compatible). It can back up:

• All Kubernetes resources (Deployments, Services, ConfigMaps, Secrets, etc.)
• Persistent Volume data via CSI snapshots or Restic/Kopia file-level backups
• Specific namespaces or resource types using label selectors

Installing Velero CLI

curl -LO https://github.com/vmware-tanzu/velero/releases/download/v1.13.0/velero-v1.13.0-linux-amd64.tar.gz
tar xzf velero-v1.13.0-linux-amd64.tar.gz
sudo mv velero-v1.13.0-linux-amd64/velero /usr/local/bin/
velero version

Configuring S3-Compatible Storage

Create a credentials file for your S3-compatible storage provider:

cat <<EOF > /tmp/velero-credentials
[default]
aws_access_key_id=YOUR_ACCESS_KEY
aws_secret_access_key=YOUR_SECRET_KEY
EOF

Installing Velero in the Cluster

velero install \
  --provider aws \
  --plugins velero/velero-plugin-for-aws:v1.9.0 \
  --bucket velero-backups \
  --secret-file /tmp/velero-credentials \
  --backup-location-config region=us-east-1,s3ForcePathStyle=true,s3Url=https://s3.example.com \
  --use-node-agent \
  --default-volumes-to-fs-backup

Verify the installation:

kubectl -n velero get pods
velero backup-location get

Creating a Backup

# Back up everything in the cluster
velero backup create full-cluster-backup

# Back up a specific namespace
velero backup create prod-backup --include-namespaces production

# Back up specific resource types
velero backup create configs-backup --include-resources configmaps,secrets

# Back up with label selector
velero backup create app-backup --selector app=web-app

Scheduling Automatic Backups

# Daily backups retained for 30 days
velero schedule create daily-production \
  --schedule="0 3 * * *" \
  --include-namespaces production \
  --ttl 720h

# Weekly full cluster backup
velero schedule create weekly-full \
  --schedule="0 1 * * 0" \
  --ttl 2160h

Listing and Inspecting Backups

velero backup get
velero backup describe full-cluster-backup
velero backup logs full-cluster-backup

Restoring from a Backup

# Restore everything
velero restore create --from-backup full-cluster-backup

# Restore a specific namespace
velero restore create --from-backup prod-backup --include-namespaces production

# Restore to a different namespace (for testing)
velero restore create --from-backup prod-backup \
  --namespace-mappings production:staging-restore

# Check restore status
velero restore get
velero restore describe <restore-name>

Disaster Recovery Workflow

1. Provision new Breeze instances and bootstrap a fresh Kubernetes cluster with kubeadm
2. Install Velero and point it to the same S3 backup location
3. List available backups with velero backup get
4. Restore the most recent backup
5. Verify all workloads are running and PVCs are bound

Best Practices

• Test restores regularly — a backup you have never restored is not a backup
• Use TTLs to automatically clean up old backups and save Breeze storage costs
• Exclude ephemeral namespaces (like CI/CD runners) from scheduled backups
• Monitor backup status and set up alerts for failures
• Store the S3 credentials securely and rotate them periodically
• Keep the Velero CLI version in sync with the server-side deployment